Facebook is now rolling out support for NFTs and crypto wallets to match the same service offered on Instagram. While this feature is a good development towards mass blockchain adoption, it raises privacy and security concerns for blockchain-unaware users who may mistakenly share high-value NFTs on social media.
Many Facebook and Instagram users are well aware of Meta’s user privacy and data collection issues. Facebook does not know what happens to user data after it is collected, and the collection and resale of user data to third parties is still an important part of its business model. Users are connected to family, friends, colleagues, and potentially connections to those connections, and many don’t know how to hide Facebook photos or posts from malicious users. Facebook has rightly earned a reputation as an unsafe place to store personal information, and the desire to venture into Web3 at a time when Web3’s privacy and security concerns make mass adoption dangerous could have serious consequences for some users who don’t understand the basics . of blockchain security.
Facebook announced the rollout of its NFT sharing feature on August 29, which will allow users to connect to a crypto wallet using many popular Ethereum browser wallets, including the ubiquitous Metamask wallet. This feature will be similar to Instagram’s NFT sharing feature that launched in May 2022 and will be found under the Profile Settings drop-down menu. Facebook has expressed interest in building an NFT minting service and marketplace, so it makes sense to integrate NFTs and crypto wallets into Facebook after a successful implementation with Instagram. But before NFT owners rush to share their collectibles with everyone they know personally, this feature comes with security concerns that need to be understood.
Sharing NFTs with people who know you can be dangerous
As CryptoSec has written about regarding “Five Dollar Wrench Attack,” privacy and discretion are important for crypto holders to avoid being robbed of crypto money. By allowing users to connect crypto wallets to their Facebook and Instagram accounts, not only will Meta be able to create a database of crypto wallets and users that can be sold to third parties or government agencies (which would be far more valuable than personal data), but users will inadvertently expose their wallet to the public by sharing NFTs they own.This is because NFTs are all unique, so it is not difficult to find out a user’s wallet address by searching the NFT image file, finding the token ID number, looking up the collection’s address and using a block explorer like Etherscan to connect the dots Once the user’s address is known, the contents and the entire transaction history.
This is not to say that all wallet addresses should be kept completely anonymous at all times and NFTs should never be shared on social media, as users who purchase an NFT domain name for a crypto wallet can use it as an official blockchain address that can receive payments, sign transactions and create new NFTs with their name. This technique is especially useful for artists who want to use NFTs to protect their work from counterfeiting, as imprinting each NFT with a crypto wallet that (literally) has their name on it is a convenient way to prove that the NFT was created by them . Public crypto wallets are completely safe to use on Facebook and Instagram as long as their owner stores their valuables in one or more anonymous wallets that have no connection to their public wallets.
Blockchain continues to advance, and Meta is doing its part to drive a part of it. However, with this adoption comes the responsibility of security education for blockchain-unaware users, as they can make the simple and understandable mistake of using a single address for all NFTs and crypto tokens they own, thereby broadcasting their entire holdings on-chain to everyone. Hopefully no one will be robbed for parting with a valuable NFT Facebook or Instagram, and hopefully Meta doesn’t create a crypto wallet database to sell, but both could happen eventually.
Source: Facebook, Metamask, CryptoSec, Etherscan