19 with 16 posters participating
Venmo, the popular mobile payment service, has redesigned its app. That’s normally news you could safely ignore, but this announcement is worth a closer look. In addition to making some navigational tweaks and adding new purchase protections, the PayPal-owned platform is finally shutting down its global social feed, where the app published transactions from people around the world. It’s an important step toward resolving one of the most prominent privacy issues in the world of apps, but the work isn’t finished yet.
Venmo’s global feed has for years been a font of voyeuristic insights into the financial habits of total strangers. The feed doesn’t display amounts for a given transaction, but names and notes emoji and likes are included. Tapping on a name brings you to that user’s profile, and an enterprising busybody (or worse) could pretty quickly build a small dossier of that person’s friends, their hobbies, and anything else they’ve slipped into the stream—without, perhaps, realizing how public that info can be. In the time it took to write these paragraphs, relatives reimbursed each other for Phillies tickets, someone made a payment for “liquid gold 😍,” more than one set of roommates split their internet bill.
The visibility of Venmo transactions and other user data has been criticized by privacy and consumer advocates for years. “This commitment to this weird corporate bit, this corporate DNA, of a social payment app is a huge liability,” says Gennie Gebhart, activism director at the Electronic Frontier Foundation, a digital rights group. “It’s not a disaster waiting to happen, it’s a disaster that’s already happened so many times to so many people.”
The most recent and most high-profile instance of where that openness can go wrong came in May, when a team of Buzzfeed reporters found President Joe Biden’s Venmo account, along with those of his family and close friends, simply by searching within the app. It took them 10 minutes.
At the time, even if your transaction history was locked down, your friends list was fair game for anyone to find. Which, again, seems a little unwise for an app built around the often sensitive business of sending and receiving money. Two weeks after the Buzzfeed report, however, Venmo added new privacy controls, letting you make your list of contacts on the app private for the first time.
The removal of the global feed extends that work, by making it incrementally harder to snoop on total strangers. Soon, the social element of the app will be limited to what your Venmo contacts are up to. “This change allows customers to connect and share meaningful moments and experiences with the people who matter most,” the company said in a blog post announcing the redesign. While it certainly counts as progress, privacy advocates believe it doesn’t go far enough.
“Venmo’s finally getting the message that maximum publicity on a financial app is a terrible idea,” says Kaili Lambe, senior campaigner at the Mozilla Foundation, a nonprofit focused on internet openness and accessibility. “However, from the beginning we have been calling on Venmo to be private by default, because so many Venmo users don’t actually know that their transactions are public to the world.”
sort through nearly 208 million transactions on the platform, piecing together alarmingly detailed portraits of five users based only on their activity in the app. The following year, programmer Dan Salmon wrote a 20-line Python script that let him scrape millions of Venmo payments in a matter of weeks.
Venmo has since placed restrictions on the rate at which you can access transaction data through the public API, but Salmon says the company hasn’t gone far enough. “Venmo basically had a firehose I could connect to of transaction data,” he says. “Now that that is cut off, the transactions are still out there; it will just take a few more steps to go get them.” He says it would take about an hour of work to build a new scraping tool.
“At Venmo, we routinely assess our technical protocols as part of our commitment to platform security and continually improving the Venmo experience for our customers. Scraping Venmo is a violation of our terms of service, and we actively work to limit and block activity that violate these policies,” Venmo spokesperson Jaymie Sinlao wrote in an emailed statement. “We continue to enable select access to our existing APIs for approved developers to continue innovating and building upon the Venmo platform.”
Venmo is far from the only app that makes you opt out of sharing rather than actively seeking it out. But because its use case is exclusively financial, the stakes are significantly higher, and the assumption of its users potentially misplaced. Venmo hasn’t made it especially easy for users to figure out what they are or are not sharing; in 2018 it reached a settlement with the Federal Trade Commissions related in part to its confusing privacy settings.