Hello there! The way Metamask is storing all of our transactions and token balances is through RPC(Remote Procedure Call) and a node.
Although the way of interaction between Metamask and node is similar to a typical old client-server type, it cannot be completely done with blockchains as they require an instant response time and support for dynamic data models. For that inherited become a client-side interaction model, similar to the one we have in chat applications.
What is RPC?
RPC is the most used way of fetching data in the blockchain. With so many changes happening in the blockchain, RPC is a request to make sure all the nodes have the same information at a specific time. It allows developers and users(through wallets) to access certain information from the blockchain. Since RPC is performing its operations using API it can do things quicker simultaneously instead of waiting for one task to be done first.
There are two ways of having access to RPC:
— Owning an Ethereum node which can be expensive to buy/maintain hardware and difficult for end users to set up and as well as time-consuming.
— Using a third-party RPC provider is a solution if we do not want to have our own node. The benefit here is nearly instant access to free RPC however there are some privacy problems we can encounter. Examples of the companies are Alchemy, Infura, and Pocket Network. By clicking on their websites we just have to create our account and copy/paste our RPC endpoint address into Metamask
So since blockchain data is so accessible to everybody, the question can appear here is it safe for end users? Not really, if we want to use the second option that means a request to our device gets sent to a 3rd party node (Alchemy, Infura, etc.). This means by default the RPC provider gets:
— Your IP
— Your addresses
This act doesn't go in pair with decentralization. We should use them on our own risk.
Solution?
Yes. The safest possible is having our own full node from which we can get data to our metamask and nobody would share our private information. Anything else?
Can we change the Ethereum node provider to a more reasonable one? Yes, there are a few of them now persuading us about their decentralization like Pocket working in a DAO model.
Another worth-mentioning project coming out is Lodestar which tries to introduce an open-source Ethereum light client written in Typescript.
In the end, it's worth mentioning that despite critics in recent times, Metamask is not evil here, it's just a frontend software to what is happening behind the scene on the blockchain and alone it does not interfere with our privacy.
