The scary reasons you should make your Venmo account private

If you haven’t made your Venmo transactions private yet, do it now.

The payment app reveals a massive amount of private details about users’ lives by default, a report released Tuesday showed. The project, created by Berlin-based coder and privacy researcher Hang Do Thi Duc, examined 207,984,218 public transactions posted on Venmo in 2017.

She found she was able to paint detailed pictures of users’ lives based on information available to anybody. “Many products that we use on a daily basis make it more difficult than it should be to protect our privacy, our most personal information,” she said. “When it comes to money, privacy by design is of greater importance and higher demand.”

Venmo, which is owned by Paypal PYPL, +0.92%  , makes transactions viewable on a public feed by default unless users change preferences to make them visible only to friends or only to the two parties involved in a transaction. The amount of money spent by users is not visible publicly, but the text, emojis, and time stamps visible on transactions say a lot, Do Thi Duc said. Venmo told MarketWatch users have control over how much they share on the app.

“The safety and privacy of Venmo users and their information is one of our highest priorities,” a spokesman said. “Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously.”

Do Thi Duc detailed the life stories and personal habits of several users with data gleaned in her analysis. In one case, she was able to determine that two users who frequently made transactions with one another were a married couple. They owned a car and a dog they had recently taken to the vet. They shop for groceries weekly at Walmart WMT, +0.63%   They’re paying off a loan, and get utilities from San Diego Gas & Electric. They most frequently order pizza when eating out.

Another Venmo user she tracked sells food from a cart at a University of California campus. She could see more than 8,000 of the person’s public transactions over the course of the year, and saw that elote (a corn dish) was the most popular. One couple she followed frequently argued and threatened to break up through Venmo transactions, using feuding captions like, “You don’t love me,” and, “I’m waiting for the sugar daddy.”

Venmo’s public application programming interface (API) lets anybody see public transactions, and it has been criticized in the past for privacy issues. One project called Vicemo displays public payments with references to drugs, sex and alcohol in an ongoing feed. The app has also been used by savvy users to find out if a romantic partner is cheating or if an ex-boyfriend is seeing someone new.

These transactions aren’t only visible to the public, they are also used by marketers. Venmo states in its privacy policy that it shares user data “for everyday business purposes, for marketing purposes, for joint marketing with other companies.” Venmo also shares “information about your transactions and experiences” with its affiliates.

Venmo’s public-by-default feature was the target of an investigation of the Federal Trade Commission, which accused Venmo in 2017 of “misleading” users about the fact that they needed to change two separate privacy settings to make their transactions completely private. The company reached a settlement with the FTC. A company spokesman previously told MarketWatch that users now have three options for controlling who can see their payments.

It should be easier to make these changes, Do Thi Duc said, and it is the responsibility of Venmo to fix these privacy issues rather than rely on users to change settings themselves.

“I believe this could be designed better,” she said. “Why include all this information, when essentially the only interesting part is the message? If you — as a company — actually care about your users and their privacy you would ask this kind of questions.”

A Venmo spokeswoman told the Guardian newspaper that the safety of users was of the utmost priority. “Like on other social networks, Venmo users can choose what they want to share on the Venmo public feed,” she said.

To make your Venmo account private, go to “settings” and click “privacy.” Under the privacy setting, users can select default privacy setting for all future payments to “private.” There is also an option to make all past transactions private as well. Mark Weinstein, founder and chief executive officer of privacy-oriented social media platform MeWe, suggests making these changes or deleting the app completely.