In a privacy update published on Dec. 6, ConsenSys, the developer of the popular MetaMask browser wallet, said it would reduce its retention of user data such as wallet addresses and IP addresses to seven days. Previously, on Nov. 24, ConsenSys updated its privacy policy to clarify how Infura (MetaMask’s default Remote Procedure Call) works with user data such as including IP addresses. The revelation sparked controversy in the crypto community around privacy concerns, leading the firm to clarify that IP addresses collected through MetaMask will not be monetized or “exploited.”
We are committed to protecting the privacy of MetaMask users. Last month, the ConsenSys privacy policy update raised questions and misconceptions.
We heard you, went to work, and would like to share some important clarifications and updates https://t.co/5HGlWFuIEq
— MetaMask (@MetaMask) December 6, 2022
In this latest update, ConsenSys further elaborates that it does not store MetaMask wallet information when users make “read” requests through Infura, such as logging in to check their account balance. Instead, users’ IPs and wallet addresses are only logged after “write” requests by making transactions through Infura’s RPC endpoints. ConsenSys also claims the two data types are not stored together to allow its systems to infer from them.
After community feedback, the firm said it will build a new advanced settings page to give all new users the opportunity to choose their own RPC during onboarding and thereafter. Users have the option to opt out of Infura and choose a third-party RPC. However, ConsenSys warns that:
“From a privacy perspective, we caution that these alternatives may not actually provide more privacy; alternate RPC providers have different privacy policies and data practices, and self-hosting a node may make it even easier for people to associate your Ethereum accounts with your IP address.”
Source: https://cointelegraph.com/news/consensys-will-shorten-metamask-data-retention-to-7-days-following-privacy-discourse