Through a recent Twitter thread, a developer announced he had forked Metamask to upgrade its privacy protection. According to the developer, a complete list of all the addresses inside MM is normally sent to a server (your RPC) as soon as the extension is unlocked. The server may then utilize it to connect all of a user’s addresses, ensuring that if one is doxxed, they are all doxxed.
Infura, a business owned by the parent firm of Metamask that recently modified its privacy policy to start keeping requests and IP addresses, is the server that this is transmitted to by default. However, changing this server to use the default eth network is complex because of Metamask.
All of this poses a severe danger to privacy according to the developer. They also affirm that having never exchanged money between any of one’s addresses doesn’t guarantee one protection from being doxxed. Not just Infura or Ethereum RPCs are affected. Any chain that one has ever linked will have received these address bundles.
How can this be stopped?
Using a VPN or switching to a different RPC provider is not the solution to this problem. The recommended action is to run local nodes for each network one wishes to communicate with and modify RPC URLs to them as per the update statement.
RPCs and Infura can connect all of one’s addresses using Metamask. Thus the new update is forked and built to fix these privacy holes. Requests will no longer be sent to all addresses in MM. Additionally, when connected, an HW no longer discloses all of its lessons. It is also now possible to alter the default Ethereum network’s RPC.
Metamask is doing its best to improve the ecosystem.
Metamask, just recently, announced a new development, Mobymask, to improve its security. Intending to defend users against phishing actively, MobyMask was meant to source phishing reports from a dynamic web of trust.
The Mobymask update lowers the price at which a person or business may host a reliable copy of the MobyMask anti-phishing registry. A more straightforward method for anybody to self-host offers a lightweight server process from which online services like MetaMask, WalletGuard, and Phishfort may start getting their MobyMask phishing detection data. These two updates are a significant upgrade to the ecosystem as the firm looks to firmly establish itself in its space.
