How private is your private wallet?

Is Metamask safe for use?

Photo by Bermix Studio on Unsplash

I confess to one big lie that I have created; the lie does not harm anyone but me.

I’ve thought about it the day before while I was making some changes to a portfolio for someone. It did not surprise me because it was evident that I had been underestimating it for a long time.

Enough of Suspense?

The lie is that I convinced myself that Metamask has no issues and is safe to store large amounts of crypto.

It was only then when I had to make a few transactions from a friend’s account(in Centralised exchange) to Metamask I had mixed thoughts about the transaction.

I manage my friend’s portfolio, which includes decent crypto holdings. So, it was evident that I felt unsafe as it was someone else’s money, and I was responsible for its security.

Although I knew that Metamask had some issues concerning privacy, I was still using it for a lot of transactions.

I was stalling this article because new research would take time, and my plate was full of work. So today, this article will cover aspects of Metamask, which probably will make you aware of a few concerns.

We will also explore what we can do to avoid the concerns despite using Metamask. In short, the article’s objectives are as follows:

1. What is a private wallet? Different forms of private wallet
2. Metamask and its Concerns
3. Alternatives
4. Processes to avoid concerns despite using Metamask
5. Takeaways

Private Wallet:

A private wallet is a type of crypto wallet which stores your crypto assets. Technically, a digital asset is not stored but you hold a private key to access the funds. You can also manage and monitor your transactions through your private wallet.

The main advantage of having a private wallet is that it is non-custodial. In other words, you are the sole authority of assets stored in your wallet, and only you can manage and monitor the assets held in it, with your seed phrase.

Unlike an account in crypto exchange, where you can store your assets and restore your forgotten accounts, it is impossible to recover your account in private wallets if you forget your seed phrase.

There are mainly two types of private wallets: Hot wallets and Cold wallets.

A hot wallet requires an internet connection, while a cold wallet does not; This aspect is the fundamental difference between them.

A hot wallet is a web/mobile-based wallet. Examples include Metamask, Edge wallet, Trust wallet, Electrum, Binance chain wallet, Coinbase wallet, etc.

A cold wallet is a hardware-based physical device. Examples include Ledger, Trezor, Coolwallet, Safepal, Keystone, etc.

Metamask and its concerns:

Metamask is a hot wallet that is used to manage and monitor Ethereum or Ethereum based tokens. It is a plug-in available to add to your browser extension.

While all hot wallets are vulnerable to hacks and cyber attacks, I found some issues with Metamask when I dug deeper into it.

My first concern is its privacy policy. There are a few things in its policy that are not very consistent with the moral of Blockchain, which is decentralization. For example, one red flag is that Metamask may share our data with their corporate affiliates and subsidiaries. Metamask may share data to comply with the law, including KYC. Metamask may share aggregated/anonymized data with others for their own uses, a substantial red flag.

Image by Author

Here is another image regarding privacy policy:

Image by Author

My second concern is its recent event of a ban associated with Iranian and Venezuelan IP addresses. In a world of Web3, where everyone has equal access to data and platforms, how can Metamask ban its services in any country?

Is it not against the ethic of Blockchain? With Blockchain being mainstream, users are adopting it at an ever-increasing scale, and hence such events of the ban do not reflect the required morale behind such technology.

Here are the tweets of such events:

Iranian ban

Venezuela ban

My third concern is its vulnerability in code. As per the recent development, Alexandru Lupascu, the co-founder of OMNIA Protocol, has claimed that he found a severe issue in the source code of Metamask that gives hackers a way to access users’ IP addresses.

There may be a serious privacy breach due to this. If you want to read more about how hackers can exploit this, here is the article self-written by him.

Alternatives:

As of now, there are no well-known hot wallet alternatives that can replace the Metamask and its applications without such compromises. I have not looked at the privacy policies of other hot wallets, but a cold wallet can accommodate such applications without much vulnerability.

So, a cold wallet may be a better replacement.

Ledger can be used for Defi access and NFT minting with the newly launched app Zerion. I have not explored Zerion to a great extent, but developments concerning providing access to most of the features that Metamask provides are in progress. I am really optimistic about these developments.

Processes avoiding concerns:

The following steps are not a guarantee of avoiding such privacy breaches.

But at least something is better than nothing.

Here is one thing that you can do. I have assumed that you have downloaded the Metamask extension into your web browser.

Step 1: Go to your browser extensions where Metamask is pinned.

Step 2: Right-click the Metamask icon, and you will see the following.

Image by Author

Step 3: Click on the “This can read and change site data” option.

Image by Author

Step 4: Change to “ When you click the extension” from “On all sites”

Image by Author

Takeaways:

Being connected to tech through disruptive technology is a boon for us. Still, at the same time, if we do not have the necessary knowledge of the digital world and its vulnerability, serious trouble may befall us.

Metamask is an excellent application, and it probably is the easiest to use. I would recommend using not large amounts of crypto in Metamask. For large amounts of crypto, I prefer using a cold wallet such as Ledger.

Small investments make life and sustainability easy

Disclaimer: None of the content, in part or whole, articulated here is any financial advice. This article is about personal investment philosophy and a medium to generate awareness in the financial journey. Please consult your financial advisor before making any financial decision.

Apologies for the above disclaimer!

I hope you enjoyed the content and was worth your time. Not happy! Please let me know. But, if you liked the content, let me know through any means conveniently, as this would help and motivate me to write more valuable content for you. For more articles and updates, you may follow me by clicking “Follow”.

Schedule a DDIChat Session in Blockchain and Cryptocurrency:

Experts – Blockchain and Cryptocurrency – DDIChat

Apply to be a DDIChat Expert here.
Work with DDI: https://datadriveninvestor.com/collaborate
Subscribe to DDIntel here.


How private is your private wallet? was originally published in DataDrivenInvestor on Medium, where people are continuing the conversation by highlighting and responding to this story.