Posted on by ivanfanta

Spying on friend’s financial transactions, it’s easy with Venmo

Spying on friend’s financial transactions, it’s easy with Venmo
By Anonymous | October 27, 2022

Venmo is a financial and social app, intended to allow friends to share funds while connecting socially with notes and emoji’s.  This puts Venmo in a unique position to enable sharing of personal information when the user intends it be shared and protecting the privacy of its users when the user expects it not to be shared. 

Venmo makes headlines with privacy violations

Venmo is no stranger to news headlines about unintended privacy violations.  One famous case is the exposure of President Joe Biden’s account.  A Buzzfeed journalist was able to find it within searching for 10 minutes.  It revealed Biden’s private social network, family relationships and raised security issues at the national level. (2021, Buzzfeed)

By default, when a user signs up for Venmo, their settings via the app are set to ‘Public – Visible to everyone on the internet’.  Countless people assume their information is shared only with friends they exchange funds with, and unknowingly are sharing information publicly.  Additionally, as per Venmo’s privacy policy, they track a user’s geo-location that may be used for several reasons which are vague such as ‘advertising, .. or other location-specific content’. (Venmo privacy policy, 2022).  This setting can be turned off, but many unsuspecting users remain unaware of these security options and assume their privacy is protected.  Nissenbaum’s contextual integrity, addresses context of information relative to information norms that should be respected (Nissenbaum, 2011).  Venmo, by this standard, has failed to address contextual integrity and the consequences can cause harm to unsuspecting users of Venmo.

How to change Privacy settings in Venmo

Changing the default Venmo settings is not difficult, but many users are unaware that their privacy is unprotected.  To change the settings, a user needs to open Venmo’s Privacy settings, change the settings to ‘Private’.  This will change the settings for all transactions going forward but will not change the privacy settings of historical transactions.  To change historical transaction privacy, a user needs to do an additional step to click into the ‘More’ section and change Past Transactions history to Private as well.  Additionally, if a user prefers that Venmo not track their geo-location at all times, they need to click into ‘Location’, ‘App location permissions’, then ‘Permissions’, then Location permission’ to change those default settings to the desired privacy setting.

Venmo and the FTC

Venmo has already been sued and settled with the FTC for violation of disclosing information to consumers about transferring funds and privacy settings in violation of the Gramm-Leach-Bliley Act (FTC, 2018).  Venmo misrepresented that user’s financial accounts were protected by “bank grade security systems”.   Venmo sent users confirmation that money had been credited to their account, when in fact it had not.  They did not disclose that Venmo could cancel or freeze fund transfer after a confirmation had been sent to the user.  As result of being found in violation of the law, Venmo is subject to a third-party assessment of compliance every other year, for the next 10 years.  One key point in the FTC principles includes recommending that companies increase their transparency with data practices, which is what the FTC supported in its ruling in this case.  (FTC, 2012)

Looking Forward

Venmo has made enhancements to their privacy policy and practices because of exposure of violations that caused harm.  The objective of this blog post is to raise awareness and encourage checking privacy policies and settings for applications used where personal information can be shared unexpectedly and to the detriment of the user.  Many companies are improving their attention to privacy, but as we can see in the case of Venmo, not until an embarrassing security exposure or court case requires them to do so.

References

  1. Venmo privacy policy (2022, September 14). https://venmo.com/legal/us-privacy-policy/
  2. Mac, Ryan, Notopoulos, Katie, Brooks, Ryan, McDonald, Logan. (2021, May 14). We Found Joe Bien’s Secret Venmo.  Here’s Why That’s A Privacy Nightmare For Everyone, BuzzFeedNews https://www.buzzfeednews.com/article/ryanmac/we-found-joe-bidens-secret-venmo
  3. Federal Trade Commission (FTC). (2018, February 27) PayPal Settles FTC Charges that Venmo Failed to Disclose Information to Consumers About the Ability to Transfer Funds and Privacy Settings; Violated Gramm-Leach-Bliley Act https://www.ftc.gov/news-events/news/press-releases/2018/02/paypal-settles-ftc-charges-venmo-failed-disclose-information-consumers-about-ability-transfer-funds
  4. Nissenbaum, Helen (2011). A contextual Approach to Privacy Online Daedalus140:4
  5. Federal Trade Commission (FTC). (2012, March) Protecting Privacy in an Era of Rapid Change, Recommendations for businesses and policymakers. Section VI, Subsections C, “Simplified Consumer Choice” and D, “Transparency” talk about notice and consent)