SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Venmo privacy issues concern security experts … and users

Posted on May 24, 2021

Mobile payment service Venmo has been accused of having serious, unresolved privacy issues — with one security expert calling the platform “a privacy disaster”. The criticism comes after an extremely high-profile user had his account and all of his personal contacts exposed.

In this article, we’ll discuss the incident, and talk about the larger privacy issues with Venmo. We’ll also tell you what you can do to stay safe on the platform.

What is Venmo?

Venmo is a mobile payment service. It was created as a way to give friends and roommates an easy way to send money or split bills.

Venmo has grown considerably since its founding in 2009, and was acquired by PayPal in 2013. However, because of its original purpose, the service retains a strong social component. For example, all Venmo accounts have a “friends list”, and the platform publishes transaction details to social media-like feeds. Unfortunately, this social aspect is now causing serious privacy issues for Venmo’s users.

Venmo exposes a VIP user

Concerns over Venmo and privacy are nothing new. In 2019, for example, Electronic Frontier Foundation published an open letter to Venmo asking that the company “clean up [its] privacy settings”.

But the payment service has attracted renewed scrutiny in recent days after BuzzFeed News discovered the personal Venmo accounts of two very high-profile users: US president Joe Biden and first lady Jill Biden.

The BuzzFeed reporters say that they found the President’s account and “a network of his private social connections … using only a combination of the app’s built-in search tool and public friends feature”. And somewhat disturbingly, the journalists say that it only took them about 10 minutes to do this.

But how did the BuzzFeed writers even know to look for a Joe Biden Venmo account? It turns out that a New York Times report mentioned in passing that Biden sometimes uses the app to send money to his grandchildren!

Venmo privacy issues

The Bidens’ accounts appear to have been taken down already, but the incident raises larger concerns about the platform: namely, the Venmo privacy issues faced by users who don’t have Secret Service protection.

To begin with, Venmo sets an account’s transactions to public by default. In other words, if a user doesn’t know that they can set transactions to private, they may unknowingly be broadcasting details of their personal life on the platform. In addition, the Venmo app strongly encourages new users to import contacts from their phone or Facebook friends list. This produces a Venmo friend list that reveals a great deal of information about a user’s network of personal connections.

However, perhaps the biggest issue is that while Venmo does allow you to make your transactions private, there is currently no way to hide your list of Venmo friends from other users. As BuzzFeed notes, this is not only a major privacy issue, it’s potentially a safety issue as well, since that information “can provide a window into someone’s personal life that could be exploited by anyone — including trolls, stalkers, police, and spies”. And unfortunately, isn’t just a theoretical concern. As security expert Bruce Schneier points out:

Therapists had patient lists exposed because they use Venmo. Women have had boyfriends stalk them because of information on Venmo. Reporters have had sources exposed because of Venmo.

How to protect your privacy on Venmo

If you’re a Venmo user, and you’re concerned about Venmo’s privacy issues, you have some choices.

First of all, there’s the nuclear option: You could simply stop using Venmo, and switch to another app with better privacy practices!

But that may not be possible, or desirable, for all users. If you still plan on using Venmo, here are three basic steps you can take to protect your privacy:

  1. Set your transactions to private

    By default, all of your Venmo transactions are public. You can change the privacy settings for individual transactions as you make them, but there’s also a way to change the default setting to private if you like. To do this, in the Venmo app go to Settings > Privacy > Default Privacy Setting and change the setting to Private. You can also change the privacy settings for all of your past transactions. Go to Settings > Privacy > Past Transactions and select Private.

  2. Anonymize your Venmo username

    Many people use their real names on Venmo, but you don’t have to do that. Venmo tells users that they “strongly recommend creating a username that’s unique to you and easily recognizable” because this “will make it easier for your friends to find you on Venmo”. But what Venmo doesn’t say is that this will also make it easier for other people to find you on Venmo, which may not be what you want. If you’re concerned about your privacy, you can always change your Venmo username to something a little more “anonymous” … or at least harder to link to you personally. Do this by going to Settings > Edit Profile and typing in a new username in the appropriate field.

  3. Limit your Venmo friends list

    By far the biggest privacy issue with Venmo is that everyone else can see your friends list. If you imported a large list of contacts when you first set up the app, you may be revealing a lot of information about your network of personal connections. For this reason, it’s probably a good idea to remove any “friends” who you don’t regularly use Venmo with. To remove a friend from your friends list, go to the person’s Venmo profile, tap the Friends checkmark > Unfriend. You can also block individual users on the platform, which prevents them from being able to search for you in the app. This can be a good precaution to take if you feel that a specific person is a threat to your privacy. To do this, go to that user’s profile, tap the three circles in the upper righthand corner, and look for the red block user option.

Join our mailing list for the latest security news and deals