Getty Images
Venmo, the popular mobile payment service, has redesigned its app. That’s normally news you can safely ignore, but this announcement is worth checking out. In addition to making some navigation tweaks and adding new purchase protections, the PayPal platform is finally shutting down its global social feed, where the app published transactions from people around the world. It’s an important step toward solving one of the most prominent privacy issues in the world of apps, but the work isn’t done yet.
Venmo’s global feed has been a source of voyeuristic insights into the financial habits of complete strangers for years. The feed does not display amounts for any given transaction, but names and notes, emoji and likes are included. Tapping on a name takes you to that user’s profile, and an enterprising busybody (or worse) can pretty quickly build up a little file of that person’s friends, their hobbies, and anything else they’re in the stream slipped through – perhaps without realizing how public that information could be. In the time it took to write these paragraphs, family members paid each other for Phillies tickets, someone made a payment for “liquid gold 😍,” more than one set of roommates split their internet bill.
The visibility of Venmo transactions and other user data has been criticized by privacy and consumer advocates for years. “This dedication to this weird part of the business, this corporate DNA, of a social payment app is a huge liability,” said Gennie Gebhart, director of activism at the Electronic Frontier Foundation, a digital rights group. “It’s not a disaster waiting to happen, it’s a disaster that has happened so many times to so many people.”
The most recent and high-profile example of where that openness can go wrong was in May, when a team of Buzzfeed reporters found President Joe Biden’s Venmo account, along with those of his family and close friends, by simply browsing the app to search. It took them 10 minutes.
At that time, even if your transaction history was locked, your friends list was available for anyone to find. Which, again, seems a little unwise for an app built around the often sensitive business of sending and receiving money. However, two weeks after the Buzzfeed report, Venmo added new privacy controls, allowing you to make your contacts list private in the app for the first time.
The global feed removal expands that work by making it increasingly difficult to spy on total strangers. Soon the social element of the app will be limited to what your Venmo contacts are up to. “This change allows customers to connect and share meaningful moments and experiences with the people who matter most,” the company said in a blog post announcing the redesign. While it’s certainly progress, privacy advocates believe it doesn’t go far enough.
“Venmo is finally getting the message that maximum publicity on a financial app is a terrible idea,” said Kaili Lambe, senior campaigner at the Mozilla Foundation, a nonprofit organization focused on openness and accessibility of the Internet. “However, from the beginning, we called for Venmo to be private by default because so many Venmo users are unaware that their transactions are public to the world.”
After Venmo’s upcoming redesign, the only feed will be that of transactions from your friends list. Venmo
A spokesperson for Venmo said the company currently has no plans to consider making those transactions private by default. That means users will still have to go out of their way to ensure that not every peer-to-peer transaction is broadcast to the world. It’s hard to see the benefit of maintaining the status quo.
“You come up with a lot of really sensitive use cases,” says Gebhart. “You think about therapists, you think about sex workers. You think of the President of the United States. It doesn’t take great imagination to imagine places where these flaws can go horribly wrong and cause real harm to real people.”
The implications of Venmo’s public default stance extended beyond the discovery of Biden’s account. In 2018, privacy attorney and designer Hang Do Thi Duc used Venmo’s public API to search nearly 208 million transactions on the platform, compiling alarmingly detailed portraits of five users based solely on their activity on the app. The following year, programmer Dan Salmon wrote a 20-line Python script that earned him millions of Venmo payments in a matter of weeks.
Venmo has since imposed restrictions on the speed at which you can access transaction data through its public API, but according to Salmon, the company hasn’t gone far enough. “Venmo actually had a fire hose that let me connect to transactional data,” he says. “Now that that’s been cut off, the trades are still there; it only takes a few more steps to retrieve them. He says it would take about an hour’s work to build a new scraper tool.
“At Venmo, we routinely review our technical protocols as part of our commitment to platform security and continuously improving the Venmo experience for our customers. The removal of Venmo is a violation of our terms of service and we are actively working to limit and block any activity that violates this policy,” Venmo spokesperson Jaymie Sinlao wrote in an emailed statement. “We will continue to enable select access to our existing APIs for approved developers to continue innovating and building on the Venmo platform.”
Venmo is far from the only app that lets you opt out of sharing instead of actively seeking it out. But because the use case is solely financial, the stakes are significantly higher and the users’ assumption may be misplaced. Venmo hasn’t made it particularly easy for users to find out what they are or aren’t sharing; in 2018, it reached a settlement with the Federal Trade Commissions, in part because of its confusing privacy settings.
“Anecdotally, people are very surprised that a financial services app is public by default,” says Lambe of the Mozilla Foundation. “Even people who have been using Venmo for years may not know that their settings are public.”
To make sure yours doesn’t go through, go to Settings > Privacy and select Private. Then tap Past Transactions and tap Change All to Private to retroactively lock things down. And while you’re at it, go ahead and tap Friends list, then tap Private and uncheck Show up in other users’ friends list. Otherwise, you’re sharing the digital equivalent of your credit card purchases with everyone you know, and many people you don’t. Or consider using something like Square’s Cash app instead, which is private by default.
Losing the global feed is an important step towards privacy for Venmo and its users. Hopefully more steps will follow.
This story originally appeared on wired.com.