MetaMask reveals your Ethereum address to sites you visit, here’s how to hide it


There’s a setting that popular Ethereum ETH service MetaMask doesn’t enable by default, and its putting users‘ privacy at risk.

MetaMask works as a gateway to decentralized apps (dapps) running on Ethereum’s blockchain. It’s a browser extension that seeks to simplify the use of cryptocurrency, which tends to intimidate unfamiliar users. It’s one of the most popular apps of its kind, boasting over a million installs on Chrome.

The company built a new “privacy mode” last year, designed to keep users from unintentionally broadcasting their Ethereum addresses to sites they visit while MetaMask is in use; these signals are known as “message broadcasts.”

Ethereum addresses are unique identifiers

A community member recently raised concerns over MetaMask’s “message broadcasts.” They detailed how (without privacy mode enabled) Ethereum addresses are detectable by “any advertisement, or tracker” while the user browses the web.

“[…] It sacrifices the privacy of everyone in the system because sites like Amazon, Google, PayPal, and others can link your blockchain transactions to credit card payments, thereby your identity, and the identity of the last person you transacted with – a person who wants to remain anonymous,” he wrote.

Hard Fork recreated the suggested method to see this in action. We installed a fresh version of MetaMask on a machine that had never used it before, and initiated a new Ethereum address.