Dan Finlay, co-founder of popular crypto wallet MetaMask, has clarified that they are not using IP addresses. However, he said that addresses are being temporarily saved even if there is no need.
“We are not using IP addresses even if they are being temporarily stored, which they don’t need to be, as we’re not using them for anything.”
This comes after it was revealed by ConsenSys, MetaMask’s parent company, that Infura collects both their IP address and ethereum address, thereby linking the two together for GDPR purposes.
“We’re not [just] starting to [collect IPs], we’re actually trying to reduce any instances of cached PII,” Finlay added in his explanation while confirming that “this was a GDPR compliance legal notice [that they collect IPs].”
According to Finlay, rendering checks and balances is as simple as batching queries. He argues that MetaMask is “not doing anything malicious” and added that “everyone is just projecting their worst fears.”
MetaMask Cannot Operate Without User Data
Founder of ConsenSys, Joseph Lubin explains that the service can’t be provided without the user’s address and IP making contact to Infura or even the blockchain through their browser. Infura, a provider of node infrastructure, is MetaMask’s primary node. Thus, on default, MetaMask will also keep track of your IP address.
“First, the blockchain address is necessary because it is part of the request sent to a blockchain. The IP address is also required in order to route the response back to the requester.”
However, MyEtherWallet (MEW) has come forward to state that they do not track IP addresses, stating, “we have never, and will never collect identifiable information from our users.”
There is a browser add-on for MEW called Enkrypt, and the platform appears to operate on its own node architecture. Moreover, in a recent report, NFTBank, a non-fungible token (NFT) portfolio manager, was picked by Metamask, a software cryptocurrency wallet that helps communicating with the Ethereum (ETH) blockchain.