Hi everyone. My name is Paul Bouchon and I recently joined the MetaMask team.
MetaMask and most other tools that provide access to Ethereum-enabled environments do so automatically and without user consent. This exposes users of such environments to fingerprinting attacks since untrusted websites can check for a provider object and reliably identify Ethereum-enabled clients.
This proposal outlines a new dapp initialization strategy in which websites request access to an Ethereum provider API instead of relying on its preexistence in a given environment. Feedback welcome and encouraged!
Related to Web3 Providers for the Future