Thus, any advertisement, or tracker can detect MetaMask users’ Ethereum addresses through them and potentially link the address to users’ browsing activity – compromising anonymity. Despite that MetaMask has a built-in “privacy mode” that could stop this from happening, that needs to be manually activated by the user. If it isn’t enabled, it sends websites what are known as “message broadcasts.”
The user who created the GitHub issue wrote:
“It sacrifices the privacy of everyone in the system because sites like Amazon, Google, PayPal, and others can link your blockchain transactions to credit card payments, thereby your identity, and the identity of the last person you transacted with – a person who wants to remain anonymous.”
Lead developer Dan FINLAY revealed enabling privacy mode by default could damage dApps that rely on Ethereum address requests made without it. He explained that they haven’t enabled this by default, because it would break previous dapp behavior.
Image courtesy of Ethereum World News