Venmo gets more private—but it’s still not fully safe
Venmo, the popular mobile payment service, has redesigned its app. This is normally news that you can safely ignore, but this announcement is worth a closer look. Along with making some navigation changes and adding new shopping protections, the PayPal-owned platform is finally shutting down its global social feed, where the app posted transactions from people around the world. It’s an important step towards solving one of the most important privacy concerns in the app world, but the job isn’t done yet.
Venmo’s Global Feed has been a source of voyeuristic information about the financial habits of complete strangers for years. The feed does not display amounts for a given transaction, but emoji names and notes and likes are included. Tapping on a name takes you to that user’s profile, and an enterprising go-getter (or worse) could pretty quickly create a small folder of that person’s friends, hobbies, and whatever else they’ve put in the feed. – without, perhaps, realizing to what extent this information can be public. In the time it took to write these paragraphs, relatives redeemed themselves for Phillies bills, someone made a payment for “liquid gold 😍”, more than a group of roommates split their Internet bill.
Visibility of Venmo transactions and other user data has been criticized for years by privacy advocates and consumers. “This commitment to this strange piece of business, this corporate DNA, of a social payment app is a huge handicap,” said Gennie Gebhart, director of activism at the Electronic Frontier Foundation, a group of digital rights. “It is not a catastrophe that waits to happen, it is a catastrophe that has already happened so many times to so many people.”
The most recent and high-profile example of where this opening can go wrong came in May, when a team of Buzzfeed reporters found President Joe Biden’s Venmo account, along with those of his family and of close friends, simply by searching in the app. It took them 10 minutes.
Back in the day, even though your transaction history was locked, your friends list was a fair game for everyone. Which, again, seems a bit unwise for an app built around the often sensitive business of sending and receiving money. Two weeks after the Buzzfeed report, however, Venmo added new privacy controls, allowing you to make your contact list on the app private for the first time.
Suppressing the Global Stream expands this work by making it increasingly difficult to spy on complete strangers. Soon, the social element of the app will be limited to what your Venmo contacts are doing. “This change allows customers to connect and share meaningful moments and experiences with the people who matter most,” the company said in a blog post announcing the overhaul. While this certainly counts as progress, privacy advocates believe it doesn’t go far enough.
“Venmo finally understands that maximum advertising on a financial app is a terrible idea,” says Kaili Lambe, campaign manager at the Mozilla Foundation, a nonprofit focused on the openness and accessibility of the Internet. “However, from the start, we asked Venmo to be private by default, as many Venmo users don’t really know their transactions are public to the world.”
After Venmo’s impending overhaul, the only feed will be your Friends List transactions.
A spokesperson for Venmo said the company has no plans at this time to consider making these transactions private by default. This means that users will always have to do everything possible to ensure that every peer-to-peer transaction is not broadcast to the world. It is difficult to see the benefit of maintaining the status quo.
“You think of a lot of very sensitive use cases,” says Gebhart. “You think of therapists, you think of sex workers. You think of the President of the United States. It doesn’t take a lot of imagination to imagine places where these flaws could go wrong and cause real harm to real people.
The implications of Venmo’s public default stance unfolded beyond the discovery of Biden’s account. In 2018, privacy advocate and designer Hang Do Thi Duc used Venmo’s public API to sort through nearly 208 million transactions on the platform, putting together alarming and detailed portraits of five users based solely on their activity in the application. The following year, programmer Dan Salmon wrote a 20-line Python script that allowed him to collect millions of Venmo payments within weeks.
Venmo has since placed restrictions on how quickly you can access transaction data through the public API, but Salmon says the company hasn’t gone far enough. “Venmo basically had a firehose that I could connect to for transaction data,” he says. “Now that it’s cut, the transactions are still there; it will just take a few more steps to get them. He says it would take about an hour of work to build a new scraping tool.
“At Venmo, we regularly evaluate our technical protocols as part of our commitment to platform security and the continuous improvement of the Venmo experience for our customers. Scratching Venmo is a violation of our Terms of Service, and we are actively working to limit and block activity that violates these policies, ”Venmo spokesperson Jaymie Sinlao wrote in an emailed statement. “We continue to allow selective access to our existing APIs for approved developers to continue to innovate and build on the Venmo platform.”
Venmo is far from the only app that lets you opt out of sharing rather than actively seeking it out. But because its use case is exclusively financial, the stakes are much higher, and the hypothesis of its users potentially misplaced. Venmo hasn’t made it particularly easy for users to share or not share; in 2018, it struck a deal with the federal trade commissions related in part to its confusing privacy settings.
“Anecdotally, people are very surprised to find that a financial services application is public by default,” says Lambe of the Mozilla Foundation. “Even people who have used Venmo for years may not know their settings are public.”
To make sure yours doesn’t go ahead, go to Settings> Privacy and select Private. Then tap Past Transactions, then tap Change All to Private to retroactively lock things. And while you’re at it, go ahead and tap on Friends List, then Private and turn off Appear in other users’ friends list. Otherwise, you’re sharing the digital equivalent of your credit card purchases with everyone you know, and lots of people you don’t know. Or consider using something like Square’s Cash App instead, which is private by default.
The loss of the global feed is an important step towards privacy for Venmo and its users. Hopefully more steps are still to come.
This story originally appeared on wired.com.