MetaMask is a popular wallet from Ethereum and has been broadcasting Ethereum users’ wallets to the websites that they go to. This is allowing third parties to see their Ethereum addresses and potentially link them to their browsing activity.
According to a recently raised problem on GitHub, the Ethereum wallet has a built-in privacy mode that could prevent this from occurring. Although the user needs to manually activate before anything happens but if it isn’t enabled then it will send websites “message broadcasts.”
These have raised concerns as “any advertisement, or tracker” can detect MetaMask users’ Ethereum addresses through them and potentially link the address to the users’ browsing history which could obviously compromise anonymity.
The user who created the GitHub problem explained saying:
“It sacrifices the privacy of everyone in the system because sites like Amazon, Google, PayPal, and others can link your blockchain transactions to credit card payments, thereby your identity, and the identity of the last person you transacted with – a person who wants to remain anonymous.”
For those that don’t know, MetaMask is quite a popular browser extension that gives users access to decentralised applications not the web and has installed more than a million times on Google Chrome and is available for Brave, Mozilla Firefox and Opera.
Testing the wallet’s default settings, The Next Web managed to confirm third-party trackers that might be able to detect these message broadcasts which can be relayed to ads and trackers like “Google+ like buttons, Facebook like buttons, Twitter retweeters, etc.”
Dan Finlay is the leading developers who have made a response to the concerned user, saying that by enabling privacy mode by default could harm dApps that rely on Ethereum address requests made without. Finlay explained that:
“You’re right, we haven’t enabled this by default yet, because it would break previous dapp behavior, and we realized if we add the manual ability for users to ‘log in’ to legacy applications, we can add this privacy feature without breaking older sites.”
Furthermore, he highlighted that even though developers need to enable privacy mode by default, it isn’t yet clear when that will happen. In order to enable it themselves, users will have to go into MetaMask’s settings to toggle the privacy mode slider.