Several outlets and crypto programmers have pointed out for a year or more that MetaMask, by default, broadcasts your Ethereum public key (address) to websites you visit. The assumption is that this is a privacy vulnerability – most sites have no need for such information, after all.
I question this logic. Public addresses are public for a reason. Indeed, the information should only be available on request, which is why MetaMask created privacy mode. However, the actual next web – the blockchain-enabled internet – is going to require wallets like MetaMask, Shutter, and TronLink.
More and more websites are going to have uses for the data these extensions can provide. Public keys can be used for more than just sending money. Signatures can be granted. Do you know how you grant all those sits permission to store cookies by clicking a button? Compare that to a cryptographically secure signature, in a legal sense.