Have you ever wished you could help your users add a token to their wallet? Have you ever been confused or frustrated by Ethereum’s numerous signing methods? Have you ever wished we had a privacy layer that didn’t expose users’ accounts to every site they ever visited?

If you answered “yes” to any of the above, this newsletter is for you! Read on to learn about support for the new signTypedData spec, progress on our privacy proposal EIP 1102, a new EIP for adding tokens to users’ wallets, and more new features in the extension.

MetaMask v4.12 is rolling out slowly over the next week, so if you don’t see these updates yet, hang tight! And if you’re super keen to upgrade, you can head to our releases page and load the new version manually.

Support for the final signTypedData spec

Signing data is a crucial part of interacting with dapps. By using your private key to sign something, you can prove ownership of your key without revealing it — and without sending ETH or paying gas. Ethereum has gone through a range of different signing methods, many with security or usability tradeoffs. With EIP 712 and the finalized signTypedData spec, developers have a method that is simple to implement and efficient to parse and validate on-chain. Rather than asking users to sign illegible hexidecimal or UTF-8 strings, the signTypedData method lets dapps present data in a well-structured, human-readable format.

MetaMask 4.12 includes support for this method as specified in EIP 712 under the function name signTypedData_v3. We will continue to support the legacy implementation under signTypedData for the next several months. Users get to know what they’re signing, dapp developers can settle on one implementation, everybody wins. For more detail, read this blog post by ConsenSys’ Koh Wei Jie.

Test your dapp with EIP 1102

MetaMask has been spearheading an ecosystem-wide effort to improve the privacy layer for dapp browsers & wallets. On November 2, MetaMask will stop exposing users’ accounts by default, and instead require that dapps ask the user’s permission.

Since proposing this change, we received some helpful feedback from the community and have incorporated it in the EIP. Rather than removing Ethereum surface area entirely, preventing dapps from even knowing a visitor has a dapp browser installed, the proposal now continues to expose a read-only provider. When a dapp detects the read-only provider, it can request access to the full provider by calling ethereum.enable(). This maintains a narrow fingerprinting surface while still allowing dapps to craft smooth onboarding flows.

Mock support for EIP 1102 is now available in 4.12. We encourage dapp developers to test their sites against these changes before they go live! You can reach out to us on Github with any questions.

EIP 747: Watch Asset

MetaMask now supports EIP 747, which defines a way for sites to suggest an asset to their users’ wallet to track. A dapp can simply call wallet_watchAsset() and pass a token’s details — if the user’s wallet also supports EIP 747, the wallet will add the token to the user’s list!

One API call, and a user gets an easy-to-read confirmation screen. No complicated instructions. No pull requests to centralized repositories.

Once your extension has updated to 4.12, you can try the feature using this sample dapp, then check the code to implement for your own token!

This is the second step in a larger effort to make token management via MetaMask simpler than ever. Version 4.9 added token auto-detection, which works for tokens tracked in our eth-contract-metadata repo. For other tokens, or for dapp developers who don’t know what wallet their user has, this EIP is great news. We could even use the same pattern in the future to suggest alternate networks to the user, as discussed in this post.

Ledger Hardware Support

MetaMask 4.12 now supports Ledger hardware wallets! If you have a Ledger, you can now connect it to MetaMask and use it to sign transactions across the web. From the top-right menu, click “Connect Hardware Wallet,” follow a couple easy steps, and you’re ready to go.

Once your Ledger is connected, you’ll be able to sign transactions, sign messages, and check your Ledger accounts’ ETH or token balance — all without your private keys ever leaving your Ledger. Read more here. If you don’t have a Ledger yet, you can buy one here and support MetaMask!

Other progress in the extension

  • We’ve heard reports of MetaMask taking up too much CPU. 4.12 includes a fix for some long-standing memory leaks that should have a big impact on the extension’s performance! (#5228)
  • On the Send screen, the hex data field is no longer shown by default, but can be optionally displayed via a toggle in extension settings. (#5091)
  • A community member has increased the gas adjustment click area — we love when folks engage us over their personal pain points! (#5264)
  • When you copy an address from the extension home screen, MetaMask will now copy a checksummed addresses. (#5255)
  • If a transaction fails, hovering over the FAILED pill will now show the error behind the failure. (#5223)
  • The extension will clear old unused seed words if you close your browser during onboarding. (#5229)
  • We’ve fixed some issues with account removal for hardware wallets. (#5112)

Hiring update

MetaMask is hiring! We’re looking for talented folks to join a unique and forward-looking team. Apply online to any of the roles listed below, or email communications@metamask.io to learn more.

That’s all for now! Stay foxy ~

In the past month…

✅ 65 PRs merged
🛠 216 commits
💫 125 Github issues closed, 68 opened
💥 16k lines of code added and 8k deleted.