Venmo has become more private-but it is still not completely secure


“Venmo finally realized that maximizing publicity on financial applications is a terrible idea,” said Kaili Lambe, a senior activist at the Mozilla Foundation, a non-profit organization focused on Internet openness and accessibility. “However, from the very beginning we have been calling for Venmo to be private by default, because so many Venmo users do not actually know that their transactions are public.”

A spokesperson for Venmo said that the company currently has no plans to consider making these transactions private by default. This means that users still need to make every effort to ensure that each of their peer-to-peer transactions will not be broadcast to the world. It is difficult to see the benefits of maintaining the status quo.

“You will think of a lot of very sensitive use cases,” Gebhart said. “You think of therapists, you think of sex workers. You think of the President of the United States. It doesn’t take much imagination to imagine a place where these default settings can be seriously wrong and cause real harm to real people.”

The impact of Venmo’s public default position has gone beyond the discovery of Biden’s account. In 2018, privacy advocate and designer Hang Do Thi Duc used Venmo’s public API Organize nearly 208 million transactions on the platform, Piece it together Detailed portrait Five users are based solely on their activities in the app. In the second year, programmer Dan Salmon wrote a 20-line Python script, Let him scrape millions of Venmo payments In a few weeks.

Since then, Venmo has restricted the speed of accessing transaction data through public APIs, but Salmon said the company has not done enough. “Venmo basically has a fire hose that I can connect to transaction data,” he said. “Now that this is cut off, the transaction still exists; it only takes a few more steps to get them.” He said it takes about an hour to build a new crawler.

“At Venmo, we will regularly evaluate our technical agreements as part of our commitment to platform security and continuous improvement of our customers’ Venmo experience. Crawling Venmo violates our terms of service, and we actively work to limit and prevent those who violate these policies Activities,” Venmo spokesperson Jaymie Sinlao wrote in an emailed statement. “We continue to provide approved developers with selective access to our existing APIs to continue to innovate and build on the Venmo platform.”

Venmo is far from the only app Let you choose not to share Instead of actively looking for it. But because its use case is entirely financial, the stakes are much higher, and its users’ assumptions may be misplaced. Venmo does not make it particularly easy for users to figure out what they are sharing or not sharing.In 2018 it Reach a settlement Part of the contact with the Federal Trade Commission is related to its confusing privacy settings.

“Interestingly, people are surprised to find that financial services applications are public by default,” said Lambert of the Mozilla Foundation. “Even people who have used Venmo for many years may not know that their settings are public.”

To make sure you don’t move on, go to Settings> Privacy And choose private. Then click Past transactions,then click Change all to private Lock things retroactively.While you are doing it, keep clicking Friends List, Then tap private And close Appear in other user’s friends listOtherwise, you will share the digital equivalent of your credit card purchases with everyone you know and many people you don’t know. Or consider using something like Square’s Cash App, which is private by default.

For Venmo and its users, the loss of global feeds is an important step towards privacy. Hope there are more steps.

More exciting connection stories


Source link