Most wallets that connect to the Internet track your IP address. This is often for bugs reports, statistics, and other uses. They'll store your IP address, and that could be logged and recovered in the future. And if you're using an offline wallet, it probably connects to an online service or RPC that does track you.

So before you vilify Metamask/Infura and promote other wallets you think are safe, just realize that it's extremely common. Now whether it's a bad thing really depends on you.

Most dApps, web3 sites, and CEXs already track you, and you've probably given away your IP address many times already. If you need to hide your tracks, you should've used a VPN that doesn't store your IP address in the first place. It's already too late.

Wallets that track IP

Loopring

Complies with the law and tracks IP

https://loopring.io/#/document/privacy_en.md

We will not share your information with third parties except to provide you with our services and products, to comply with the law or to protect our rights.

(c) Device information: We will collect the relevant information of your device using our services, including device ID, version information of the mobile device operating system, mobile device platform type (iOS or Android), phone language, channel information (e.g., GooglePlay, Apple App Store), IP address in order to provide statistical analysis services, and calibrate the accuracy of report data through geographic location to provide basic anti-fraud function.

Gamestop

Tracks IP, GPS, and lots of device info: https://decrypt.co/101133/gamestop-rolls-out-metamask-like-ethereum-wallet-to-support-nft-marketplace

https://wallet.gamestop.com/privacy

TrustWallet

Tracks IP: https://trustwallet.com/privacy-policy/

Ledger Live

Tracks IP, click actions: https://www.ledger.com/privacy-policy

Guarda

Tracks IP: https://guarda.com/privacy-policy/

Metamask

Some (likely most) RPCs track IP, including the default Infura RPC for Ethereum mainnet

Electrum

Electrum connects to ~10 servers at a time, and they see your IP address. Chances are at least one of them is tracking it.

Wallets that mostly do not track IP

Exodus

Not normally tracked. Is tracked when using the in-wallet exchange feature: https://support.exodus.com/article/138-what-information-does-exodus-have-access-to

MyEtherWallet

Does not track IP as far as I can tell unless you visit their site: https://www.myetherwallet.com/privacy-policy

Unknown

SafePal

Collects IP address when visiting the website. Unknown about the app.

Trezor Suite

Website doesn't say

Consensys, the company that owns MetaMask, just updated its Privacy Policy and fromw now on when you use Infura as your default RPC provider in MetaMask, Infura will collect your IP address and your Ethereum wallet address when you send a transaction.

https://preview.redd.it/iatycyfj0v1a1.png?width=690&format=png&auto=webp&s=7ebfd3259625126728be5fe9621071ceb87b1110

Options:

Sataying with Metamask:

-If you want to continue using Metamask, you can change your RPC provider. Alchemy is a good option, and you can find a tutorial here. Another option is to change your RPC to "http://localhost:8545"

Ditching Metamask:

Ther's always the option to switch wallets. You can try other popular wallets like TrustWallet or rainbow.me There are other popular options like Rabby, or Coinbase Wallet, but I can't vouch for them as I haven't tried them.

When using DeFi no one should be tracked. Stay safe frens

Hi everyone,

after the FTX meltdown I lost a lot of my money. This is bad and I still feel very bad about it. Haven’t recovered fully yet.

But even worse is the fact that my ID, address, name, passport etc. is in the hands of criminals now.

Therefore I am looking for a way to buy and own crypto without ever providing personal information anymore. Isn’t this one of the ideas of crypto anyway..?

So yes, this is the question: is there a way to buy crypto without providing any personal information? How? Where?

Thanks!

The question is in the title. I actually am not against KYC/AML procedures per se, i find them useful to fight money laundering and criminality but what i am worried about is that my data now might be leaked due to the bankruptcy of a company like FTX?

Maybe i’m just not informed enough to know how the company is storing the data. It seems they are using some sort of 3rd party company to conduct the verification process and the data is stored with them? But i couldn’t find out any information on this at all.

Can anyone ELi5 what is happening with my data und where it is actually stored?

Decentralized identities are a buzzword now, and there are several projects that have come up with on-chain identities. DIDs are great in that they authenticate your identity while concealing your personal information. However, not many people choose privacy and readily share their email addresses when asked for them. That's why WhatsApp is popular, while privacy-preserving communication channels are not. If given the chance, will you choose privacy?

https://coinmarketcap.com/community/articles/39494

So, like many of you recently, I’ve decided to get a hardware wallet, and I’m trying to solve the puzzle of how to safely store my seed phrase. It seems wise to have it in at least two places, one in a safe in my house, but I’m reluctant to store the other in a safe deposit box and don’t know where to put the second copy. An alternative option I thought of was to hide it in plain sight by creating several identical documents where the 24 words were imbedded in a text, and a simple key was used to recover those words from the text (say a long poem or essay where every 37th word was one of the seed words). That way I’d have multiple copies of it and all I’d have to remember was the number 37 to retrieve it. Another option I’ve heard of is to find a common book and find each of my seed phrase’s 24 words in that book, write down which page, line, and word placement for each word, and distribute that key in multiple locations. That way, the key would be meaningless to anyone who saw it, unless they knew what book the key was referencing. I wouldn’t hold the book personally, but when I needed to recover the seed phrase, I’d just go to my local bookstore or library and use my key to decode the phrase. Might be very time consuming to locate those 24 words in a single book, though. Thoughts?

