MetaMask privacy updates: What users should know

    19 Jun 2024

    Consensys, the company behind MetaMask, has updated its privacy policy to improve user consent, transparency and control of their personal data.

    According to a press release shared with Cointelegraph, the changes aim to apply greater privacy and security measures for users of Consensys’ services, including MetaMask.

    “As a blockchain software company whose mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on, we understand how much privacy matters.“

    Key changes

    Consensys made several significant updates to its privacy policy, granting internet protocol (IP) address processing transparency, expanding its scope and improving user data management.

    “For IP addresses in particular, we may temporarily process your IP address only where required for some of our Services (depending on your MetaMask settings) to provide the best possible experience for MetaMask users. This includes, for example, the prevention of DDoS attacks.”

    The privacy notice now covers MetaMask Institutional, MetaMask Developer, Linea, Teku, Besu and Phosphor and includes new opt-out functionality for users who value privacy.

    “If users wish to further limit the collection of their device and usage information, users could consider the use of virtual private networks, or ‘VPNs.’”

    A person familiar with the matter at Consensys spoke with Cointelegraph about the protocol for IP address handling in the event of a data breach. They said:

    “[…] In the event of a data breach, IP addresses will be handled in the same way as any other category of personal data: our Security team will act to contain the incident immediately, and we will comply with any notification obligations related to the incident.”

    New MetaMask privacy features

    MetaMask, as part of Consensys’ services, has introduced new user control and privacy features, allowing users to configure their wallets according to their privacy preferences.

    “We have continued to expand the range of features where we provide granular choice through advanced settings that users can access and configure from the moment they onboard, and at any point thereafter.”

    The new features include disabling or enabling security alerts, auto-detection of tokens and non-fungible tokens (NFTs) and improved remote procedure call (RPC) configuration.

    On the topic of third-party service compliance with privacy standards, someone familiar with the matter at Consensys told Cointelegraph:

    “Users have the ability to toggle those settings off to limit data sharing […] We also ensure that we put in place a data processing agreement with third-party service providers as required by law when processing personal data.”

    Mask on…mask off

    In addition to the new MetaMask features, the company’s privacy notice also included a transparent summary of what the firm does and does not do with “MetaMask user information.”

    “[MetaMask] do not collect your private keys […] do not sell your personal information […] do not collect or retain Personal Information unless necessary to provide you the Services and […] do not collect financial payment or banking information.”

    Consensys also clarified that the firm had removed Codefi and Quorum from the scope of the privacy notice.


    Leave a Reply

    Your email address will not be published. Required fields are marked *