Infura happens to be MetaMask’s default Remote Procedure Call (RPC) provider. The updated policy was published on the official website of ConsenSys, the parent firm of MetaMask.
Users on twitter were quick to scrutinize the revision and soon pointed out the shady details in the new policy.
“When you use Infura as your default RPC provider in MetaMask, Infura will collect your IP address and your Ethereum wallet address when you send a transaction.” the policy read.
Word from the ConsenSys founder
Our legal team endeavors to state the policies accurately and clearly, but since the systems are complex and English can be ambiguous, sometimes the legal team introduces ambiguities. We apologize for any confusion we may have caused.
— Joseph Lubin (@ethereumJoseph) November 25, 2022
“Infura takes requests from MetaMask (or other software products that use it) and returns answers to those requests. Some of those requests require data to read it from the blockchain.” he said.
According to Lubin, Infura requires the IP address, as well as the blockchain address to process requests from MetaMask. He added that this was a standard industry practice.
Considering the situation at hand, the ConsenSys chief proposed a solution involving the decentralization of RPC providers. According to him, several projects, including Infura, are working towards a solution that would bring more decentralization without compromising the performance.
Following the initial policy update, ConsenSys also released a statement to address the outrage over alleged attempts to rob users of their privacy. The firm clarified that MetaMask’s latest update did not result in intrusive data collection or data processing.