For the past two years, I’ve worked as a product manager on an open-source project called MetaMask.
Our team builds a browser extension that lets people use Ethereum applications. It exposes an API for websites to interact with the blockchain, and it provides a UI for people to manage funds and approve transactions.
Our core team has 20 members, but our project has nearly 200 contributors from around the world. In past product roles, I’d been energized by collaborating with dozens of teammates in different functions and departments. …
I spent the last 2+ years working with a remote team distributed across five time zones. We used a jumble of different tools to collaborate and organize — the usuals, like Slack and Zoom and Google Docs and Airtable. But we also leaned heavily on others — Mural for brainstorming, Loomio for structured decision making, Kialo for complex and sprawling discussions.
On modern product teams, there’s so much work that does not fit in a spreadsheet or 8 x 11.5 sheet of digital paper. Some discussions are messy & divergent. …
This is one of the breaking changes we’re making on November 16, 2020. Click here for more details.
On November 16, 2020, MetaMask will no longer inject the
web3.js API. You can still bring your own web3.js or similar library and use it with MetaMask. We will simply stop injecting a particular version of web3.js for you.
We’ve primarily included web3.js as a convenience alongside MetaMask’s core Ethereum provider API, which wraps the JSON-RPC API and is documented here.
Removing web3.js is part of an effort to simplify MetaMask’s API and provide the safest, most stable experience possible.
MetaMask currently injects
firstname.lastname@example.org, which is no longer receiving fixes or updates. The
0.20.x version also lacks some safety validations that have caused trouble for our users. …
Last year, MetaMask introduced Privacy Mode, an ecosystem-wide standard to improve user privacy on Ethereum. Rather than exposing users’ Ethereum addresses to all sites, Privacy Mode (detailed in EIP 1102) requires that websites ask for user consent before wallets reveal an address.
Privacy Mode has been enabled by default for new users for the past several months, and available as an opt-in setting for existing users. In MetaMask v7.0, we’re making Privacy Mode the default for every MetaMask user. We believe this is an important step for the usability and privacy of users in the Ethereum ecosystem. …
MetaMask attracts users from all over the blockchain space — developers, token traders, first-time dapp users who don’t even know what Ethereum is, and everything in between.
It’s a wide range for a single product, and we’re amazed at the many use cases and insights that come from these different user personas.
We’ve long relied on qualitative feedback from support, Github and around the community to inform product development. But in early March, we rolled out an opt-in metrics system to provide some quantitative insight on how people are really using MetaMask.
Two months later, we can see trends and high-level volume that highlight the incredible amount of dapp activity and development happening across the ecosystem. …
Product updates from the MetaMask core team.
One of MetaMask’s many goals is to make managing ERC20 tokens a breeze. Since rolling out our privacy-first metrics system last month, we’ve learned that token transfers account for 45% of transactions initiated from within the extension (as opposed to those initiated by a dapp). Right now, this requires selecting a token from the left-side hamburger menu, then going through a “Send” flow specific to that asset. “Token” is also one of our most common keywords in support requests.
To make this flow smoother and more discoverable, we now allow users to select the asset they’d like to send right from the general-purpose “Edit Transaction” screen (#6445). Next time you want to transfer tokens, you can start just by clicking the “Send” button on the home screen. (And for the eager: support for sending & managing ERC 721 tokens is coming soon!) …
Product updates from the MetaMask core team
Last month, we announced some updates to MetaMask’s network efficiency. This month, we’ve shipped even more improvements to reduce our traffic to Infura and eliminate unnecessary requests. v6.1.0 includes a set of changes that bring MetaMask very close to going network silent while not in use, and early reports suggest we’ve reduced our overall number of requests by 50%. Laptop batteries around the world rejoice.
MetaMask is a crucial tool for blockchain newcomers, traders, developers, and beyond. The qualitative feedback we get from these different user groups can vary widely. In pursuit of making more data-driven decisions in our UI, MetaMask will begin rolling out an opt-in metrics system starting next week. …
Documentation, performance improvements, security with SESify and more.
We’re happy to announce the launch of our new developer documentation site. It includes everything you need to get your dapp up and running, including sample code for some basic interactions, best practices to help your users get the most of MetaMask, and technical details on supported signing methods, APIs, and more. We’ll continue to add over time, and if there’s something you think is missing, we’d love to hear from you!
Back in November, news broke about several wallets being compromised by malicious code in the wallets’ dependency graph. …
Since last month at DevCon, the team has been making steady progress on our ambitious goals for the coming year. This newsletter has some updates on projects past and future, as well as several exciting shoutouts across the MetaMask family!
Last month we launched a feature called Privacy Mode in MetaMask v5.0.0, which requires that dapps ask users’ permission to view their public Ethereum address. Over the past couple weeks, we’ve seen hundreds of applications across the ecosystem update to support this crucial privacy layer. …
If you have MetaMask installed, you know the extension makes it possible to interact with a whole world of websites built on the Ethereum blockchain.
But when it comes to user privacy, this behavior is less than perfect. Dapp browsers like MetaMask show the Ethereum provider object to any site you visit, which means your Ethereum address is indiscriminately exposed. Since the blockchain is public, your account balance and entire transaction history are retrievable by anyone with your address. …