Privacy and centralization have always been thorny issues at the heart of cryptography, but they are often relegated to theoretical debates. That changed this week with the revelation of a very real privacy issue at the heart of the most fundamental cryptographic tool: the wallet.

US-based crypto giant ConsenSys updated their privacy policy, revealing that Metamask, the most popular wallet for EVM chains, collects user IP addresses when users access the service through RPC provider Infura. (Both Metamask and Infura are owned by ConsenSys, a potential centralization issue in its own right.)

Users were shocked and took to social media to voice their concerns. The collection of IP addresses appears to go against the fundamental cryptographic principles of pseudonymization and freedom. With these IP addresses, ConsenSys can theoretically profile and identify its users and also censor future transactions. This has been a growing concern in DeFi with the increasing dominance of blocks generated using Flashbots’ MEV-boost service, which automatically censors non-OFAC compliant transactions.

RPC and wallet providers were eager to roll this framework back. While they freely admit to temporarily collecting users’ IP addresses and other data to process RPC requests, they claim that this is an essential and unavoidable part of providing their services.

RPC providers like Infura provide a vital infrastructure service that most cryptocurrency users don’t even think about: handling the remote procedure calls that allow web3 services to access the essential blockchain data they need. to operate. The queries are routed to the RPC nodes, and then the response is routed back to the original user. Like almost all other interactions on the Internet, this is facilitated by IP addresses: The IP address shows where the request originated from, so the RPC provider knows where to send the response.

Bottom line: ConsenSys understands the problem, but claims there is no other option. And while they admit the use of this data, they agree not to abuse it.

To their credit, there is no evidence of data misuse. But does that mean that cryptocurrency users have to settle for this explanation? After all, Crypto is not supposed to be trusted. There’s another way?

Creating a private Ethereum RPC provider

The Swiss privacy project HOPR thinks so, and they have already created a solution. While most cryptocurrency users heard about this IP address issue for the first time this week, HOPR has been trying to raise awareness of this exact issue for almost a year now, creating various tools to try and get it to the attention of cryptocurrency users. people about the privacy issues that currently pervade web3. . As early as January of this year, HOPR was using its PRSP tool to highlight these very issues, showing exactly how much data you send to RPC providers every time you use a wallet or other crypto service.

These tools aren’t just designed to cast shade. HOPR has been building a solution to this very problem in the form of RPCh, the first private decentralized RPC service. Using RPCh, RPC calls would be sent over HOPR’s decentralized incentivized mixed network, restoring user privacy.

RPCh can be easily integrated with existing RPC wallets and infrastructure such as Infura. When a transaction is sent over the RPC, the RPC provider still sees an IP address (they’re right that this is critical to how the internet works) but crucially, it would NOT be the IP address of the original user. Instead, it would be the IP address of a PRC exit node. That node would then route the response to the original user. No one on this chain can see the full picture of what’s going on, so everyone’s privacy is preserved.

A new private crypto infrastructure

This is not only good for users. Wallet and RPC providers also benefit. Metamask, Infura, and vendors like them are almost certainly honest in their intentions. But since data collection is NOT their business model, it actually benefits them to see as little user data as possible. Data that is not monetized is simply an additional cost and liability, with the risk of hacking, leaks, and external pressure to disclose it to third parties.

To their credit, Metamask seems to fully understand this problem. They have been collaborating with HOPR for a few months to integrate privacy options directly into their wallet, including the first UX crypto hackathon to devise ways to make privacy clear and simple for users.

RPCh is still in development, but multi-wallet integrations are underway and actual transactions have already been sent privately through RPCh as a proof of concept.

Full integration is still some way off, but it looks like a promising new approach to bringing true privacy to crypto wallets. Fortunately, both the users and the wallets themselves seem to be on board.

Being an active participant in the Blockchain world, I always look forward to participating in opportunities where I can share my love of digital transformation.

The content presented may include the personal opinion of the author and is subject to market conditions. Do your market research before investing in cryptocurrency. The author or publication has no responsibility for your personal financial loss.