This was concerning for a lot of Metamask users who used to believe that their identity was completely hidden while using the wallet. However, the change in the policy should not come as a shock to those who are aware of how RPC works. Though, what’s concerning is if Metamask actually “stores” that data.
What’s RPC and why does it matter?
RPC stands for ‘remote procedure call’. This means that Infura takes requests from Metamask (or other software products that use it) and returns answers to those requests. For context, Infura is a set of APIs and on-chain services that act as a gateway to the Ethereum blockchain, allowing dApps to interact with decentralised networks without running a full node.
Let's say a user asks Metamask to get information on their wallet balance, this request is then passed to Infura who indexes that query and returns back the balance. To route back this information, the RPC provider (Infura) needs to know the IP address of the wallet to where the information has to be routed.
In an early Dec 2022 update, Metamask provided clarity on the situation.
- They do not store wallet account address information when a MetaMask user makes a “read” request through Infura. Like a request to check balance.
- They collect wallet and IP address information in connection with “write” requests, also known as transactions. The purpose of this collection is to ensure successful transaction propagation, execution, and other important service functionality such as load balancing and DDoS protection, as provided by Infura.
- IP addresses and wallet address data relating to a transaction are not stored together.
- They retain and delete user data such as IP address and wallet address. They are working on narrowing retention to 7 days.
- The company also clarified that it has never and will never sell any user data it collects.
Another important thing to note is that Metamask users have the option to change their RPC provider to a custom one ANYTIME. This means that if users don’t trust Infura then they can use Alchemy, Quicknode, or even connect their wallets to their own blockchain node.
What’s The Takeaway Here?
The concerning bit here is that currently, users cannot functionally "just use their own RPC" to avoid data leaking. This is because MetaMask doesn't allow setting the RPC until after the account setup is complete, and you cannot remove the default Infura endpoints which makes it very easy to accidentally leak data to Infura.
In response to this concern, Metamask has been prompt in introducing updates that will allow users to change the RPC provider before setting up their wallets. The update rolls out this week, and the information on the same can be found here: https://github.com/MetaMask/metamask-extension/issues/16696
The team has also opened an issue on GitHub, which when implemented, will prevent Metamask from making automatic RPC calls for balance updates. This would give users the option to opt-in for manual balance refreshing mode.
Don’t chuck that VPN subscription
The Metamask team understands that it caters to a wider audience and it acknowledges that even though most users desire better UX, some desire privacy over everything else. By giving user’s more flexibility and the option to opt out of their offerings, it suggests that the team supports maximum user agency.
While Metamask has proved its loyalty to the users, it is still always recommended to use VPN to make your identity untraceable. It is important to understand that true self-custody is achieved when no one can block your assets from any source possible, and that also includes location-based IP blockers.