Introducing: Privacy Mode
MetaMask 5.0 includes an optional setting that requires dapps to ask permission to view your account address.
If you have MetaMask installed, you know the extension makes it possible to interact with a whole world of websites built on the Ethereum blockchain.
On any site you visit, MetaMask automatically adds in a small JavaScript object we call an “Ethereum provider.” This allows websites to do things they otherwise couldn’t: propose Ethereum transactions, ask for your signature, query the blockchain, and so on. It’s how dapps get your account balance, or what lets exchanges ask for your tokens.
But when it comes to user privacy, this behavior is less than perfect. Dapp browsers like MetaMask show the Ethereum provider object to any site you visit, which means your Ethereum address is indiscriminately exposed. Since the blockchain is public, your account balance and entire transaction history are retrievable by anyone with your address. Malicious sites can use this data to fingerprint, phish, or track unsuspecting users.
Putting you in control
Over the past couple months, MetaMask has led an effort to improve this privacy flaw across the entire Ethereum ecosystem (documented in EIP 1102). We’re excited to introduce “Privacy Mode” as the user-facing piece of this new privacy layer.
As of version 4.18, MetaMask users will see a new option in their settings.
Enabling Privacy Mode means websites have to ask to see your Ethereum accounts. When a dapp asks for permission to see your accounts, you’ll see a MetaMask popup like this:
By default, we’ll remember which sites you’ve allowed to access your addresses. A future version of this feature will let users un-check an option to “Keep me connected to this site,” requiring that site to request access each time you visit.
Privacy Mode is simple for users, but it’s a significant paradigm shift for how dapps are built. (If you’re a dapp developer, read this overview for how to stay compatible.)
At first, Privacy Mode will be opt-in (and turned “off” by default). Even if you haven’t turned Privacy Mode “on” yet, we want to make it clear what’s happening under the hood, so you may start seeing the “Connect to this site” dialog as you use your favorite dapps.
If you’ve enabled Privacy Mode and are visiting a dapp that isn’t yet EIP 1102-compliant, the site may not work as expected. In this case, head to your settings, turn Privacy Mode “off,” and try again.
The MetaMask team firmly believes EIP 1102 is a crucial step towards a safe, user-friendly decentralized web. Privacy Mode will eventually be the default experience for all MetaMask users.
For developers looking for information on how to build applications compatible with EIP 1102, see this post.
Thanks to the dozens of developers and community members who have contributed to this standardization effort!
