I think it’s time for another friendly reminder to be aware of what you’re doing when your dealing with cryptocurrency.

Today I’m focusing on Metamask and their privacy policy.

I know that I’ve made a few videos that show how to use this wallet and how it can be awfully convenient compared to other wallet options. But as with many other things in life, convenience often brings a sacrifice to security.

I know we’ve all had that experience of wanting to use a new software or update our phones and computers and we’re presented a page that represents that company’s terms of service and privacy policy. Of course these papers read like a dry legal document and that’s because they are.

If you’ve ever just clicked the “agree” box just to get going with the process without reading it you are certainly not the only one. But don’t you ever wonder what it is exactly that you’re agreeing to?
In the case of Metamask their privacy policy is available for anyone to read.
It’s actually not that long or difficult to get through and it’s implications can have an impact on your experience using their wallet.

Here’s what I’m talking about:

Their privacy policy is worded in a way that seems to give them some wiggle room. For example, when it states that “The personal information we collect from you generally may include:”
(and it goes on to list:)

• “Network information regarding transactions”
• “We become aware of the first public key created by virtue of the system design...”
• “We may receive network information from you as a result of your interaction with our Service.”
• “Our service requires the highest level of browser permissions that could potentially lead to procurement of more personal information...”
• “...Any identifying information collected via Google Analytics is controlled by Google.”

The preceding paragraph explains that the initial public key created is made aware to them because that’s how their system is designed and that all public keys thereafter are anonymous.
However, not only are they “aware” of the initial public key that you produce on their plug in, they also store it.
They also explain that your interaction with their service may result in their servers receiving information like your IP addresses and possibly more.

Also since this plug in has “full browser permissions” this may also lead to them receiving personal information about you. They say that these permissions are for “extremely limited technical purposes” yet go on to vaguely explain that they don’t obtain anything beyond what is necessary, without detailing what it is that is necessary.

The privacy policy also states that your information will be shared with their affiliates or any third party that is required for the provision of the “Service”
Also, as I stated earlier, the policy reiterates that MetaMask uses Google analytics and for that purpose, any identifying information that is collected by Google Analytics is then controlled by Google.

The next paragraph explains all of the scenarios where they will disclose your information.

When it comes to securing your information that they’ve collected, that section is a bit thin and explains that they store the personal information on limited access or encrypted computer systems.

Now if you’re wondering if these security measures are sufficient, there has been instances where some users’ information, for whatever reason has been compromised. They were required to download a new web browser and create a new MetaMask account and transfer their funds into that new account.

This all means that they do indeed collect your data, maybe not all of it, but it’s data that could leave you vulnerable or exposed to outside third parties.

Granted, I can’t tell exactly how many others have had this same experience or how drastic this security breach was for their network, but regardless, it’s something to be aware of when considering if this service is worth it to you.

Again, I myself have used Metamask in the past, and this post certainly isn’t meant to be FUD in any way.

I think it’s important to be educated when making decisions, especially when it involves your crypto investments.

While we’re on the subject of using of in-browser wallets, there’s another thing I think we should all be aware of that also involves the sharing of your data.

Did you know that if you use any type of Ethereum based in-browser web wallet you could be sharing the fact that you use Ethereum with nearly every website that you visit?

This doesn’t mean they can steal your crypto without you knowing, I’m sure you’d get a confirmation notification at least.
But this does mean that you could be put on a hackers radar if they know you’ve got an investment in crypto.

To MetaMask’s credit they are making efforts to address these security issues.

You can check out their GitHub to see their progress.

It’s also important to note that this is still very much a new application that is still working out it’s kinks.

This is also the case for many crypto wallets, not just those that are based on your web browser.

You are ultimately assuming the risk when you choose to store your cryptos.

It’s very much worth it to take your time and educate yourself on the status of any wallet you want to use and how the team behind it is addressing its issues.

Additional Reading/Sources:

MetaMask Privacy Policy
Steemit User's Experience with Security Breach
MetaMask GitHub Addressing Security
Risks of Using Ethereum In-Browser Wallets