Starting on December 3rd, 2019 we started rolling out MetaMask version 7.7.0 on the extension. We normally release to a small set of users to first to test the waters and in this case 20% of Chrome users received the update when we were notified of a behavior that was confusing many users.
This change had to do with a MetaMask feature we first described in August as EIP 2255: Web3 Wallet Permissions. This feature will allow users to select any account when signing into a site, keeping that account signed in, and allowing the user to stay logged into different sites with different accounts simultaneously.
This also means that websites will only have access to accounts that the user explicitly grants, rather then whatever account the user happens to have selected at the time. We have been excited to roll this out, because it’s some of the strongest privacy enforcement we’ve ever shipped, and of course, it paves the way for our coming extensibility.
Unfortunately, there were some oversights in our initial implementation that made for a rough user experience. In particular, users were surprised to find that switching an account did not reveal the new account to a site they were on, which was causing undue support burden on dapp developers.
Fortunately, we had some very quick community feedback that this was causing pain, and this quick feedback allowed us to identify the shortcomings in the new version quickly, and identify several possible improvements, too!
Our Response
In response, we rolled back the change in 7.7.0.1, which is now our current Chrome release, so no action is required on anyone’s part at the moment.
We’ve identified several improvements that we can implement before pushing this feature out again, which we expect to maintain an intuitive experience for our users, while adding this valuable security feature for users. All of these are still proposals, and open to community feedback:
- Allow users to select multiple accounts when connecting to a site.
- Ask users when switching accounts whether they’d like to connect to the current site.
- Make it easier and more obvious to disconnect an account from a site.
- Indicate when viewing an account whether or not it is connected with the current site.
In combination, we expect this to result in sites continuing to work as usual when unchanged, but with extra privacy benefits to users and the option of multi-account interactions for dapps.
Please be advised to ensure this feature is properly tested and validated, the release of this could be as late as January 2020. The scheduled EIP 1193 breaking change will happen no less than 6 weeks after that release, some time later in 2020. This is to guarantee a release candidate that receives feedback from most of those who were affected by this breaking change and others.
If you wish to follow this issue and want to participate in early testing, or provide insight or suggestions, you can do so here.
Conclusion
We’re grateful to our enthusiastic community for their early concerns and ideas for improvement, and look forward to delivering these enhancements in a greatly improved way.
