metamask extension | store user privacy approach
Metamask® Login Powered By GitBook Effortlessly manage your MetaMask wallet: Access via extension icon, view balances, send/receive Ethereum securely, explore
Last updated
Metamask® Login Powered By GitBook Effortlessly manage your MetaMask wallet: Access via extension icon, view balances, send/receive Ethereum securely, explore
Last updated
User configurations are stored on MetaMask servers, encrypted with a specially generated key only the user owns. Nobody other than the user can read the configurations. When you login, we create a client-side key by getting the hash that results from applying your account's signature to a given message. This means the key is deterministic: that is, the result of this signature will always be the same when the same account signs the same message. We use this key to perform client-side encryption of all your user configurations before sending them to MetaMask servers. In this context, MetaMask is merely storage, and cannot read who is using the service, nor the content of the configurations, since everything is encrypted client-side. When needed, the encrypted information can be decrypted on another client when the same person logs into their MetaMask from another device. We are also actively working with the ecosystem to explore opportunities to decentralize the user configuration storage in the future.
We store preferences and configurations, which can include, for example, your public address, currency, favorite tokens, interface settings, or address book. We don’t store, transfer, or backup your private key or Secret Recovery Phrase, both of which are only accessible to you.
We monitor blockchains for you and send you push notifications when something relevant happens to your addresses, like receiving tokens, NFTs, or unstaking. Different from the user configuration service, which only hosts data encrypted client-side, the notifications service needs to save unencrypted versions of the monitored addresses on the server side. To ensure that multiple addresses cannot be attributed to the same person, our servers save the notifications tasks “untied” to the users they belong to. This means that the link between the AccountIDs and the addresses is only stored client-side.