In line with a GitHub issue recently ‘submitted‘, renowned Ethereum [ETH] browser extension named Metamask reportedly broadcasts ETH addresses to all websites a user visits in its default setting.
Metamask is a renowned browser extension featured within the Brave browser, also compatible with Mozilla Firefox, Google Chrome and Opera — that permits its users to act with Ethereum-based DApps [De-centralized applications]. In keeping with the revealed GitHub issue, Metamask broadcasts its users’ ETH address to all the websites visited in its default settings, with the post specifying that the Ethereum [ETH] addresses are shown in information objects contained in message broadcasts against window objects.
As per the issue report, this may lead the identification of users and precludes Metamask use by privacy sensitive DApps. Additionally, the user cites the recently ‘hacked‘ porn DApp Spankchain and health DApps as examples.
Moreover, not solely the admins of the visited websites have access to users’ Metamask addresses, however conjointly so-called trackers alike Facebook like or share buttons, Twitter retweet buttons and similar systems which can fingerprint the browser. The user conjointly added on GitHub that he expects that “these message broadcasts can considerably decrease the worth of Ethereum [ETH] within the long-run.”
In his answer to the GitHub issue, developer Dan Miller argued that sanctioning private mode resolves the matter, to which the users who created the report responds that it doesn’t. ConsenSys software developer named ‘Daniel Finlay’ admitted that they agree that there’s a necessity to change privacy mode by default, and that the extension’s privacy might be improved upon.
Even, Finlay conjointly responded to the user’s allegations that the reportedly lacking privacy options of the software are malicious in nature:
“We definitely reject all of your claims that this is often some weird malicious act on our part, that might be the craziest move we could ever build on a completely open source cryptocurrency project.”
As reported earlier in November last year, Metamask showcased a mobile version of its software within the past, however it hasn’t been yet released. However, a malware impersonating the tool appeared on Google Play and was subsequently ‘removed‘ from the ‘store‘ earlier in Feb.