Metamask Browser Extension Default Settings Broadcast ETH Addresses to Visited Websites

Published at: March 23, 2019

Leading Ethereum (ETH) browser extension Metamask reportedly broadcasts ETH addresses to all websites a user visits in its default settings, a GitHub issue submitted on March 20 states.

Metamask is a browser extension featured in the Brave browser — compatible with Mozilla Firefox, Google Chrome and Opera — that enables its users to interact with Ethereum-based decentralized applications (DApps). According to the aforementioned GitHub issue, Metamask broadcasts its users’ ETH address to all the websites visited in its default settings, with the post specifying that the ETH addresses are shown in data objects contained in message broadcasts as opposed to window objects.

According to the issue report, this can lead to the identification of users and precludes Metamask use by privacy sensitive DApps. More precisely, the user cites the recently hacked porn DApp Spankchain and health DApps as examples.

Moreover, not only the administrators of the visited websites have access to users’ Metamask addresses, but also so-called trackers such as Facebook like or share buttons, Twitter retweet buttons and similar systems that can fingerprint the browser. The user also noted on GitHub that he expects that “these message broadcasts will significantly decrease the value of ETH over the long-term.”

In his answer to the GitHub issue, developer Dan Miller argued that enabling private mode solves the problem, to which the user who created the report responds that it does not. ConsenSys software developer Daniel Finlay admitted that they agree that there is a need to enable privacy mode by default, and that the extension’s privacy could be improved upon.

Lastly, Finlay also responded to the user’s allegations that the reportedly lacking privacy features of the software are malicious in nature:

“We definitely reject all your claims that this is some weird malicious act on our part. That would be the craziest move we could ever make on a totally open source crypto project.”

As Cointelegraph reported in November last year, Metamask showcased a mobile version of its software in the past, but it hasn’t been released yet. However, a malware impersonating the tool appeared on Google Play and was subsequently removed from the store in February.

Tags
Related Posts
Privacy protocol’s dogged focus on untraceable coins and anonymous communication
In a battle of animal-themed cryptocurrencies, a bullock-branded, anonymity-focused protocol is making the case that it is faster, safer and cleaner than the shiba inu-faced joke coin that became a top 10 cryptocurrency this year, largely on the strength of Elon Musk’s memes. Animals aside, the Oxen privacy coin does have some reason to compare itself with market darling Dogecoin. Speed, for one. While DOGE’s block time is one minute compared to OXEN’s two, Oxen can use what it calls Blink technology, which is the default setting for OXEN to make the transactions nearly instant. On top of that, Oxen …
Technology / June 28, 2021
Orchid’s OXT Price Slips Over 20% After Launch for Trading on Coinbase Pro
American blockchain and software development firm Orchid Labs has launched its privacy network alongside its native token OXT. According to a blog post on Dec. 16, Orchid’s digital currency OXT was immediately available for trading on major United States-based cryptocurrency exchange Coinbase Pro. According to an announcement, OXT will be available in Coinbase’s supported jurisdictions, with the exception of New York State. Coinbase Pro started accepting OXT deposits on Dec. 13. OXT token allows one to buy and sell VPN services or provide bandwidth As previously reported, Orchid provides a decentralized virtual private network (VPN) for anonymous communication and virtual …
Ethereum / Dec. 18, 2019
The Future of Crypto: The Latest Cryptography Advances Set to Change Blockchain
Cryptocurrencies could not exist without cryptography. Advances in this field can have far-reaching impacts on blockchain technology and its potential. We will examine the opinions of industry experts on the latest cryptographic advances and their potential for cryptocurrencies. Zero knowledge proofs: more than just privacy Director of research at blockchain firm Blockstream and mathematician Andrew Poelstra told Cointelegraph that zero-knowledge proof (ZK-Proof) systems are “one of the most exciting areas of development” in the cryptography space. This kind of cryptography is known and appreciated for being the basis of privacy-preserving solutions. ZK-Proofs are the basis of the privacy-preserving technology included …
Blockchain / Feb. 20, 2020
Zcash Bug Could Reveal Shielded Full Nodes’ IP Addresses
A bug in all Zcash (ZEC) implementations and most of its forks could leak metadata containing the full nodes’ with shielded addresses (zaddr) IPs. Komodo (KMD) developer Duke Leto disclosed the bug in a blog post published on his personal website. A Common Vulnerabilities and Exposures (CVE) code has already been assigned to track the issue on Sept. 27. Leto explained: “A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a …
Altcoin / Sept. 29, 2019
Monero Wallet Provider Releases Web-Based Wallet for Tor Browser
XMRWallet.com, an open-source, client-side Monero wallet provider, has released a new web-based wallet for the Tor web browser, the company announced in a Reddit post on Aug. 28. The post notes that there had been a high demand for such a wallet from XMR users. Now they can send and receive the private and untraceable cryptocurrency through what claims to be the first Monero web wallet for the distributed and anonymous Tor network. Within the Tor network, Monero (XMR) is the cryptocurrency of choice among many users. For the advocates of a truly decentralized future and financial anonymity, the pairing …
Altcoin / Sept. 10, 2018