Apparently, there is a setting that is disabled in MetaMask which exposes the privacy of user information to potential attacks.
MetaMask is a gateway to DApps built on the Ethereum blockchain network. It is a browser extension whose objective is to simplify the use of Ethereum, which is quite unfamiliar to beginners. The service is hugely popular and has over a million downloads on Google’s Chrome web browser.
Last year, MetaMask introduced a new feature called the ‘privacy mode.’ The feature was added to prevent users from inadvertently broadcasting their Ethereum addresses to the websites they visit while MetaMask is active. These signals are identified as ‘message broadcasts.’
Now, a user has discovered that MetaMask shares the ‘message broadcasts’ with other online platforms because the privacy mode is disabled by default. The user added that the extension compromises the privacy of its clients because web services such as PayPal, Google and Amazon can easily link blockchain transactions to credit card payments.
This contradicts one of the key principles of using blockchain technology – the anonymity of users.
Essentially, MetaMask shares the private keys of its users to web trackers such as social media buttons found on many websites. There are many more implications of sharing users’ data other compromising privacy. For instance, the private keys might be shared with unpopular DApps which can be a nuisance to the affected user.
MetaMask has acknowledged the existence of this problem. However, Dan Finlay, a lead developer at MetaMask, said that the privacy mode is disabled by default because it makes the platform incompatible with older DApps that use older and unsafe methods when requesting for Ethereum addresses.
Additionally, Finlay mentioned that they have discovered that adding the feature that allows users to manual login into older DApps will allow the activation of the privacy mode. He also said that the platform is working to enable the privacy mode by default, although he didn’t issue a definitive date for it.
Finlay concluded by accepting that they have slow to react to the concerns over the issue of message broadcasts. Further, he stated that they will offer a backward compatibility functionality for users who wish to enable message broadcasts.
To enable the privacy mode;
- Open MetaMask by clicking its icon on the top-right of the web browser.
- Go to Settings.
- Scroll down to the ‘Privacy Mode’. Adjust the slider to the right.