Uniswap New Privacy Policy Is Worrying
Uniswap has released a new privacy policy. It contains worrying information that the exchange collects data about users' crypto wallets.
Uniswap is one of the giants of the crypto industry. It was founded by Hayden Adams in 2018. The company's main product, the Uniswap protocol, is a decentralized protocol for swapping various tokens. The Uniswap protocol is integrated into more than 300 different dApps, including such industry giants as Coinmarketcap, Metamask, Coinbase Wallet, MakerDAO, OpenSea and others.
We recently wrote about the release of two new smart contracts from Uniswap Labs: Permit2 and Universal Router. And today we will discuss the new privacy policy of Uniswap.
On November 11, a message appeared on the Uniswap blog, in which a new privacy policy was introduced. The release of the new privacy policy was accompanied by assurances on the security and confidentiality of user data. But, the crypto community is concerned about the fact that Uniswap collects data about users' crypto wallets. This, by the way, is not mentioned in the release.
“What data do we collect and why? Our first priority is to protect user data and privacy, but we do want to make data-driven decisions that improve user experience. That includes public on-chain data and limited off-chain data like device type, browser version, etc. Because Uniswap Labs does not collect personal data, any vendors we work with do not have any personal data either. Uniswap does not share your data with any third parties for marketing purposes.”
After the publication of the new privacy policy, many Twitter users became wary of the fact that Uniswap collects data about users' crypto wallets.
But, what is written in the privacy policy? What kind of wallet data does Uniswap collect? Should users be wary of Uniswap products after the privacy policy update? Let's turn to the document and start with the most worrisome – the crypto wallet data.
According to the new privacy policy, Uniswap collects publicly available blockchain information about the user, including wallet addresses and information about wallets, which is associated with illegal activities, received from “other sources”.
“When you connect your non-custodial blockchain wallet to the Services, we collect and log your publicly-available blockchain address to learn more about your use of the Services and to screen your wallet for any prior illicit activity. We screen your wallet using intelligence provided by leading blockchain analytics providers. <…> We may receive information about your wallet address or transactions made through the Services from our service providers in order to comply with our legal obligations and prevent the use of our Services in connection with fraudulent or other illicit activities.”
Also, the new privacy policy suggests that Uniswap can share information about wallets with various third parties.
“We may share your information with our service providers and vendors to assist us in providing, delivering, and improving the Services. For example, we may share your wallet address with service providers like Infura and Cloudflare to provide technical infrastructure services, your wallet address with blockchain analytics providers to detect, prevent, and mitigate financial crime and other illicit or harmful activities, and your activity on our social media pages with our analytics provider to learn more about you interact with us and the Services.”
But, the crypto community has paid attention not only to collecting information about crypto wallets, but also to collecting other important data such as “information from local storage, mobile DeviceID, cookies, web beacons, and other similar technologies to provide and personalize the Services and features of the Services.” Information about gathering this data has also alerted the community.
Uniswap receives data from open sources, or from sources such as Chainalysis Reactor, as well as data collected by all large companies such as Google or Amazon. Yes, this is data gathering, it can even be called spying. But, most likely this is necessary so that Uniswap can provide more targeted services to each user. In addition, don't forget that everything is subject to hacking. This means that a potential hacking of Uniswap can lead to a leak of data that attackers can use for their own purposes.
Infura and Metamask, both owned by ConsenSys, also updated their privacy policies on November 23. This immediately attracted attention of the users that are concerned about their need to collect user IP and wallet addresses.
Whether to use Uniswap and Metamask now or not is up to users now. And we continue to observe how the industry transforms.