On the 25th of November, a crypto enthusiast, Alex Valaitis, took to his Twitter page to talk about a concerning trend of crypto projects diminishing privacy policies.
Recently there's been a concerning trend of "blue chip" crypto projects diminishing user privacy.
First it was @Uniswap, now it's @MetaMask.
Here's everything you need to know 🧵 pic.twitter.com/axPsz1vCVh
— Alex Valaitis (@alex_valaitis) November 25, 2022
Uniswap has come up with innovations and features, such as the AMM feature, and they are expanding their offerings. But in recent times, some unsettling changes regarding their privacy policy have erupted.
Initially, the privacy policy stated that users could utilize publicly available blockchain data, which seemed reasonable to a large extent. The problem creeps in when they hint that they go on gathering information using local storage and other technologies such as cookies, mobile device IDs, web beacons, and many more.
Although they claim this tracking process is geared towards improving the user experience, there seems to be a counter-policy that states that Uniswap may share a user’s data during litigation, court proceedings, a court order, or some other legal procedure. This comes not long after Uniswap blacklisted 253 addresses connected to Tornadocash.
Uniswap’s CEO released a disclaimer saying that they do not collect or store personal data such as email addresses, first and last names, dates of birth, street addresses, or IP addresses.
He further mentioned that they recently released a reverse proxy server that prevents third-party tools from gaining access to user data, serving as an extra layer of protection.
Despite this, a different user claims that even with a reverse proxy server, Uniswap’s integration may violate user privacy.
He says that just by loading the Uniswap frontend with a connected wallet, the JavaScript sends personal info like users’ wallet addresses, wallet balances, and wallet types to the Amplitude server using their API.
The news that Metamask was also invading user privacy came just a few days after the Uniswap news. MetaMask owner Consensys stated that users leveraging Infura as their RPC provider would have every available piece of data except a DNA sample collected. Data like the Ethereum wallet address and IP address would be collected for each transaction.
According to Alex Valaitis, US regulators likely pressured both companies to implement these updates, especially since they’re both US-based companies. In his opinion, the recent events highlight the need for technologies that preserve privacy.
He finally added that while blockchains are transparent, their transparency should not pose a risk to their censorship resistance and permissionless nature. Users expect more research regarding the privacy policies of some other blockchains, as he promised to do over the coming months.