Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday August 31 2019, @12:23PM   Printer-friendly
from the follow-the-money dept.

Submitted via IRC for Bytram

Venmo's Public Transactions Policy Stirs Privacy Concerns

In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.

Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns.

Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier Foundation (EFF), which on Thursday blasted popular mobile transaction app for its data-privacy policies. The companies specifically pointed out the lack of privacy around Venmo transactions, which are public by default, and around public lists of users’ friends that they can interact with on the app, for which there is not even an option to hide.

Venmo, a mobile payment service owned by PayPal, is an app that enables friends on the app to pay or request payments from one another. The app’s popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018.

In a Thursday joint public letter the Mozilla Foundation and EFF penned their concerns. “We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: Make transactions private by default, and give users privacy settings for their friend lists,” the organizations said in their letter.

The plea to Venmo comes after the app’s privacy policies have been criticized by several researchers, who showed how they could scrape millions of Venmo payments – even if they don’t use the app.  That’s because Venmo utilizes a public API endpoint to return the data for its transaction feed –  meaning that anyone, even those not using the app, could make a GET request to see anyone else’s transactions.

[...] “The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date and do business with you,” they said. “Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.”


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.