LOGO_CRYPTO_SIGHT

Metamask Broadcasts ETH Addresses to Users’ Visited Websites, GitHub Exposed

| 25-Th3-2019

On March 20, GitHub revealed that Metamask, a leading Ethereum (ETH) browser extension, broadcasted the ETH addresses to all websites in its default settings.

Metamask, an extension of Brave browser compatible with Mozilla Firefox, Google Chrome and Opera, allows you to run Ethereum dApps right in your browser without running a full Ethereum node. According to the GitHub, Metamask not only shows all ETH addresses to the visited websites in default settings, but also links the ETH to other windows.

This can expose the privacy of user information to potential attacks by the DApps privacy, such as DApp Spankchain and health DApps hacked porn recently.

Not only the website administrators but also so-called trackers such as Facebook like or share buttons, Twitter retweet buttons can fingerprint the browser. Eventually, “these message broadcasts will significantly decrease the value of ETH over the long-term,” he expected.

Despite that, Dan Miller, one of Metamask developers argued that private mode could prevent the responses of the users. However, ConsenSys software developer Daniel Finlay agreed about the extension’s privacy improvement. He also responded that: “We definitely reject all your claims that this is some weird malicious act on our part. That would be the craziest move we could ever make on a totally open source crypto project.”

Back to last November, Metamask announced an updated mobile software version. However, it was affected with a malware on Google Play and removed from store in February.

Tags: , , ,

Comments