Short answer: MetaMask shares addresses and transaction requests with sites you connect to, and it sends RPC requests to node providers that can observe metadata (like your IP and the calls you make). Long sentence to explain the chain of custody: when you click "connect" on a dApp, the extension or mobile app exposes the selected account address(es) to that site and then forwards JSON-RPC calls to whichever node provider is configured, which means third parties can correlate activity unless you change the provider or routing.
What MetaMask commonly exposes to a connected site or provider:
eth_requestAccounts).eth_sendTransaction.For a deeper take on connected sites and how to disconnect them see the guide on Disconnect connected sites.
Browsers use an injected provider (the window.ethereum object). Sites cannot get your accounts until you approve a connection (for example via eth_requestAccounts). That approval is explicit. So can a website see your address without asking? Usually no. But sites can still fingerprint your browser and detect the presence of an extension in other ways. (Yes, subtle timing and API checks still reveal information.)
A few practical notes from my experience:
If you want to limit site-level exposure, check the Connected Sites list and remove access when you’re done. See Disconnect connected sites.
Short answer: a node you talk to (HTTP or WebSocket) can see the RPC calls you make and the IP address that made them. So if MetaMask is configured to use a remote RPC or a wss:// endpoint, that server will observe your requests.
Can a dApp "expose your device accounts through websocket MetaMask"? A dApp itself doesn’t open a websocket to your local device via MetaMask. But if you set a custom RPC that uses a websocket endpoint, MetaMask will route requests through that endpoint and the node operator can correlate addresses and IPs. That means persistent websocket subscriptions can make it easier for an operator to log activity over time.
Practical mitigations:
wss:// endpoints for sensitive accounts.Mobile brings extra signals: app analytics, OS-level backups, push deep links, and cell-network IPs. MetaMask mobile also includes an in-app dApp browser, which combines browsing and wallet access in one process (convenient, but higher surface area).
What to check on mobile:
But remember: mobile is the most common daily-use form factor. So balance convenience against the added metadata.
Step-by-step actions I use and recommend (actionable and measurable):
How to revoke a token approval (quick):
Running your own node or using a privacy-focused RPC provider dramatically reduces metadata exposure because you control the endpoint collectors. Session keys and smart-contract wallets (account abstraction) are promising for privacy: they let you use ephemeral keys for day-to-day interactions and reserve the main key for custody. I believe these are the strongest direction for reducing long-term linkability. Read more at Account abstraction & smart contract wallets and Developer RPC and node guide.
If something goes wrong, follow the guide at Compromised wallet: what to do.
Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for everyday use. But they expose metadata and are higher risk for theft than cold storage. Use hot wallets for smaller, active balances and hardware wallets or self-custody cold solutions for large holdings. See Security checklist.
Q: How do I revoke token approvals? A: Use the approvals tool or the revoke guide at Token allowances and revoke. Revoke immediately after risky approvals.
Q: What happens if I lose my phone? A: If you lose a device, assume compromise if the seed phrase or backups were accessible. Restore from your seed phrase on a new device and move funds to a fresh account; then revoke old approvals. See Seed phrase backup & recovery and Compromised wallet: what to do.
Who MetaMask suits: daily DeFi users who want a flexible software wallet with wide dApp compatibility and fast on-device approvals. I use it daily for swaps and connect to L2s.
Who should consider other options: people who need bank-grade privacy or institutional custody should pair MetaMask with hardware wallets, run private nodes, or use alternative custody strategies.
MetaMask is powerful and practical, but it does share identifiable data unless you take steps to limit it. Start with disconnecting unused sites, revoking allowances, and switching to a private RPC if privacy matters to you. And test changes: create a low-value account and measure what public RPCs can see about it.
Read these next: Disconnect connected sites, Token allowances and revoke, and Custom RPC network settings.
If you want a step-by-step checklist to lock down privacy, see Security checklist.
![Connected Sites UI screenshot — placeholder]