Infura is to blame for MetaMask’s violation of the crypto spirit
Censorship resistance is the foundation of crypto, so for many cryptocurrency purists, on November 23, ConsenSys, the New York-based company behind the leading Ethereum browser wallet, informed its 20 million MetaMask users that their IP and wallet addresses would be collected was simply a gross violation of the crypto spirit.
In the weeks that followed, ConsenSys first responded by saying that the data collected would only be kept for seven days, and then that it had updated its MetaMask features to allow users to opt out of Infura. However, the question remains: Have they done enough to establish crypto resistance?
While many may be fine with MetaMask tracking users’ wallets and IP addresses, not many more of us are because blockchain is supposed to be about decentralization and empowering people to control their data and their finances without intermediaries – like banks and governments .
Related: Are we still mad at MetaMask and ConsenSys for snooping on us?
For the sake of healthy debate, let’s say we’re fine with MetaMask tracking users’ wallets and IP addresses in certain acceptable cases. These reasons can be in case of a malicious attack. The information collected by the Infura protocol can help track down the criminals involved.
Perhaps, more importantly for ConsenSys, the “spying” may have more to do with official regulations, such as Know Your Customer laws, anti-money laundering and terrorist financing laws.
However, the reasoning behind the decision to “spy” or end the MetaMask user privacy features is very concerning – and even a little scary – because it clearly goes against the crypto spirit.
Control and ownership back to the users
The crypto spirit focuses on giving people back control over their assets so they can do what they want with them when they want and have ownership over their data so they can participate in the decentralized economy, such as the machine economy, by monetizing the information their. .
Infura is mainly blamed for violating the crypto spirit by tracking users’ IP and Ether (ETH) wallet addresses while advising MetaMask’s users to spin up a brand new Ethereum node or to use a different node provider if they are so concerned about lnfura’s intrusions.
Assume that Infura (or another API provider) has the users’ IP and ETH addresses. If so, it can quickly locate the user’s home and link it back to all ETH assets and chain transactions users have made. It’s pretty scary.
Opposing intrusion
It raised a fascinating debate among the crypto community. While the Ethereum blockchain provides censorship resistance, API providers such as Infura, which provide access to the Ethereum blockchain, are not adversarially obligated to be censorship resistant.
It represents a significant risk to users of MetaMask or, for that matter, any other wallet, such as these Ethereum API nodes, because it leaves them vulnerable to censorship without any warning or warning.
Related: Coinbase strikes back as SEC closes in on Tornado Cash
And then came Alchemy and MyEtherWallet, which tried to “cash in on MetaMask users’ concerns”, only to emerge as two crypto wallet solutions that also track user data.
It’s true that anyone can send Bitcoin (BTC) to anyone – even if the police or authorities don’t approve. However, if BTC was not censorship resistant, these authorities could seize or block that Bitcoin. Crypto was created with censorship resistance in mind because we need and cherish our right to privacy.
It’s also ironic. Blockchain developers have racked their brains to design the chain to be resistant to censorship. However, the API node provider “hijacks” the original intent and silently changes it, all the while not informing the potential victims – the users – of the changes.
In light of Infura’s violation of the “crypto spirit”, here are two considerations.
Crypto enthusiasts should continue to monitor API providers and alert communities when they behave unethically
- Monitoring from the public is required, as the two whistleblowers are doing via their Twitter accounts.
- MetaMask and other wallets must inform users immediately and clarify the terms of their privacy. For example, they should tell users that they are using Infura, which does not ensure their privacy 100%. It was probably not done correctly or in a sufficiently transparent way in November.
- Builders of decentralized applications (DApps) should be responsible for notifying people that an API node in use is not secure or censorship-resistant to raise awareness.
What type of technology can reasonably address this concern?
- API node-as-a-service makes it easy for non-tech users to spin up API nodes for the wallet. It should be as easy for both users and developers as buying a VPN service.
- In mathematics we trust. Technology always fights for freedom on behalf of people. Ethereum co-founder Vitalik Buterin recently published an “Incomplete Guide to Stealth Addresses”, which does not require new technology. However, if implemented on Ethereum, they partially address the privacy breach concerns raised by Infura. People can still find a user’s house using Infura, however not their chain transactions or assets.
Raullen Chai is co-founder and CEO of IoTeX. He has previously worked for companies such as Google, Uber and Oracle. He has a Ph.D. from the University of Waterloo, where his research focused on designing and analyzing lightweight ciphers and authentication protocols for the Internet of Things. At Google, he led technical infrastructure security initiatives, including SSL attack mitigation, privacy-preserving SSL offloading, and enabling certificate transparency for all Google services. He was also the founder of Google Cloud Load Balancer.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.