Advertisement

A New Study Reveals Lots of People Inadvertently Share Way Too Much Private Info on Venmo

Ashley Stimpson
·5 min read
Photo credit: SOPA Images - Getty Images
Photo credit: SOPA Images - Getty Images

  • Used in its default setting, activity on the cash-sharing app Venmo is public, including transaction history, friend lists, and messages sent with payments.

  • Researchers analyzed more than 300 million Venmo messages and found many users are sharing private information on the app, including their physical location, health conditions, and political orientation.

  • To protect yourself, set your Venmo profile and your friend list to private, as well as all past and future payment notes.

Cash-sharing apps like Paypal, Zelle, and Venmo are a popular and convenient way to split the check at a restaurant, donate to a local cause, or pay for that cool rug you found on Craigslist. Of the bunch, Venmo feels most like a social media platform, thanks to its public feed, friend list, and messaging between users. “Settling up feels like catching up,” the app says on its website. “The fun of connecting with friends in person continues right into your Venmo feed.”

Users can opt out of this fun by making their account—including their friend list and their “payment notes,” the messages they are required to send with each transaction—private, but that requires manually changing the app’s default settings. If downloaded and operated as-is, Venmo automatically makes its 83 million users’ activity on the platform available for all to see.

👩💻 You want to keep tabs on your tech privacy options. So do we. Let’s learn more together, join Pop Mech Pro.

Venmo’s public-by-default setting can lead to users inadvertently revealing private information, according to a new study from researchers at the University of Southern California and the University of Texas, set to be published in the Privacy Enhancing Technologies Symposium. They analyzed 389 million public messages sent on Venmo between 2012 to 2020 and found that nearly 40 percent of users had shared sensitive information on the app at least once. More than 10 percent of messages contained sensitive information, such as a health condition, political orientation, or drug and alcohol consumption. A worrying number of messages contained email addresses, physical addresses, and even passwords.

Dr. Jelena Mirkovic, a co-author on the study and professor of computer science at USC, said in an email to Popular Mechanics that she became interested in privacy leaks on Venmo after using the app herself. “When I was collecting donations for the parent teacher association, I noticed that I could see not just the other transactions of my friends on the app, but also transactions of their friends and friends of their friends,” she wrote. “This got me a bit alarmed, and then it got me wondering if we could quantify how much sensitive information is public on Venmo.”

Using a complex machine learning model to analyze the massive data set, the researchers first classified each Venmo message as either sensitive or non-sensitive. The sensitive messages were then grouped under 14 different headings based on what the text contained, such as violent phrases or sexual innuendo. Mirkovic says she was surprised by what the model revealed. “I thought that the most we would find is people’s relationship information, such as who is roommate with whom, who went out to lunch with whom. But we found that some users would post much more private stuff, such as their phone numbers and emails, passwords, links to online documents with itemized receipts. There were also a lot of notes mentioning sex, drugs, gambling, and alcohol—and these notes were all public by default.”

These online privacy leaks can have real world implications. In 2015, public Venmo messages were used to arrest a Columbia University student on drug charges. Last year, U.S. Representative Matt Gaetz’s Venmo transactions were used as evidence during the investigation of his alleged relationship with minors. In 2021, Buzzfeed reporters were able to find Joe Biden’s Venmo account in “less than ten minutes.” While the President’s transactions were set to private, his friend list was viewable to anyone, allowing the reporters to easily identify the Venmo accounts of many of Biden’s closest associates and family members. (Venmo has since allowed users to make their friends list private.)

The average person’s Venmo privacy leaks may not trigger a criminal investigation or national security nightmare, but they can let slip information users would rather keep secret, such as their membership in gambling pools or support groups like Alcoholic Anonymous. By searching the data set for messages that contained specific words (in the case of AA, terms like “7th tradition,” “sunrise meeting,” or “book study”) and then combing through that user’s friend lists and their transactions, the researchers were able to easily map out membership connections.

In better news, the researchers found that users were getting more savvy about safeguarding their privacy. In 2013, only 25 percent of users had set their Venmo accounts to private, according to the study. By 2018, that number had jumped to 37 percent. Meanwhile, 25 percent of users with public accounts were sending cryptic payment notes, including only an emoji or an innocuous word or phrase with their transaction.

Mirkovic says it’s fairly easy to protect yourself on Venmo. “The good news is that Venmo users can protect themselves today by making all their notes (past and future) and friend list private. They can also turn off the sync option, which syncs the contact list from their phone with the friend list on Venmo.”

You Might Also Like