Why You Should Make Venmo Payments Private (Updated)

News
By published

Updated, 7/30/2018, 10am PT:

Mozilla has started an email campaign urging its subscribers to sign a petition to Venmo "to change their defaults to private and send a message to other financial institutions looking at Venmo that there are consequences to not taking privacy seriously." Mozilla said Venmo has already quietly restricted access to its bulk API, but argued that more needs to be done to make sure financial transactions are private.

Original article, 7/18/2018, 11:22am PT:

If capitalism has taught us anything, it's that your identity is hopelessly entangled with how you spend your money. A researcher named Hang Do Thi Duc has discovered that this sentiment is particularly true on Venmo, because the PayPal-owned payment service's decision to make transactions public by default has revealed a surprising amount of information about some of its 7 million users, likely without their knowledge.

Venmo is essentially cash for the smartphone age. People use it to send others money, shop at certain stores, pay their rent and conduct other common monetary transactions. The primary difference is that they don't have to make a trip to the ATM or hope someone has a credit card machine. Transferring money through Venmo is like sending a message--and many transactions do indeed use text messages as receipts.

Do Thi Duc used Venmo's public API to access hundreds of thousands of transactions. The result offered quite detailed glimpses into people's lives--Do Thi Duc was able to track when a drug dealer brought on an employee, for example, or eavesdrop on a romantic couple's messages. In many cases, someone could also use this information to determine Venmo users' ethnicities, spending habits on the platform and general location.

Anyone can access this information because although Venmo offers options to make payments visible to only your Venmo friends or participating parties, default settings make payments public. It seems many users haven't taken the extra step to make their payments private.

Do Thi Duc said 207,984,218 transactions were carried out on the Venmo platform in 2017. She analyzed all of these payments to peer into the lives of five Venmo users and summarized their stories in a website called Public By Default. The effect is surreal; it's all too easy to fill in the blanks about someone's life based solely on their Venmo transactions. (And that's even after Do Thi Duc redacted some of the information, such as the users' last names or their Facebook IDs, in an attempt to preserve what remains of their privacy.)

This doesn't technically qualify as a leak. Do Thi Duc used a long-running API to access information that's been available to developers for years. But the research--and its presentation on the Public By Default website--makes it clear just how much people can learn about Venmo users. It's often problematic when any user activity is public by default, but showing a portion of people's financial history makes this all the worse.

Do Thi Duc offered a quick guide to updating Venmo's privacy settings to disable this kind of information exposure on the Public By Default site. The good news is that this setting is retroactively applied to previous transactions, too, so it's not too late to hide some of your more embarrassing (or incriminating) spending. Just remember to make sure a company isn't exposing your data the next time you use a new service.

TOPICS
Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

More about cyber security

Microsoft makes passkeys the default authentication method for all new accounts

Crosswalks in Silicon Valley hacked to play satirical messages from Musk and Zuckerberg sound-a-likes

A new TikTok challenge has kids attempting to short-circuit school-issued Chromebooks
See more latest
10 Comments Comment from the forums
  • TJ Hooker
    Why is this even an option, let alone the default?
    Reply
  • why_wolf
    yeah similar feeling. Why would anything on a payment platform ever be public facing?
    Reply
  • Godloki
    I feel like the majority of the comments ever left on there are inside jokes. I don't know how seriously people take the commenting...
    Reply
  • derekullo
    If Starbucks ever figured out that I went to Starbucks at least once a week they could ... send me more coupons?

    Also it is highly doubtful that the actual items being bought would be listed.

    "VenezuelanCarGod1965 sold 10 kilograms of "white powdery" to John Smith, 123 Legal Lane Alabama

    or

    VenezuelanCarGod1965 recruited John Smith, 123 Legal Lane Alabama for aerial drug smuggling operations in Columbia"

    ^ Would be hilarious though.
    Reply
  • It takes an extra step to retroactively apply the privacy setting.
    First change your current privacy setting, then go to Past Transactions (in the settings/privacy section) and do it again.
    Reply
  • USAFRet
    21153301 said:
    Why is this even an option, let alone the default?

    Not merely the default, but that is the whole reason behind Venmo.
    Buy stuff, transfer money and brag about it.

    Yes, some people are that foolish.
    Reply
  • Kenneth Hans
    After a year of using Venmo to transfer money back and forth with my daughter, I was banned from the app. The only info I was given was I had conducted 'unauthorized activity'. Seriously, our transactions were simple and transparent and the same every time. They would not communicate with me any further to resolve this. Oh well, Apply Pay to save the day.
    Reply
  • Jeff Fx
    21153301 said:
    Why is this even an option, let alone the default?

    Maybe because social media has taught young people to share everything.
    Reply
  • hellwig
    21153301 said:
    Why is this even an option, let alone the default?

    Facebook's problem is convincing advertisers that the information they gather truly reflects the purchasing habits of its users. Venmo is actually showing transactions, places and times you have actually purchased something. Link that with a Facebook ID, and you have an incredible insight into a potential customer.

    Imagine showing an ad for a product on a persons Facebook page, and seeing that 30 minutes later they make a related purchase. That's feedback few advertisers get for real-world purchases.

    Oh, and anyone thinking Venmo's features are for the users is probably not fully understanding how today's internet works. If the service is free, someone is making money off the information you give them.
    Reply
  • alan_rave
    Good luck, Mozilla. Venmo has at least to offer an option - sell your data and get % from $ that Venmo receives from advertisers)
    Reply
Most Popular
laptop on fire
A new TikTok challenge has kids attempting to short-circuit school-issued Chromebooks
Gigabyte
Gigabyte's pressurized thermal pads lower SSD temperatures in M.2 slots by up to 12C
IBM
Apple reportedly readies Baltra processors for AI servers
Seagate office building in Fremont, CA
Seagate on track for 100TB HDDs by 2030 — claims current top drive will triple in capacity in 5 years
SMIC
China's premier chipmaker SMIC faces chip yield woes as equipment maintenance and validation efforts stall
Noctua NM-IMB8 offset mounting bars for Arrow Lake
Noctua NH-D15 G2 gains offset mounting bars for Arrow Lake CPUs to optimize cooling performance
RISC-V Laptop
RISC-V makes its way into DeepComputing's $349 AI PC
Arm
Lenovo's in-house Arm chip could rival Qualcomm and MediaTek, spotted in Yoga Pad Pro 2-in-1 convertible
Nvidia Hopper H100 die shot
Nvidia readies cut-down HGX H20 GPU for China to comply with export control rules
Lego Brick construction
LegoGPT creates Lego designs using AI and text inputs — tool now available for free to the public