ConsenSys, a company responsible for popular crypto services such as MetaMask wallet and Infura infrastructure, has started gathering users’ IP and Ethereum wallet addresses.
On November 23, the company updated its privacy policies and informed users that MetaMask would collect the personal information of those who use Infura as the default RPC (Remote Procedure Call) provider.
The company also will be collecting account names and passwords, as well as financial information, including asset holdings, financial account numbers, and routing information (MetaMask enables crypto purchases with Visa and Mastercard).
However, ConsenSys explained that when a user is running their own Ethereum node or using an RPC provider other than Infura or MetaMask, the IP address or wallet address of the user won’t be collected.
Infura serves as the primary node of the Ethereum system that connects dApps to the Ethereum network via APIs and other tools. Since its inception, its popularity has been a sore point for DeFi enthusiasts.
An acquisition of Infura by ConsenSys happened at the end of 2019. Several Web3 apps, such as MetaMask, use Infura by default. MetaMask is a self-custodial cryptocurrency wallet that enables over 21 million users each month to interact with Ethereum-based dApps.
ConsenSys’ announcement follows that of the decentralized exchange Uniswap, which recently disclosed that the exchange records user information on the blockchain to enhance the customer experience.
Even so, the overt declaration of collecting personal information has riled privacy-conscious cryptocurrency users, prompting many to wonder if Web3 differs from Web2 in terms of how data is collected.
Online privacy advocates call for the minimization of online footprints and a massive reduction in sensitive data sharing with ISPs.
While ConsenSys hasn’t explained why the company made this decision, some speculate it might have been due to regulatory requirements. Following US sanctions on cryptocurrency tumbler Tornado Cash in August, Infura removed the crypto service from its list of clients.
Daniele Servadei, CEO of merchant tool startup Sellix, said ConsenSys must keep data to comply with the EU’s General Data Protection Regulation (GDPR), or it will be fined heavily.
“This news just shows how important it is to have a personal node for the crypto you want to use and why centralized services are bad,” he said.
Alternatives to Infura Gain Popularity
The industry became concerned that ConsenSys wouldn’t be able to protect the data it collects responsibly. According to Rashid Ali, CEO of Exarta, “Looking at the breaches happening every year, is data ever really safe with a centralized organization?”
At the moment, there are alternatives to Infura that do not seem to gather the personal data of their users.
ConsenSys’ update triggered a leap of 23% for Ankr, a decentralized infrastructure platform. A second option is Alchemy, which does not have a token. It was expected that the MetaMask team would release one soon, but so far, that has not happened.
Regardless, these aren’t the first complaints about ConsenSys and MetaMask being anti-privacy.
It was revealed in March 2019 that MetaMask keeps the “privacy mode” disabled by default. While the mode was inactive, the MetaMask web browser transmitted Ethereum wallet addresses to all websites that the user visited, along with all third-party trackers.
If it were enabled by default, it would have damaged older dApps, the company said back then. About several months after that, privacy mode became standard.