Submitted via IRC for Bytram
Venmo's Public Transactions Policy Stirs Privacy Concerns
In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.
Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns.
Many have weighed in on Venmo’s privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier Foundation (EFF), which on Thursday blasted popular mobile transaction app for its data-privacy policies. The companies specifically pointed out the lack of privacy around Venmo transactions, which are public by default, and around public lists of users’ friends that they can interact with on the app, for which there is not even an option to hide.
Venmo, a mobile payment service owned by PayPal, is an app that enables friends on the app to pay or request payments from one another. The app’s popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018.
In a Thursday joint public letter the Mozilla Foundation and EFF penned their concerns. “We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: Make transactions private by default, and give users privacy settings for their friend lists,” the organizations said in their letter.
The plea to Venmo comes after the app’s privacy policies have been criticized by several researchers, who showed how they could scrape millions of Venmo payments – even if they don’t use the app. That’s because Venmo utilizes a public API endpoint to return the data for its transaction feed – meaning that anyone, even those not using the app, could make a GET request to see anyone else’s transactions.
[...] “The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date and do business with you,” they said. “Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.”
(Score: 2) by takyon on Saturday August 31 2019, @12:45PM
I wonder if anyone has managed to count the amount of potential drug deals exposed by clueless Venmo users.
https://fortune.com/2017/07/10/venmo-app-buy-drugs/ [fortune.com]
https://nakedsecurity.sophos.com/2018/07/19/venmo-users-time-to-hide-your-drug-deals-and-excessive-pizza-consumption/ [sophos.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Mer on Saturday August 31 2019, @01:36PM (5 children)
For a non user outside the US, what's the advantage of using this app over wiring the money over?
Shut up!, he explained.
(Score: 1, Informative) by Anonymous Coward on Saturday August 31 2019, @01:53PM
the price
wiring money in the US is crazy expensive compared to violating one's privacy willingly inexchange for an identical money transfer service. also, since paypal is not a bank, any financial protections otherwise provided by US law don't apply, only the privacy policy does. which seems to be sort of shitty as the article states.
that's the cost of doing business with people that don't read what they are agreeing to.
(Score: 3, Informative) by Anonymous Coward on Saturday August 31 2019, @01:59PM (1 child)
Wire transfers in the US require that you have the account number of the other party which can be used for fraud and is inconvenient to share even with trusted friends. Venmo funds can be sent using only an email address or cell phone number, which you likely already have for friends. Wires also have fees associated from $15-50 per transaction, which makes paying a friend for your portion of lunch untenable.
(Score: 2) by Mer on Sunday September 01 2019, @08:53AM
Well that's quite a steep fee, but the fact that the sending of funds is simplified is as much a bad thing as it is a good thing. I think I'd rather write a check in that situation.
Shut up!, he explained.
(Score: -1, Troll) by Anonymous Coward on Saturday August 31 2019, @02:06PM (1 child)
It pisses off the Luddites because you can app the apps with appings that app... all through the cloud!
(Score: 2) by takyon on Saturday August 31 2019, @02:08PM
I used Venmo once. I didn't even get swatted by PayPal. I want my money back!
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday August 31 2019, @03:25PM
Gotta give the government a new access point now and retrain the employees.
(Score: 0) by Anonymous Coward on Saturday August 31 2019, @05:08PM
"The app’s popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018."
...with 40 million mindless slaves...
(Score: 3, Insightful) by darkfeline on Saturday August 31 2019, @09:43PM (2 children)
I never understood how Venmo is marketed as "send money to friends". If I'm a friend with someone, I don't care if I treat them to a meal or they treat me to a meal. Since we're friends, we don't count debts between us.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Sunday September 01 2019, @04:20AM (1 child)
Try $100 between friends, when one or both don't like to carry cash.
I've also seen it used to pay the landlord. A landlord who managed to lose a rent check once -- it was picked up by a kind stranger and mailed back.
(Score: 2) by Runaway1956 on Sunday September 01 2019, @02:10PM
$100 dinner tab? Ohkay, no problem. Just ask for separate checks when ordering. That problem was solved about the same time that coinage and currency were invented. You can even do it in a humorous manner. "No, he/she is not my son/daughter, I'm not raising him/her. He/she gets his/her own check."
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by PinkyGigglebrain on Saturday August 31 2019, @10:10PM
have to wonder why the devs who created this didn't ever think to them selves "Hmmm, people might want to keep some transactions private."
Its almost like they were conditioned over the years to believe that "Nothing to hide, nothing to fear" was a valid statement.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."