Illustration: Rebecca Zisser/Axios

A data expert sifted through 200 million Venmo transactions, from drug deals, to eating habits and arguments, to show the payment app lacks default privacy protections, the Guardian reports.

Why it matters: Venmo is seen as an informal millennial app that connects friends with likes and emojis on payments. Regardless, Venmo still shows the financial spending habits of millions of users, the Electronic Privacy Information Center’s Christine Bannon tells Axios. The data was still available even after Venmo's creator PayPal settled from charges with the Federal Trade Commission in February when Venmo misrepresented the extent of their privacy policy in users' bank account transfers.

How it works: A Berlin-based researcher Hang Do Thi Duc, accessed the data through a public application programming interface, and was able to see the names of every user who hadn’t changed those default settings to private, along with the dates of every transaction and the message sent with the payment. She created a website of her findings to raise awareness among people who think and regularly say "I have nothing to hide," she said.

The default for transactions when a user signs up to the app is public, so anyone, even non-friends, on the internet can see. Private settings are available within the app, but it's not clearly highlighted during the sign-up process.

By the numbers:

  • Together, 91% Americans "agree" or "strongly agree" that people have lost control over how personal information is collected and used by all kinds of entities, per a Pew Research Center study.
  • People who share their Venmo transactions publicly: 18,429,464 users
  • Users with Facebook IDs: 1,731,783
  • Public Venmo transactions: 207,984,218
  • Popular emojis from transactions include: 🏡💸 for rent, 🚕 for Uber, 🍺 and 🍾.
  • Bonus: The word "pizza" or 🍕 is the most common referenced item on Venmo, which had almost 3 million transactions last year.

Someone else created a Twitter bot, as a joke, that uses the data to tweet names and transactions related to possible drug deals on Venmo. Developers using the data highlights the misalignment between user expectations and what’s able to be done with that data.

  • "I found it hard to believe that people who are allegedly dealing drug deals know it's that public," Bannon said.

A Venmo spokeswoman told The Guardian the "safety and privacy" of its users is "one of our highest priorities."

"Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously. Like on other social networks, Venmo users can choose what they want to share on the Venmo public feed."

The bottom line: Lack of transparency in privacy policies is not uncommon in apps, marketing or social media sites. Different apps have different policies that allow them know various pieces of users' lives.

Go deeper

Updated 6 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Chris Christie: Wear a mask "or you may regret it — as I did" — Senate Democrats block vote on McConnell's targeted relief bill.
  2. Business: New state unemployment filings fall.
  3. Economy: Why the stimulus delay isn't a crisis (yet).
  4. Health: FDA approves Gilead's remdesivir as a coronavirus treatment How the pandemic might endMany U.S. deaths were avoidable.
  5. Education: Boston and Chicago send students back home for online learning.
  6. World: Spain and France exceed 1 million cases.
Ina Fried, author of Login
8 mins ago - Technology

Intel shares drop sharply despite mostly solid earnings report

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Shares of Intel fell as much 10% in after-hours trading Thursday — after the company posted quarterly revenue and earnings generally in line with expectations.

Why it matters: The chip giant is a bellwether for the PC industry, and small signs of weakness may be playing an outsize role in spooking investors.

FBI: Russian hacking group stole data after targeting local governments

FBI Headquarters. Photo: Mark Wilson/Getty Images

Energetic Bear, a Russian state-sponsored hacking group, has stolen data from two servers after targeting state and federal government networks in the U.S. since at least September, the FBI and Cybersecurity and Infrastructure Security Agency said on Thursday.

Driving the news: Director of National Intelligence John Ratcliffe announced Wednesday that Iran and Russia had obtained voter registration information that could be used to undermine confidence in the U.S. election system.