Connect with Joseph Steinberg


Deja-Vu: Check Your Venmo Settings Right Now Unless You Want Everyone To See How You Spend Your Money

Deja-Vu: Check Your Venmo Settings Right Now Unless You Want Everyone To See How You Spend Your Money

If, like millions of other people, you use Venmo, the PayPal-owned online payment system that sports various social features, you might be at risk for having the details of all of your transactions made public.

Last year, in an article entitled, Check Your Venmo Settings Right Now Unless You Want Everyone To See How You Spend Your Money, I discussed the fact that a researcher was able to exploit Venmo’s API to download a list of hundreds of millions of Venmo transactions, and to assemble a detailed profile of people’s spending habits based on the data contained therein.

Since then, Venmo modified its API, apparently in an effort to rate-limit data acquisition and prevent similar mass data-gathering; its efforts, however, do not seem to have sufficiently curtailed the risk. According to a report on Friday in  TechCrunch, despite Venmo’s efforts, a computer scientist by the name of Dan Salmon still managed to download 57,600 transactions per day  (roughly 1 record every 1.5 seconds), capturing many millions of transactions over the course of a six month period.

What this means, is that unless you took action last year, or you take action now, your Venmo transactions – and all of the information about you that can be gleamed from them – can potentially be obtained by anyone with technical skills or a budget to hire someone with such skills.

And, the relevant information may be far more revealing than people might expect: As I discussed last year, Do Thi Duc, a researcher examining data collected from Venmo, was able to track various activities of someone selling illegal marijuana, watch a romantic relationship evolve (in both positive and negative ways) between two people who chatted via a payment’s comments section, and obtain a clear understanding of other folks’ eating habits (including those of one woman who, in only eight months, apparently made over 2,000 transactions involving pizza, soda, alcoholic drinks, coffee, and donuts). Did the pot dealer, the lovers, or the less-than-healthy-food enthusiast really intend for the whole world to know of their activities?

Of course, some folks may intend to share their Venmo transactions with the public – but, it is possible, if not likely, that, to this day, the vast majority of people whose privacy could potentially be compromised by their Venmo settings have no idea that anyone else, never mind everyone else, can view the detailed history of their transactions.

So, what should you do?

1. Set your Venmo transactions to be private.

You can, quite easily, set your transaction to be private, by clicking on the menu icon at the top left of the Venmo app, selecting Settings from the Control Panel, within Settings selecting the Privacy option, and changing the default from Public to Private. Also, below, select the Past Transactions option to ensure that all of your Venmo transactions to date are also kept private.

2. Be wary of any system that blends social features with information that you desire to keep private.

If you would not share your financial activity with the world by posting to Facebook or Twitter the details of each transaction as you make it, for example, be sure that any system that you use for making payments offers adequate privacy. Before you utilize the services of a provider that has social features, be sure to understand if the service’s privacy capabilities meet your requirements, and, of course, if they do, do not forget to enable such features.

Continue Reading

More in CyberSecurity




* indicates required