Let’s cut through the crypto/Web3/blockchain buzz noise for a minute. There’s an aspect to this new technology that lies at the heart of why people get really excited and say things about “the power of crypto” and “the promise of the technology” and “freedom.” That aspect? Self-custody.

Ok that was a bit anticlimactic, I’ll admit. This is going to be one of the mildly technical explainers. But hear me out, it’s a good one:

Who owns your Facebook account? What about all the information you keep on your “free” Google account? Who owns your bank account?

With the first two examples, it would be sufficient to say that you kind of own your account, inasmuch as you have no reasonable right to the privacy of the information in your account. 

What about the third one? Without going into the morass that is banking and financial regulation, so long as you don’t run afoul of the law, the contents of your account may be yours, but who controls the access to it? Who do you rely on to keep it safe, and to make it available to you?

The simple answer, of course, is “the banks”. And that means you’re trusting a whole chain of parties to be ethical, to behave in a lawful manner, for the laws, in fact, to be written in a way that looks out for your best interests. You’re trusting that your password is kept secret; you’re trusting the bank’s cybersecurity practices to ensure that the balances in your account are never tampered with.

In all of these cases, it’s common to refer to those parties —those who keep your data safe for you —as the custodians of your accounts. That sounds nice, because it sounds like they’re looking out for you, but another way of phrasing it would be that they have custody of your account, which if you think about it, means: you don’t have custody of your account.

Who owns your Ethereum account? Whoever knows the private key. Full stop.

The security of the Ethereum network is based on a type of mathematical encryption called elliptical curve cryptography that is currently uncrackable and, barring the advent of meaningful advances in quantum computing, will remain so. What MetaMask is designed to do is to give you access to that cryptography, and allow you to use it to interact with blockchain-connected apps.

What does this mean for you? It means that you are the keeper of your keys. You are the custodian of your account. That doesn’t mean that you have to run a server and keep your crypto wallet running on the network or anything like that; but it does mean:

  • MetaMask doesn't store any data about your wallet. Everything you see is in your browser or your mobile app at a local level. 

  • There are no email addresses associated with accounts

  • There is only a Secret Recovery Phrase that is given once and cannot be changed or reset

  • No one can log into your wallet “on the back end” and access it

  • If you give your Secret Recovery Phrase to anyone, your entire wallet should be considered compromised, and you should transfer your assets to a new wallet as soon as possible

  • The blockchain is secure, but your computer may not be. If you hold value that’s significant to you in a wallet that’s connected to the Internet (such as MetaMask), you should consider using a hardware wallet.

Do all crypto-wallets give you custody of your keys?

Decidedly not. New wallet projects are constantly appearing and changing, so making a list wouldn’t help very much, but if you’re interested in trying out a wallet, there are certain key words to look out for. If the wallet or platform identifies itself as a “Centralized Exchange” (CEX), it’s probably a custodial platform (they keep your keys). If they request you go through a KYC/AML (Know Your Client/Anti-Money Laundering) process, they may be custodial. 

It should be noted that, for some people, a custodial solution may be what they’re looking for. In fact, there are business use cases that require the ability to monitor and approve expenses or funds movements made by others. This is why Consensys has launched MetaMask Institutional, for those who want the best of both worlds —the reliability, power, and unrivaled access to DeFi offered by MetaMask, paired with the ability to back up keys and manage permissions on a team of crypto asset managers.

So… Is self-custody of your accounts better?

We think so. It may sound like a small, weird technical thing but think about it: all these services that offer things “for free,” what’s their profit model? Selling our data. Influencing the content we see. Literally changing the flow of information and the way we interact in order to ensure profitability. Using the blockchain isn’t free, but it is open, transparent, and egalitarian: everyone pays their way, and everyone owns their data.

So come see what we’re building in Web3, and remember: never, ever, ever give your Secret Recovery Phrase to anyone, especially if they say they’re trying to help you.