NOTE: This article is a contribution and do not necessarily represent the views of IBTimes.
Freepik.com
IP address leakage is a real concern. Freepik.com

Privacy is a prerequisite for freedom, security, and effective decentralization. But it’s often overlooked and under-discussed in the web3 space. Without privacy, all our financial transactions are subject to tampering, and our identities can be used for nefarious purposes with potential for real-world harm. In crypto, transactions and identity converge around the most basic crypto tool: the wallet. And with wallets, the web3 community has a major privacy issue on their hands.

With more than 21 million monthly active users, Metamask is most users’ gateway to crypto and DeFi. But Metamask wallets, as well as wallets on most other blockchains, leak huge amounts of personal data under the hood, including IP addresses and details of crypto holdings – even about addresses or holdings not directly involved in the current transaction, and even if that transaction is never sent to the blockchain! This is due to how wallets communicate with RPC (remote procedure call) providers and endpoints – the services which allow communication between wallets and crypto services like decentralized exchanges, DeFi platforms and NFT marketplaces.

IP address leakage is a real concern, as this can provide questionable actors with private data from users, enabling them to create profiles of users and link them to other stored activity, both on and offline. This isn’t just some vague risk: Web2 companies have long been in the business of packaging private data and selling it to the highest bidder, often to marketers with sophisticated algorithms. It would be naive to assume that web3 companies couldn’t also take blockchain-based financial data, connect it to real-world identities, and re-package it for organizations or individuals. Raising awareness and persuading the web3 community to take this problem seriously is as crucial as developing a set of technical solutions to this deeply technical problem.

Your Secret Wallet is Not So Secret…

Wallet linkability is a more technical issue, but it will come as a huge shock to most crypto users.

Since it’s free to create a new crypto address, most crypto users have multiple addresses for different purposes. It’s not uncommon for people to have a main wallet, another for connecting to exchanges, another for NFTs, etc. This is probably one of the most common steps crypto users take to protect their privacy, and many go to great lengths to ensure these wallets never interact on chain, thanks to the notoriety of firms like Chainalysis who use publicly available blockchain data to link people to particular wallet addresses.

However, Metamask routinely shares ALL of a users’ addresses, when communicating with RPC providers, even though only one address will be involved in the transaction. For anyone attempting to have financial privacy, wallet linkability is a major issue.

And when wallet linkability and IP address leaks are combined – as they are in a huge number of the most popular crypto services – it’s a real privacy nightmare.
So what can be done? HOPR, a Swiss data privacy and crypto company, is currently working to raise awareness of web3-related privacy issues as they develop a protocol that can solve many pressing technical problems like wallet linkability. To understand the depth of this problem, HOPR’s DERP tool demonstrates the ease with which users can broadcast the links between their wallets each time they open a Metamask wallet. HOPR’s DERP medium article explains: “ as soon as you start up Metamask, it sends an ethCall request to an RPC endpoint so it knows how many tokens to show you in the UI. This request contains all of your addresses, one after the other, even if you’re only interested in using one.” Not only does the RPC provider, whether it be a decentralized exchange or a DeFi application, gain access to all of your wallet addresses, but also your IP address, as well as browser and operating system information.

Depending on how these data and metadata are secured, users are vulnerable to the RPC provider being hacked or simply giving or selling this private information to a potentially malicious third party.

DERP_Metadatat_Linkability
Careless configuration of crypto services can leak huge amounts of revealing wallet data. HOPR

HOPR’s mixnet protocol, with cover traffic functionality, would solve many of these issues. HOPR is a fully decentralized, trustless platform that guarantees complete privacy during the exchange of information online. The network is maintained through HOPR nodes and a fully incentivized system where those who stake can earn tokens. Although web3 has a wallet problem for now, HOPR, as well as a functional node and reliable VPN, can provide the security and privacy the cryptocurrency space so desperately needs.