The Growing Privacy Issue At The Heart Of Web3

Privacy and centralization have always been thorny issues at the heart of crypto, but they’re often relegated to theoretical debates. That changed this week with the revelation of a very real privacy issue at the heart of that most fundamental crypto tool: the wallet.

US-based crypto giant ConsenSys updated its privacy policy, revealing that Metamask, the most popular wallet for EVM chains, gathers user IP addresses when users access the service via the RPC provider Infura. (Both Metamask and Infura are owned by ConsenSys, a potential centralization issue in its own right.)

Users were shocked and took to social media to express their concerns. Gathering IP addresses seems to run contrary to fundamental crypto principles of pseudonymity and freedom. With these IP addresses, ConsenSys can theoretically profile and identify their users and also censor future transactions. This has been a growing concern in DeFi with the increasing dominance of blocks generated using Flashbots’ MEV-boost service, which automatically censors non-OFAC compliant transactions.

Wallets and RPC providers were keen to push back on this framing. Although they freely admit to temporarily collecting users’ IP addresses and other data to process RPC requests, they claim that this is an essential and unavoidable part of providing their services.

RPC providers like Infura provide a vital infrastructure service that most crypto users never even think about: handling the remote procedure calls that allow web3 services to access the essential blockchain data they need to operate. Queries are routed to RPC nodes and the response is then routed back to the original user. Like almost every other interaction on the internet, this is facilitated using IP addresses: the IP address shows where the request originated, so the RPC provider knows where to send the response.

In short: ConsenSys understand the issue, but they claim there’s no other option. And while they admit to using this data, they pledge not to misuse it.

To their credit, there is no evidence of data misuse. But does that mean crypto users need to settle for this explanation. Crypto is, after all, supposed to be trustless. Is there another way?

Building a Private Ethereum RPC Provider

Swiss privacy project HOPR thinks so, and they’ve already built a solution. While most crypto users heard about this IP Address issue for the first time this week, HOPR has been trying to raise awareness of this exact problem for almost a year now, building various tools to try and draw people’s attention to the privacy issues currently pervading web3. As early as January this year HOPR was using its D.E.R.P. tool to highlight these very issues, showcasing exactly how much data you send to RPC providers every time you use a wallet or other crypto service. 

These tools aren’t just designed to throw shade. HOPR has been building a solution to this very problem in the form of RPCh, the first private decentralized RPC service. Using RPCh, RPC calls would be sent via HOPR’s decentralized incentivized mixnet, restoring user privacy.

RPCh can be integrated easily with wallets and existing RPC infrastructure like Infura. When a transaction is sent via RPCh, the RPC provider still sees an IP address (they’re right that this is fundamental to how the Internet works) but crucially it would NOT be the IP address of the original user. Instead, it would be the IP address of an RPCh exit node. That node would then route the response back to the original user. No-one in this chain can see the full picture of what’s going on, so everyone’s privacy is preserved.

A New Private Crypto Infrastructure

This isn’t just good for users. Wallets and RPC providers also benefit. Metamask, Infura and providers like them are almost certainly honest in their intentions. But since gathering data is NOT their business model, it actually benefits them to see as little user data as possible. Data which isn’t being monetized is simply an added cost and liability, at risk of hacks, leaks, and external pressure to disclose to third parties.

To their credit, Metamask seem to fully understand this issue. They’ve been collaborating with HOPR for some months now on integrating privacy choices directly into their wallet, including the first ever crypto UX hackathon to design ways to make privacy clear and simple for users.

RPCh is still under development, but integrations with multiple wallets are underway, and real transactions have already been sent privately via RPCh as a proof of concept.

Full integration is still a way off, but this looks like a promising new approach to bringing true privacy to crypto wallets. Luckily, both users and the wallets themselves seem to be on board.