Venmo privacy flaw reveals users’ sensitive info

By

The website Public by Default highlights the weak privacy of Venmo.
The website Public by Default highlights the weak privacy of Venmo.
Photo: Hang Do Thi Duc

Companies don’t always succeed at keeping user data private, but Venmo doesn’t even seem to be trying. This service that allows users to make payments to individuals or merchants has the privacy for transactions set to public by default. 

A researcher found that with very little effort she could track the purchases made by most of the 7 million active Venmo users. That includes everyone who installed Venmo from the App Store.

Hang Do Thi Duc was so alarmed by what she’d found that she created the website “Public by Default” to show the world how easy spying on Venmo transactions can be.

To make it more personal, the website follows all the transactions made by five people in 2017. One of them is probably a marijuana dealer in Santa Barbara. The names of all his customers are made public by Venmo, though Do Thi Duc doesn’t include them on her website.

This payment service allows users to exchange notes, which are also public. The “Public by Default” website includes exchanges between couples, some happy, some sad.

Venmo privacy fail

Hang Do Thi Duc created her website to convince Venmo and other to do more to protect user privacy. She also uses it as a warning to all of us to check the privacy settings on all the application we use.

“Hopefully companies will one day put user data protection first, either pressured by regulation or by us users. If companies don’t care, I think WE have to take action!” she wrote on her blog.

While Apple takes a strong stance on protecting the privacy of users, there are many applications in the App Store that do not. Venmo is just one example. The business models of both Google and Facebook are to collect as much information about users as possible, and sell that to advertisers.

Venmo privacy fix

The researcher also gives the simple steps Venmo users need to make their transactions private.

Tap the “triple bar” icon in the upper left hand corner of the screen to open the control panel. Then tap on Settings. On that screen, tap on Privacy. Next, change the Default Privacy Settings from Public to Private. And, at the bottom of the screen, tap on Past Transactions so every previous purchase or payment is private,