Shopping and sending money to friends, roommates, and basically anyone else has never been easier than today – especially if you live in the United States where you can use apps like the Paypal owned Venmo.
Venmo facilitates payments without transaction fees – all you need to do is sign up on their page, and provide some information as well as a bank account. In addition to that Venmo also includes social feeds, and that’s where the problem starts: everyone worldwide can access the public API and therefore view all the transactions that are being logged there.
A social network payment app
It sounds cool: Share with your Venmo friends and family what you bought and include some awesome emojis along the way. Comment on other peoples’ purchased and just interact. The big problem though is that most people don’t share by choice. Venmo’s privacy settings are set to “Public” by default, something most users probably overlook when setting up the app and probably don’t even know about.
According to Hang Do Thi Duc, a researcher who has a whole page dedicated on tracking some of the lives of people using the app, this leads to 200 million transactions being visible to everyone – even if one does not is a user of the app.
One API to read it all
The feed tells you most of the juicy details: What you bought, when you bought it, from whom you bought it, and last but not least of course your name. Usernames, payment ids, and profile pictures are all in the mix as well.
PublicByDefault.fyi – the page created by researcher Do Thi Dic – shows just how much you can really learn from the shared info by examining a couple of users. There’s the Cannabis Retailer, the Corn Dealer, some lovers, and more. Best take a look yourself or you will never believe how much you can gleam just by viewing the transactions of the people around you.
It’s scary – but you can take action!
Right now the app is only available in the United States and the main problem is solved easily by turning the privacy settings on. You can do this by following the instructions over here. The big question though is: are there other apps that use similar settings and that you might use? Even if there is not a whole API sharing your information there might be other things you are not comfortable with the rest of the world knowing.
Figuring that out will take some time and effort though. You will need to go through your apps and get acquainted with their privacy settings, if you don’t already know them. Take a close and careful look and make sure you are happy with what is being shared.
