Metamask, the top browser extension for Ethereum (ETH) is reported by GitHub to have broadcast Ethereum addresses by default to every website a customer visits. This report was published on the 20th of March.
Featured initially in Brave browser, Metamask is an extension compatible with Opera, Chrome and Mozilla Firefox that allows users to visit Ethereum blockchain enabled websites and decentralized apps.
According to the GitHub report, this extension is broadcasting ETH addresses of its users to visited websites, which are expressed as data objects in broadcasts instead of window objects.
This can be used for identification of the customers and hinder the use of Metamask by decentralized applications sensitive to privacy.
In addition to granting the administration of recently visited website access to data on the customers’ Metamask address, this also makes access to them trackers, like the share and like buttons on Facebook and other social websites that are used to fingerprint browsers.
The user who generated the report also stated to GitHub that they believe these broadcasts will lead to a significant reduction in the ETH value in the long run.
Dan Miller, the Developer at Metamask fought back in his discussion with GitHub, stating that this issue can be dealt with easily by switching on the private mode. However, the user responded to this in the report by stating that this does not provide a solution to the problem.
Daniel Finlay is reported to have conceded to the gravity of the situation and acknowledged the need to improve the privacy of the extension. A mobile version of Metamask’s software was announced towards the end of last year but has not been yet launched.
