Joseph Lubin, the founder of ConsenSys and co-founder of Ethereum, explained the most recent privacy update of ConsenSys on Twitter. 

Consensys, the software company behind MetaMask, released a new update to its privacy policy on November 23. The company says it will collect consumers’ IP addresses and Ethereum wallet addresses when they send a transaction. 

Joseph Lubin highlighted that MetaMask itself does not collect IP addresses, the privacy update is purely because IP address is required to route the response back to the requester. "In order to process requests from a wallet like MetaMask, Infura needs to know the IP address of the device sending the request and the blockchain address", Joseph said.

Joseph Lubin also addressed that “Infura does not exploit this data, nor does ConsenSys monetize it. Infura is pursuing technical solutions to minimize data collection, including anonymization techniques and complete elimination of data collected.”

Read full tweet thread:

I’m seeing a lot of misunderstandings around our updated privacy policy that need to be clarified.

MetaMask wallet is a software product developed by ConsenSys. ConsenSys does not operate MetaMask.  *You*, the user, operate MetaMask on your device.

MetaMask does not collect IP addresses. @MetaMask routes information necessary for your transaction to be processed by an RPC provider. @infura_io is the default RPC provider in MetaMask, which we also develop.  

RPC stands for “remote procedure call.” Infura takes requests from MetaMask (or other software products that use it) and returns answers to those requests.  Some of those requests require data to read it from the blockchain.

Other requests ask Infura to route a user-signed transaction into the blockchain to be executed by the blockchain. After doing its work, Infura passes the results back to MetaMask (or other requesters) for display. 

Infura, and other infrastructure providers, operate an enormously complex system and in doing so, provide a valuable service to developers. Infura unlocks the incredible capabilities of blockchains so that developers can serve their users most efficiently. 

In order to process requests from a wallet like MetaMask, Infura needs to know the IP address of the device sending the request and the blockchain address.

Why you might ask?

The answer is actually pretty standard for how web infrastructure works.

First, the blockchain address is necessary because it is part of the request sent to a blockchain. The IP address is also required in order to route the response back to the requester.  

While the end user may gripe, all sorts of web3 dapps use RPC providers, which also need this data to service users. The alternative is few or no usable products in web3. The direction of travel is decentralization of RPC provision. 

Some projects are already working on this. Infura is presently leading a major effort to decentralize itself without losing the performance that developers and their user's demand.

ConsenSys has always been — and will always be — dedicated to serving and protecting the end user. Infura retains this information subject to the limitations described in the “use of personal information” section of our privacy policy. 

Infura does not exploit this data, nor does ConsenSys monetize it. Infura is pursuing technical solutions to minimize data collection, including anonymization techniques and complete elimination of data collected.

ConsenSys was formed so that users would not be improperly exploited by internet products or services. Infura is working on decentralizing itself to further reduce platform risk for software developers and end users.

Web2 companies build products that actively exploit invasive user information. ConsenSys, and many in the Web3 industry, builds products that empower and protect the end user and do not exploit the end user as a matter of highest principle.

One of the reasons the Web3 ecosystem has evolved more slowly than it could have is that it does not use invasive marketing and user retention techniques of Web2. This is also the reason why I believe Web3 will win.

Why? Because you, the user, are free to point MetaMask to a different RPC provider. You, the user, can also set up your own blockchain node and point MetaMask to it. 

Many technically capable users do this already. This is the beauty of decentralized protocols and is a central characteristic that distinguishes Web3 from Web2.

It is not possible to, for instance, point your Facebook data, Google search, or Twitter data directly to the algorithmic engine that orders the presentation of information for you. 

ConsenSys will always enable users to use its products in a manner that enables maximal decentralization and minimal platform risk. Similarly, we will strive to bring the benefits of blockchains and other decentralized protocols to everyone in a safe way.

ConsenSys’ legal team regularly consults with its product teams to ensure our published policies are up to date, as the software is continually evolving. 

Our legal team endeavors to state the policies accurately and clearly, but since the systems are complex and English can be ambiguous, sometimes the legal team introduces ambiguities. We apologize for any confusion we may have caused.