Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday July 23 2018, @04:09PM   Printer-friendly
from the always-check-the-defaults dept.

Submitted via IRC for BoyceMagooglyMonkey

Anyone can track a Venmo user's purchase history and glean a detailed profile – including their drug deals, eating habits and arguments – because the payment app lacks default privacy protections.

This was the finding of a Berlin-based researcher, Hang Do Thi Duc, who analysed the more than 200 million public Venmo transactions made in 2017. Her aim was to highlight the privacy risk from using a seemingly innocuous peer-to-peer app.

By accessing the data through a public application programming interface, Do Thi Duc was able to see the names of every user who hadn't changed their settings to private, along with the dates of every transaction and the message sent with the payment. This allowed her to explore the lives of unsuspecting Venmo users and learn "an alarming amount about them".

The default state for transactions when a user signs up to the app is "public", which means they can be seen by anyone on the internet. Users can change this to "private" by navigating to the app's settings, but it's not clearly highlighted during sign-up.

Source: https://www.theguardian.com/world/2018/jul/17/venmo-payments-app-default-privacy-settings-public-information


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Touché) by SomeGuy on Monday July 23 2018, @04:41PM (6 children)

    by SomeGuy (5632) on Monday July 23 2018, @04:41PM (#711301)

    Why do they even HAVE a public option? If they just give the data away then how do they expect to be able to sell it to the highest bidder like everyone else?

    Starting Score:    1  point
    Moderation   +1  
       Touché=1, Total=1
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 4, Touché) by archfeld on Monday July 23 2018, @04:46PM

    by archfeld (4650) <treboreel@live.com> on Monday July 23 2018, @04:46PM (#711305) Journal

    So they don't have to stage a hack to explain how the data got into the wild.

    --
    For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
  • (Score: 3, Funny) by bob_super on Monday July 23 2018, @04:57PM (4 children)

    by bob_super (1357) on Monday July 23 2018, @04:57PM (#711311)

    Look at me, I'm giving to charity !
    Look at me, i'm repaying Big Bubba, so please don't bother to kneecap me !
    Look at me, I'm important because you're looking at me !
    Look at me, I use smartphone apps, so I know I have no private life anyway ! Might as well cheerfully enjoy before it blows up in my face !
    Look at me, I'm helping my hoes' pimps tally their share without beating them up !

    Honestly, I don't know.

    • (Score: 2) by DannyB on Monday July 23 2018, @06:05PM (2 children)

      by DannyB (5839) Subscriber Badge on Monday July 23 2018, @06:05PM (#711355) Journal

      Plausible reasons to have a Public option.

      So next question: Why not make the private option the default?

      (I don't use the ALT-RIGHT key, I use the ALT-LEFT and CTRL-LEFT keys because my right hand is usually on the moose.)

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 0) by Anonymous Coward on Monday July 23 2018, @08:51PM

        by Anonymous Coward on Monday July 23 2018, @08:51PM (#711432)

        Plausible reasons to have a Public option.

        So next question: Why not make the private option the default?

        Wait until someone finds plausible reasons for the Pubic option. Then you can inquire about it in conjunction with public/private.

      • (Score: 1, Insightful) by Anonymous Coward on Monday July 23 2018, @10:26PM

        by Anonymous Coward on Monday July 23 2018, @10:26PM (#711466)

        Look at all the people using Venmo.

    • (Score: 2, Insightful) by Anonymous Coward on Monday July 23 2018, @06:36PM

      by Anonymous Coward on Monday July 23 2018, @06:36PM (#711377)

      I am told that the reason these payments are "public" is so the others in the "group" (e.g., coworkers who want to dinner) see that everyone paid their share to Alice (who got the 1% cash back for putting the group's dinner on her credit card).

      Why "public" and not just accessible to the "group"? Proper security is hard, and "sharing" is a feature if you bullet-point it.