Updated Jul 22, 2018 - Technology

The big picture: Venmo's privacy policy exposes users' transactions

Woman with a $100 bill covering her eyes.

Illustration: Rebecca Zisser/Axios

A data expert sifted through 200 million Venmo transactions, from drug deals, to eating habits and arguments, to show the payment app lacks default privacy protections, the Guardian reports.

Why it matters: Venmo is seen as an informal millennial app that connects friends with likes and emojis on payments. Regardless, Venmo still shows the financial spending habits of millions of users, the Electronic Privacy Information Center’s Christine Bannon tells Axios. The data was still available even after Venmo's creator PayPal settled from charges with the Federal Trade Commission in February when Venmo misrepresented the extent of their privacy policy in users' bank account transfers.

How it works: A Berlin-based researcher Hang Do Thi Duc, accessed the data through a public application programming interface, and was able to see the names of every user who hadn’t changed those default settings to private, along with the dates of every transaction and the message sent with the payment. She created a website of her findings to raise awareness among people who think and regularly say "I have nothing to hide," she said.

The default for transactions when a user signs up to the app is public, so anyone, even non-friends, on the internet can see. Private settings are available within the app, but it's not clearly highlighted during the sign-up process.

By the numbers:

  • Together, 91% Americans "agree" or "strongly agree" that people have lost control over how personal information is collected and used by all kinds of entities, per a Pew Research Center study.
  • People who share their Venmo transactions publicly: 18,429,464 users
  • Users with Facebook IDs: 1,731,783
  • Public Venmo transactions: 207,984,218
  • Popular emojis from transactions include: 🏡💸 for rent, 🚕 for Uber, 🍺 and 🍾.
  • Bonus: The word "pizza" or 🍕 is the most common referenced item on Venmo, which had almost 3 million transactions last year.

Someone else created a Twitter bot, as a joke, that uses the data to tweet names and transactions related to possible drug deals on Venmo. Developers using the data highlights the misalignment between user expectations and what’s able to be done with that data.

  • "I found it hard to believe that people who are allegedly dealing drug deals know it's that public," Bannon said.

A Venmo spokeswoman told The Guardian the "safety and privacy" of its users is "one of our highest priorities."

"Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously. Like on other social networks, Venmo users can choose what they want to share on the Venmo public feed."

The bottom line: Lack of transparency in privacy policies is not uncommon in apps, marketing or social media sites. Different apps have different policies that allow them know various pieces of users' lives.

Go deeper