At a glance: Metamask reveals the ETH addresses of all visited sites

User GitHub under the name projectoblio reported the problem with the most popular browser extension Metamask. As the author describes, the extension sends information about the user ETH-addresses of all visited sites. And it’s not even a bug, but a feature that is enabled by default. Feature can easily lead to disclosure of identity of the user, so that the extension can not be combined with the confidential nature of cryptocurrencies and decentralized applications.

To obtain information about the ETH-addresses of visitors can not only site administrators but also the function of sharing on Facebook, Twitter and other social networks presented on the pages of this website. As an example of the possible consequences the author gives hacking Spankchain and other Dapps.

In response to the theme developer Dan Miller was advised to resolve the problem enabling private mode. However, the author of the commit was denied this opportunity. In turn, the developer ConsenSys and in particular Metamask Daniel Finley confirmed that the privacy mode should be included by default. This in General would improve the level of privacy extensions, and browser. However, he drew particular attention to the transparency of the project.

Of any malware the speech did not go. Just privacy mode is disabled by default. Otherwise it would be the most reckless act that anyone can commit in cryptoprocta open source.

Metamask is a browser extension Brave, also compatible Mozilla Firefox, Google Chrome and Opera. It allows users to interact with decentralized applications on the Ethereum.

More data look at cryptodata. For courses Ethereum and other coins easy to see in this beautiful rating. Inside capitalization, graphics, and other delights.

Subscribe to our channel in the Telegram. Carefully recheck the programs I use!

Leave a Reply

Your email address will not be published. Required fields are marked *