Our main story this week is about Metamask. Metamask is by far, the most popular Web3 and DeFi wallet. It has more than 30 million users. I know many of you reading this use Metamask so I will explain how to better protect yourself. You may have already seen stories about what Infura is doing with your data, but if you haven’t, here are a couple of stories about it and then I will explain.
https://thedefiant.io/consensys-metamask-privacy-policy from The Defiant
or here https://beincrypto.com/new-consensys-updates-collect-ip-ethereum-address-data-metamask/ from Bein Crypto
First, I am going to show you why this is happening and what risk you have as a Metamask user. Then, I will show you how to reduce this risk to near zero with a small change in your wallet setup.
So What’s the Deal? What’s At Risk?
Consensys is a private company building lots of Web3 tools started by Joseph Lubin, co-founder of Ethereum. They work very closely with Ethereum. One of their products is Metamask. They created the wallet. Another product that’s important in this discussion is Infura.
You’ll see why in a second.
When you create your Metamask wallet, you have to pick a network to connect to for your Ethereum Wallet, Polygon, BNB Smart Chain, or other Ethereum Virtual Machine (EVM) network. The default selection is Consensys’ sister company, Infura. So when you see Ethereum Mainnet (upper right) in your MM like this:
You are connecting through Infura’s API tools and using Infura as your RPC or Remote Procedure Call. More on that in a second.
Many people myself included did not care until a change in Metamask’s Privacy Policy. That change states:
So you see that Infura is collecting A LOT of data on you and your transactions. And it does not have to be this way. I’m getting to a solution in a second……
What is RPC?
Infura is the default RPC provider. RPC stands for Remote Procedure Call. Think of it like how your wallet will connect to the Ethereum Network. It has to connect somehow so you can see your wallet balance and process transactions. And you have choices for this, like the old-fashioned telephone switchboard where you can connect many different ways through different lines from the central switchboard. It’s not a perfect analogy but it works here……
RPC is one of the lines the switchboard operator is using to connect you to Ethereum. And in this case, with Infura, it’s like if the switchboard operator connected you and then listened to your conversation and wrote it all down.
That’s not very decentralized or private now, is it?
And to make matters worse, all this information from Infura and Metamask goes to the team that created the wallet, Consensys. You can see how this could become a central point of failure. In fact, it already happened once to Venezuelan users trying to escape their terrible economy with crypto. They were accidentally blocked for a while in an attempt to comply with US sanctions against the country.
You can see how this could get out of hand fast with law enforcement requests or claims you haven’t paid enough in US taxes so freeze your wallet. Not good.
The Solution: Change Your RPC
In the privacy policy image above, you see it also says that if you change your RPC provider away from Infura then neither Infura nor Metamask collects this information from you.
This means you have 2 potential solutions. You can either:
Find any other RPC provider because then Infura and MM don’t get this information OR
You can look to find an RPC provider who also does not collect this information meaning no one will have this data on you (preferred).
Option #1 is good. At least your data is spread out between different providers but it’s hardly ideal. Option #2 where no one has this data is much better.
Some providers include:
Alchemy
Bitstack
Pokt (Pocket)
Ankr (Ankr just had a hack so avoid this one, for now, to see if the hack affects other services like their RPC business)
Cloudflare
Public Node
and more
My Choice and How to Change the RPC
I chose to use Pokt (Pocket) and their documentation makes the change easy. Pokt does not collect your data so now no one will have it. That’s how it should be. They even made a 1-minute video on how to change your RPC in 30 seconds. That’s how easy it is. Check it out
So you see Adding a New Network and making it as default in Metamask is not difficult but it is necessary, especially if you care about privacy.
DeFi Investment Option of the Week
DeFi is down across all networks in this bear market. But great income opportunities still exist. Here’s one I found on BNB Smart Chain. Remember, I’m not a financial advisor and this is not investment advice. I just find this an intriguing opportunity.
Here we have 2 coins you likely hold in your portfolio anyway: USDT and BNB. This pool pays 16.35% on PancakeSwap, the largest decentralized exchange (DEX) by far on BNB Smart Chain. Risks here are:
impermanent loss where you could lose value in the farm against just holding the assets separately since you have to maintain 50/50 value in the farm. BNB’s price will move while USDT’s price is likely to not move very much
If USDT depegs from the USD, then your farm investment could lose value. Risk of this is low but there are always rumors floating around so you should not ignore it. Just be aware. Also, your coins are not locked in this farm so you can move them at any time.