With the recent hype around the Metaverse and NFTs, Web3 is getting more and more popular. The goal of Web3 is to decentralize the web via decentralized applications. Wallets play a crucial role as they act as an interface between these applications and the user. Wallets such as MetaMask are being used by millions of users nowadays. Unfortunately, Web3 is often advertised as more secure and private. However, decentralized applications as well as wallets are based on traditional technologies, which are not designed with privacy of users in mind. In this paper, we analyze the privacy implications that Web3 technologies such as decentralized applications and wallets have on users. To this end, we build a framework that measures exposure of wallet information. First, we study whether information about installed wallets is being used to track users online. We analyze the top 100K websites and find evidence of 1,325 websites running scripts that probe whether users have wallets installed in their browser. Second, we measure whether decentralized applications and wallets leak the user's unique wallet address to third-parties. We intercept the traffic of 616 decentralized applications and 100 wallets and find over 2000 leaks across 211 applications and more than 300 leaks across 13 wallets. Our study shows that Web3 poses a threat to users' privacy and requires new designs towards more privacy-aware wallet architectures.

翻译：随着近期元宇宙和NFT的热潮，Web3正日益流行。Web3的目标是通过去中心化应用程序实现网络去中心化。钱包作为这些应用与用户之间的接口，发挥着关键作用。如今，诸如MetaMask之类的钱包已被数百万用户使用。不幸的是，Web3常被宣传为更安全、更私密，但去中心化应用和钱包均基于未考虑用户隐私的传统技术。本文分析了Web3技术（如去中心化应用和钱包）对用户隐私的影响。为此，我们构建了一个衡量钱包信息暴露程度的框架。首先，我们研究已安装钱包的信息是否被用于在线追踪用户。通过分析前10万个网站，我们发现1325个网站运行了探测用户浏览器中是否安装了钱包的脚本。其次，我们测量去中心化应用和钱包是否将用户的唯一钱包地址泄露给第三方。我们截获了616个去中心化应用和100个钱包的流量，发现211个应用存在超过2000次泄露，13个钱包存在300余次泄露。研究表明，Web3对用户隐私构成威胁，需要设计更注重隐私感知的钱包架构。