Is Venmo’s Default Privacy Setting Exposing Users To Harm?

Is Venmo’s Default Privacy Setting Exposing Users To Harm?

The debate over whether social networks should enable privacy settings by default should have ended long ago. While so-called “opt-out” options may have adverse economic effects on some businesses, the range of potential consequences for users whose online exchanges are made public without their explicit knowledge is inestimable. As these possible, and in some cases probable, consequences can impact not only an individual’s privacy, but imperil their safety, leaving exposed users who have not demonstrated a clear appreciation and understanding of the implications may be considered reckless.

Not everyone agrees.

PayPal, for example, has determined that most users of its mobile payment system, Venmo, would prefer to have their financial transactions a matter of public record, and that those who do not will act accordingly in their own best interest.

As has been reported, a Berlin-based researcher, Hang Do Thi Duc, acquired nearly 210 million Venmo transactions from 2017, all of which were accessible via the company’s API. One of the cases highlighted by Do Thi Duc involves a California cannabis retailer who did not understand his transactions could be viewed by anyone. After learning this, he scrambled to changed his privacy settings. Another unhelpful person who acquired the same data as Do Thi Duc went on to create a bot that would automatically tweet out transactions referencing drugs, alcohol, or sex. Thankfully, the bot is now inactive, its prior tweets deleted.

But none of this is an accident, according to PayPal. “Venmo was designed for sharing experiences with your friends in today’s social world, and the newsfeed has always been a big part of this,” a company spokesperson told Gizmodo, asserting that the “safety and privacy” of its users is a “top priority.”

While PayPal might think of Venmo as a kind of social network, it’s not clear users view it the same way. Do Thi Duc’s research is by no means exhaustive, at least in its presentation. (Only five examples of users are offered.) To add in just a bit more context, I polled eight of my newsroom colleagues who use Venmo. You can take this limited sampling for what it is:

  • Five out of eight coworkers were unaware their Venmo transactions could be accessed and downloaded by anyone using the app’s API.

  • Two worn-down (or wise) coworkers said they assume everything they do online is public.

  • Only two coworkers were directly aware transactions were visible to anyone. One only got around to modifying his privacy settings after uncomfortable scrutiny.

PayPal notes that only transactions between users, and not those which are used to pay for goods and services, are public. It also says that it is “very clear in each payment what audience it is being shared with,” and that it has taken steps in recent years to make this distinction more prominent. More recently, the company has taken new steps to inform Venmo users on how to choose their preferred level of privacy. The latest version of its app, for example, includes a pop-up privacy tutorial. Moreover, users can retroactively limit the visibility of payments by altering the privacy settings on previous transactions.

So Venmo has taken numerous steps to flag privacy settings as something worth reviewing, to give users the ability to choose what to share and when to share it. Importantly, it has provided them with the means to hide transactions they deem sensitive. It has at least offered users the ability to educate themselves on how to control their privacy in a highly visible way, i.e., by offering a beginner’s tutorial that must be purposely dismissed as opposed to burying it somewhere at the bottom of the app.

But is it enough?

The answer is no. Even if one assumes that nearly every user understands that their transactions may be visible on the network itself, it seems very few are aware their entire payment history can be easily downloaded by virtually anyone.

What’s more, most users are unlikely to comprehend what kind of story they are telling about themselves via their payment history, and that outside observers (spouses, bosses, the police, etc.) may reach inaccurate conclusions about them based on some nebulous transaction. The consequences of being exposed by default are, in other words, unforeseeable.

“I doubt that most Venmo users realise that their transactions can be seen by the entire internet, not just their friends,” Jeremy Gillula, tech policy director for the Electronic Frontier Foundation, told Gizmodo. “Sharing sensitive information like payments should have been opt-in from the start.”

Regardless of Venmo’s sweeping efforts to educate its users about privacy and offer them the tools to ensure it, there will be mistakes and, in some cases, the ramifications can and will be devastating. As one example of this, Gillula shared a story about a medical practitioner who had inadvertently jeopardized confidentiality of their patients. The therapist, he said, didn’t realise that payments from clients were publicly visible until damage has been done.

“So I don’t really buy Venmo’s response,” he said.

“Many users won’t realise just how sensitive this information can be until it’s too late,” added Gillula. “As a platform entrusted with this sensitive information, Venmo has an obligation to its users to ensure that their information is protected, not published for all to see.”