If you haven’t made your Venmo transactions private yet, do so now.
Payments app reveals massive amount of private details about users’ lives by default, report published tuesday show. The project, created by Berlin-based coder and privacy researcher Hang Do Thi Duc, looked at 207,984,218 public transactions posted on Venmo in 2017.
She discovered that she was able to paint detailed pictures of users’ lives based on publicly available information. “Many of the products we use every day make it harder than it should be to protect our privacy, our most personal information,” she said. “When it comes to money, privacy by design is of greater importance and higher demand.”
Venmo, which is owned by Paypal PYPL,
, makes transactions visible on a public feed by default, unless users change their preferences to make them visible only to friends or only to both parties involved in a transaction. The amount of money users spent is not publicly visible, but the visible text, emojis and timestamps on transactions speak volumes, Do Thi Duc said. Venmo said MarketWatch users have control over how much they share on the app.
“The security and privacy of Venmo users and their information is one of our highest priorities,” a spokesperson said. “Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously.”
Do Thi Duc detailed the life stories and personal habits of several users with data gleaned from its analysis. In one instance, she was able to determine that two users who frequently transacted with each other were a married couple. They had a car and a dog that they had recently taken to the vet. They shop weekly at Walmart WMT,
They pay off a loan and get utilities from San Diego Gas & Electric. They most often order pizza at the restaurant.
Another Venmo user she followed sells food from a cart on a University of California campus. She was able to see over 8,000 public person transactions over the year and saw that elote (a corn dish) was the most popular. A couple she followed frequently argued and threatened to break up through Venmo transactions, using confrontational captions such as “You don’t love me” and “I’m waiting for sugar daddy.”
Ethereum co-founder: Blockchain-based wallet could end banks’ need
Venmo’s public application programming interface (API) allows anyone to view public transactions, and it has been criticized in the past for privacy concerns. A project called Vicemo displays public payments with references to drugs, sex and alcohol in a continuous stream. The app has also been used by advanced users to find out if a romantic partner is cheating or if an ex-boyfriend is seeing someone new.
These transactions are not only visible to the public, they are also used by marketers. Venmo states in its privacy policy that it shares user data “for day-to-day business purposes, for marketing purposes, for joint marketing with other companies”. Venmo also shares “information about your transactions and experiences” with its affiliates.
Venmo’s default public function was investigated by the Federal Trade Commission, which in 2017 accused Venmo of “misleading” users into having to change two separate privacy settings to make their transactions completely private. The company has reached an agreement with the FTC. A company spokesperson previously told MarketWatch that users now have three options to control who can see their payments.
It should be easier to make these changes, Do Thi Duc said, and it’s up to Venmo to address these privacy issues rather than relying on users to change settings themselves.
“I think it could be designed better,” she said. “Why include all this information, when the only interesting part is the message? If you as a company really care about your users and their privacy, you would be asking these kinds of questions.
A spokesperson for Venmo told The Guardian newspaper that user safety was the top priority. “Like other social networks, Venmo users can choose what they want to share on Venmo’s public feed,” she said.
To make your Venmo account private, go to “Settings” and click “Privacy”. Under the privacy setting, users can select the default privacy setting for all future payments to “private”. There is also an option to make all past transactions private. Mark Weinstein, founder and CEO of privacy-focused social media platform MeWe, suggests making these changes or scrapping the app altogether.
“With just a little spying, anyone can find out what you’re up to on Venmo — and that’s really scary,” he said. “It certainly comes as a shock when you find out that your sale or purchase of corn on the cob – or illegal purchase of anything else – and everything else, is public.”
