MetaMask & WalletConnect.js

Changing the dapp experience to protect people’s privacy

Last weekend I attended the #WalletConf after EdCon. There were lots of fascinating talks about the future of Ethereum and wallet software.

One of the most important takeaways for me came from Dan Finlay, one of the creators of MetaMask. I want to make sure dapp developers know one thing:

MetaMask plans to phase out the injection of Web3.js

Today, the MetaMask Browser Extension automatically inserts a Javascript file into every single web page you visit. This allows dapp developers to talk to Ethereum via the MetaMask wallet quickly and easily.

Right click on this page, click Inspect Element, and search for Web3 to find it.

There are several drawbacks to the current approach. Most of them circle around users’ privacy. As Dan puts it:

MetaMask currently shows the selected account to each site that is visited. This is not an acceptable privacy feature, and user adoption has escalated the urgency of addressing this issue. It has also been also criticized that the web3 API is visible at all, even to sites a user did not explicitly show it to, since this also provides some identifying information.

We need to shift away from doing this. It will require dapp developers to make changes to their apps. It is best to do this now while the number of daily active dapp users is fewer than a million.

John Backus, from Bloom, even worries that advertisers might be targeting people based on their Ethereum holdings:

I wouldn’t be surprised if some advertisers are already collecting this information. The information is rather easy to collect and has significant use in terms of targeting cryptocurrency holders.

What we need is a system where users can opt in to connect their wallet to the web. That is exactly what the team at MetaMask have been working on: