Venmo Gets More Private—but It’s Still Not Fully Safe

0

“Venmo’s finally getting the message that maximum publicity on a financial app is a terrible idea,” says Kaili Lambe, senior campaigner at the Mozilla Foundation, a nonprofit focused on internet openness and accessibility. “However, from the beginning we have been calling on Venmo to be private by default, because so many Venmo users don’t actually know that their transactions are public to the world.”

A Venmo spokesperson said the company has no plans at this time to consider making those transactions private by default instead. That means users will still need to go out of their way to make sure their every peer-to-peer transaction isn’t broadcast to the rest of the world. It’s hard to see the benefit of maintaining the status quo. 

“You think of a lot of really sensitive use cases,” says Gebhart. “You think about therapists, you think about sex workers. You think about the president of the United States. It doesn’t take a big imagination to imagine places where these defaults could go horribly wrong and cause real harm to real people.”

Loading...

The implications of Venmo’s public-by-default stance have played out beyond the discovery of Biden’s account. In 2018, privacy advocate and designer Hang Do Thi Duc used Venmo’s public API to sort through nearly 208 million transactions on the platform, piecing together alarmingly detailed portraits of five users based only on their activity in the app. The following year, programmer Dan Salmon wrote 20-line Python script that let him scrape millions of Venmo payments in a matter of weeks.

Venmo has since placed restrictions on the rate at which you can access transaction data through the public API, but Salmon says the company hasn’t gone far enough. “Venmo basically had a firehose I could connect to of transaction data,” he says. “Now that that is cut off, the transactions are still out there; it will just take a few more steps to go get them.” He says it would take about an hour of work to build a new scraping tool.

“At Venmo, we routinely assess our technical protocols as part of our commitment to platform security and continually improving the Venmo experience for our customers. Scraping Venmo is a violation of our terms of service and we actively work to limit and block activity that violate these policies,” Venmo spokesperson Jaymie Sinlao said in an emailed statement. “We continue to enable select access to our existing APIs for approved developers to continue innovating and building upon the Venmo platform.”

Loading...

Venmo is far from the only app that makes you opt out of sharing rather than actively seeking it out. But because its use case is exclusively financial, the stakes are significantly higher, and the assumption of its users potentially misplaced. Venmo itself hasn’t made it especially easy for users to tell what they are or are not sharing; in 2018 it reached a settlement with the Federal Trade Commissions related in part to its confusing privacy settings.

“Anecdotally, people are very surprised to find that a financial services app is public by default,” says the Mozilla Foundation’s Lambe. “Even people who’ve been using Venmo for years might not know that their settings are public.”

To make sure that yours aren’t going forward, head to Settings > Privacy and select Private. Then tap Past Transactions, and tap Change All to Private to lock things down retroactively. And while you’re at it, go ahead and tap Friends List, then tap Private and toggle off Appear in other users’ friends list. Otherwise, you’re sharing the digital equivalent of your credit card purchases with everyone you know, and lots of people you don’t. Or consider using something like Square’s Cash App instead, which is private by default.

Loading...

Losing the global feed is an important step toward privacy for Venmo and its users. Hopefully, more steps are still to come.


More Great WIRED Stories

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

Loading...

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Loading...

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment