Welcome to Valid Points. In today's issue, Sam Kessler is back and focuses on the firestorm stemming from a recent revelation that MetaMask was sharing IP information with Infura. For an extended version of this article, visit the Valid Points web post here.
Last week, the leading crypto wallet provider MetaMask came under fire for a change to its terms of service that revealed it was sharing user IP information with Infura, a piece of blockchain infrastructure created by MetaMask creator ConsenSys.
ConsenSys, a research and development company led by Ethereum co-founder Joe Lubin, built MetaMask to offer users a convenient way to store and trade their crypto without needing to trust centralized exchanges like Coinbase and Binance – platforms that store, or "custody," funds on a user's behalf.
Relative to "cold" wallets that allow users to custody their crypto keys on a kind of USB thumb drive, MetaMask, a "hot wallet," is installed on your phone or web browser and is continuously connected to the internet. While convenient – you only need to keep track of a username and password, not a physical thumb drive – "hot wallets" are theoretically more vulnerable to attacks and information leaks because they are always connected to the Web.
But compared to centralized exchanges, hot wallets like MetaMask are, at least in theory, more private and secure than allowing someone else to manage your assets.
The revelation that MetaMask was sharing IP information with Infura set off a firestorm on Twitter, with many users upset to learn their identifying information could have leaked to Infura – meaning their transaction history was not as private as they once thought.
The FTX debacle, along with last week's MetaMask controversy, resurfaced a familiar refrain in the world of crypto: "not your keys, not your crypto."
If you hold your funds on a centralized platform, they risk being stolen or misappropriated (as happened in the case of FTX, which apparently loaned out user funds without users knowing).
Downloading a hot wallet was supposed to be a safer way to get around the "not your keys" problem – your MetaMask funds are only accessible to you. But when users realized that MetaMask, too, was vulnerable to centralizing parties, they scrambled to figure out how they might be able to use the wallet without connecting it to Infura – a so-called RPC service that MetaMask uses to communicate with the Ethereum blockchain.
While ConsenSys noted in a statement that it is technically possible to use MetaMask sans Infura, users quickly realized that doing so would be confusing and impractical – requiring one to jerry-rig a new solution for reading information from the Ethereum blockchain.
The MetaMask controversy – and the anti-centralization discourse that surrounded it – serves as a harsh reminder of a hard truth that the crypto industry must face as it rebuilds from the FTX rubble: Centralized intermediaries have seeped deep into the crypto user experience.
No comments:
Post a Comment