MetaMask Collects Privacy: The "Decentralization" of Web3 Is Not So Wonderful
Currently, the trade-off between decentralization and centralization in Web3 is more about balancing from a practical perspective.Original Title: "Little Fox Collects Privacy Exposing that Web3's 'Decentralization' Isn't So Beautiful?"
Author: Terry, Plain Language Blockchain
Recently, the centralization discourse surrounding Web3 products has once again become a hot topic. First, the blockchain development platform Alchemy updated its privacy policy in October, stating that it may automatically collect personal information such as IP addresses, user settings, MAC addresses, cookie identifiers, mobile carriers, browser or device information, location information, and internet service providers, and may also obtain user personal information through third-party services and organizations.
On November 23, the Ethereum infrastructure development company ConsenSys (the developer behind MetaMask and Infura) also updated its privacy policy, stating that when users use Infura as the default RPC in MetaMask, it will collect the corresponding IP address and ETH address when users send transactions.
For such seemingly not-so-decentralized and Web3 matters, it seems we must reevaluate the truths of "centralization" that are not so "decentralized" in the Web3 world, which seem to have been overlooked.
01 The Elephant in the Room Behind MetaMask: Infura
According to ConsenSys's explanation, if users use their own Ethereum nodes or third-party RPC (Remote Procedure Call) providers, then Infura and MetaMask will not collect users' IP addresses or ETH addresses, meaning whether privacy data is collected will specifically depend on the RPC provider used by the user.
Almost all crypto users are aware of and use the decentralized wallet nicknamed "Little Fox," which is considered an indispensable infrastructure for Web3, but few users know that the Infura service that underlies MetaMask is essentially centralized.
Moreover, almost all Ethereum DApps are also reliant on this "centralized" Infura. So what exactly is Infura?
Infura is an IaaS (Infrastructure as a Service) product, which can be simply understood as a blockchain node API service provider—its purpose is to lower the barrier to accessing Ethereum data, allowing DApps to quickly connect to Ethereum without needing to run a local Ethereum node to access blockchain data.
While project teams can deploy full nodes themselves, the costs are high, and most people would not choose to set up nodes.
At the same time, Infura allows developers to build DApps without having to operate their own Ethereum nodes to access blockchain data, instead using the services provided by Infura.
Thus, in the process of communicating with blockchain nodes, DApps gain a highly available and scalable blockchain API by using Infura, providing developers with a way to connect to the Ethereum network without running full nodes, allowing direct access to the blockchain network.
According to data from Infura's official website, almost all mainstream DApps are currently using Infura services, and there have been multiple instances of Infura outages causing MetaMask outages, highlighting the current over-reliance of the Ethereum DApp ecosystem on Infura.
In fact, as early as March this year, a user expressed on social media that they could not use the MetaMask wallet in Venezuela, later discovering that it was due to issues with the API service provider Infura.
This exposes the single point risk of Infura—although Infura plays a significant role in the stable development of the Ethereum network, if any unexpected risks (such as political issues, war, or failures) occur, the Ethereum network may face centralization risks.
02 The Not-So-"Decentralized" Truth of "Centralization"
In today's crypto industry and Web3 world, there are many "Web3 infrastructures" and project events with centralization risk points that often go unnoticed, hiding the not-so-"decentralized" truth of "centralization."
DAI's Overreliance on USDC
As a stablecoin primarily labeled as "decentralized," DAI itself is an excellent example of a not-so-"decentralized" "centralization."
Everyone knows that backed by Coinbase and Circle, USDC has always been positioned as the most compliant "centralized" dollar stablecoin, attempting to become the main medium connecting the traditional financial world with the crypto world, helping traditional funds enjoy DeFi services in a compliant and convenient manner.
Between these two representatives of "decentralized stablecoins" and "centralized stablecoins," there is an interesting nesting doll:
Dai Stats data shows that as of December 1, 44.7% of DAI's own collateral is USDC, meaning that 44.7% of DAI's issuance reserves are supported by USDC.
This is also the result of DAI significantly reducing its reliance on USDC this year, as previously, USDC's backing of DAI was as high as two-thirds, which not only indicates USDC's crucial position in the stablecoin landscape but also highlights the quality dilemma of the underlying asset collateral of DAI's collateralized stablecoins.
Lido's Dominance
Currently, the staking volume on the Ethereum beacon chain has surpassed 15.39 million ETH, accounting for over 12.5% of the total circulating ETH. Based on current market calculations, the total value of staked ETH on the beacon chain is nearly $16 billion.
According to BTC.com data, among this $16 billion in ETH, Lido ranks first in Ethereum staking, with nearly 4.6 million ETH staked, accounting for 29.68%, followed by Coinbase (13.14%), Kraken (7.75%), and Binance (6.39%).
This means that Lido alone currently occupies nearly one-third of the ETH staking market share, dominating the market more than the sum of the last four.
03 Decentralized Web3 Discourse
Of course, from certain perspectives, complete decentralization is like a double-edged sword. In the wallet space, the most commonly said phrase is "the private key is the asset." As long as you have the private key, it grants each of us "sacred and inviolable financial rights"—no matter whether it is traditional financial institutions like banks or key players in the crypto field like miners, they cannot move the crypto assets controlled by our private keys.
But at the same time, "the private key is the asset" also brings an extremely high threshold for promoting the incremental growth of crypto assets, not only with cognitive barriers but also with preservation risks (forgetting or losing the private key).
In fact, at present, the trade-off between decentralization and centralization in Web3 is more about balancing from a practical perspective, after all, the centralization issues of infrastructure like Infura have no immediate solution.
In addition to the impact at the technical application level, regulatory factors cannot be ignored. In August this year, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) issued sanctions against Tornado Cash, prohibiting U.S. citizens from using it.
This has made Tornado Cash the center of debate in the crypto world and triggered a series of discussions and butterfly effects in the DeFi and the entire Web3 industry, even being seen as a watershed moment for DeFi regulation, with dYdX even banning accounts related to Tornado Cash funding sources.
From a data perspective, this ban has also significantly impacted Tornado Cash: since the U.S. Treasury announced the sanctions, $260 million in assets have been withdrawn from the protocol, reducing the protocol's fund volume by 65%.
Recently, with the FTX incident, the industry's distrust of centralized exchanges and institutions has intensified, and decentralized products have once again received attention.
04 Conclusion
In the past 20 years, infrastructure construction has indeed been astonishing. The internet and networks have now become a part of the lives of 4.6 billion people. Although users may not care much about whether the products and services they use are completely decentralized, whoever can develop easier-to-use services will attract people, even if the service does not reach the level of decentralization, such as the power of "Google/Baidu it."
Now Web3 is trying to challenge this status quo by establishing distributed networks based on open protocols, allowing network users to participate while having control.
But "the servers of decentralized networks are centralized," "the underlying assets of decentralized stablecoins are centralized stablecoins," these almost ironic paradoxes reflect a question: Should the current Web3 world strive further towards decentralization, or should we demystify "decentralization"? Feel free to discuss in the comments.