If an acquaintance, for whom money is less of an object, offers to lend me x amount, and they want to transfer the money directly to my paradex account, requiring my paradex wallet address, would my paradex wallet become vulnerable to them deciding to take their money, my money, and any earnings? Or can I still keep it secure to ensure that I am not being scammed?

The person in question is a fairly new acquaintance and has helped me make a few hundred dollars recently, but I have not been able to fully verify their identity. There are various potential red flags, but if I can keep my own money secure, I am interested to see if we can form a mutually beneficial relationship.

The news just keeps piling up people.

Massive breach of privacy, a fair launch platform, a DAO with KYC requirement (the hell?) just doxxed their users to the world. I don’t see why anyone would work with them again. Releasing private info on your customers is illegal on numerous countries, not to mention immoral..

Sorry they made you mad, but that is not the correct way to handle the situation at all. We reached a new level of stupidity.

https://nitter.net/cryptogle/status/1591542182346997767

Looking for some input from people with more technical knowledge than me on the matter.

An important feature of both Reddit and crypto is anonymity and pneudonimity. As such, many people in the sphere take their privacy seriously, and may not want their Reddit account to be directly connected to their identity. But with the rise in interest in NFTs and especially the recent release of Collectible Avatars, I wonder if some potential issues could arise on that front.

Most people bought Collectible Avatars from the store using their credit card, or are trading avatars on OpenSea using KYCd crypto, from accounts that they probably also use for their non-Reddit crypto transactions. Given the transparency and immutability of the blockchain, doesn't that pose the risk of breaching the privacy, or even doxxing user's Reddit usage and transaction history from the exchange in the case of a databreach, or in the hands of skillful hackers? If not, what are some possible risks?

Shouldn't privacy-conserned users be using anonymous payment methods like Play Store gift cards on the store, and using ATM bought crypto to trade Avatars, or is that overkill? If it's overkill, what are some sensible measures to maintain privacy?

Thank you for your input guys

https://twitter.com/FractalEncrypt/status/1590004511015571456?t=eLWegj8lVVmMEoRazRGStw&s=19

This one takes the cake. From multiple angles, this the most caricaturized microcosm of the problems plaguing surveillance coins. But okay, from the beginning ...

This dude found an error on Silk Road, and was able to keep withdrawing the same funds repeatedly, and lifted 50k BTC off Ross Ulbrict. Like a good maxi, hodled almost all of it. Even dumped his BCH.

Predictably, he failed (refused?) to wash it through Monero.

Then in 2019, he sent a (separate) stash of 118 BTC to a KYC exchange. In the txn, he received back [get this] 0.07 to a change address. Unfortunately, that UTXO was associated with the Silk Road coins he lifted.

Billions of dollars, gone. Months in jail. Over a 0.07 in transaction change.

This guy wasn't some newb. He's been in it since the beginning. No doubt this maxi knew about security, UTXO managment, etc. Point is, if this guy can't get it right, neither can 99.99% of everyone else.

In response to this story, I saw someone say:

It probably would've taken years to wash it with Monero

Which is literally what everyone says every single time this happens. So let's break this down, a bit. Let's see how ludicrous this notion is.

So these stories are a dime a dozen now: Tens/hundreds of hackers out there over the past decade, each with 10,000 or more BTC, who then get pwned years after the fact. Despite having billions of dollars and a made life, decide that they don't want to endure the slippage of getting into XMR.

Imagine if they had done the right thing (not just morally, but just to save their own asses) ... Imagine if they had dropped even 10% of those funds into XMR, and accepted the price slippage. What kind of social attention (hype), marketcap, additional investment, and of course volumes that the collective action of these hundreds of individuals would have caused by moving that much BTC into XMR.

Together, they would literally have created the market and conditions for Monero; which would have largely solved literally the only real problem that they had. Which of course is: don't get fucking caught.

But no. They're always like, "There's not enough muhnero liquidity to wash my funds. I guess I'll just keep messing around in Bitcoin, eventually fuck up, and go to prison instead."

They had the opportunity to do something truly good for the world, get Monero the attention and price it deserves. They even had the opportunity to save their own ass by just converting to XMR over the years, accepting the slippage, and calling it a day. The 2018/19 bear market was a perfect opportunity for them. It still is a perfect opportunity even now.