SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Venmo's Public Transactions Policy Stirs Privacy Concerns
In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.
Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns.
Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier Foundation (EFF), which on Thursday blasted popular mobile transaction app for its data-privacy policies. The companies specifically pointed out the lack of privacy around Venmo transactions, which are public by default, and around public lists of users’ friends that they can interact with on the app, for which there is not even an option to hide.
Venmo, a mobile payment service owned by PayPal, is an app that enables friends on the app to pay or request payments from one another. The app’s popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018.
In a Thursday joint public letter the Mozilla Foundation and EFF penned their concerns. “We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: Make transactions private by default, and give users privacy settings for their friend lists,” the organizations said in their letter.
The plea to Venmo comes after the app’s privacy policies have been criticized by several researchers, who showed how they could scrape millions of Venmo payments – even if they don’t use the app. That’s because Venmo utilizes a public API endpoint to return the data for its transaction feed – meaning that anyone, even those not using the app, could make a GET request to see anyone else’s transactions.
[...] “The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date and do business with you,” they said. “Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.”
(Score: 2) by Mer on Saturday August 31 2019, @01:36PM (5 children)
For a non user outside the US, what's the advantage of using this app over wiring the money over?
Shut up!, he explained.
(Score: 1, Informative) by Anonymous Coward on Saturday August 31 2019, @01:53PM
the price
wiring money in the US is crazy expensive compared to violating one's privacy willingly inexchange for an identical money transfer service. also, since paypal is not a bank, any financial protections otherwise provided by US law don't apply, only the privacy policy does. which seems to be sort of shitty as the article states.
that's the cost of doing business with people that don't read what they are agreeing to.
(Score: 3, Informative) by Anonymous Coward on Saturday August 31 2019, @01:59PM (1 child)
Wire transfers in the US require that you have the account number of the other party which can be used for fraud and is inconvenient to share even with trusted friends. Venmo funds can be sent using only an email address or cell phone number, which you likely already have for friends. Wires also have fees associated from $15-50 per transaction, which makes paying a friend for your portion of lunch untenable.
(Score: 2) by Mer on Sunday September 01 2019, @08:53AM
Well that's quite a steep fee, but the fact that the sending of funds is simplified is as much a bad thing as it is a good thing. I think I'd rather write a check in that situation.
Shut up!, he explained.
(Score: -1, Troll) by Anonymous Coward on Saturday August 31 2019, @02:06PM (1 child)
It pisses off the Luddites because you can app the apps with appings that app... all through the cloud!
(Score: 2) by takyon on Saturday August 31 2019, @02:08PM
I used Venmo once. I didn't even get swatted by PayPal. I want my money back!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]