MetaMask could be affecting users’ privacy with a service that has not been enabled by default by the wallet. According to a recent report released by The Next Web (TNW), MetaMask provides the information of your wallet to the sites you visit.
This could lead to the site knowing your identity and the identity of those who transacted with you. However, it is possible to solve this issue.
MetaMask Builds New Privacy Mode to Protect Users’ Data
MetaMask is a gateway to decentralized applications (dApps) that run on the Ethereum (ETH) blockchain. At the same time, it is possible to receive, send and store ERC-20 tokens in a very straightforward way. As MetaMask is a browser extension that simplifies the use of digital assets, it is very useful and easy to use for newcomers.
The new privacy mode helps users hide their Ethereum addresses to the sites they visit when MetaMask is in use. The address usually sends “message broadcasts” in the site it operates, thus some firms know the information about a users’ wallet.
A community member has recently raised concerns about it on GitHub. He said that without the privacy mode enabled, Ethereum addresses can be detected by trackers when a user is browsing the web.
For example, sites like Amazon, Google, PayPal and many others can link a blockchain address with credit card payments. That means that it might be possible to have the identity of the MetaMask user and the last persons the individual transacted with.
As per this user, MeaMask’s use of message broadcasts means that the address of the users can be provided to ads and trackers on Google+ like buttons, Facebook like buttons, Twitter retweets, and more.
Dan Finlay, the lead developer of MetaMask, commented about this issue:
“We haven’t enabled this by default yet, because it would break previous dapp behaviour, and we realized if we add the manual ability for users to ‘log in’ to legacy applications, we can add this privacy feature without breaking older sites. PostMessage does expose the messages to all elements within a signed-in iFrame, and that could be more private.”
At the moment, there is no clear timeline for this implementation to be rolled out, since it is sometimes difficult for developers to find a good solution for this issue. He said that they will be enabling privacy mode by default in the short term. They accept that there has been a lot of criticism on this issue and they take it seriously.
Users that want to ensure that MetaMask has enabled the privacy mode have to follow the next steps:
- Click the MetaMask fox head in the right corner of the browser
- Click the cartoon globe in the right corner of the window
- Click “Settings”
- Scroll Down to See the “Privacy Mode.”
After this, users will be able to surf the web without having to be worried that their data is being shared with other third parties or companies that could link it with an identity.