Friday, October 4

This Is a Reminder That You’re Probably Oversharing on Venmo

There’s an app for snooping on your friends, family and colleagues to find out about their fancy dinners, the people they are dating and the parties they are attending that you weren’t invited to.

It’s not a social networking app like Facebook or Snapchat. It’s Venmo, the app that became popular more than a decade ago by enabling people to send mobile payments to one another and to post those transactions, often in the form of cute emojis, on a public timeline.

The snooping works the other way around, too. Even if you seldom use Venmo today, the app is most likely leaking sensitive information about you to the general public.

How do I know? I’m embarrassed to admit it, but I recently discovered that my contacts list, which includes the names of people in my phone book, was published on Venmo for anyone using the app to see.

That’s because more than a decade ago, Venmo made people’s contact lists visible to its users. It created an option to hide the address book only two years ago, long after I had stopped using the app.

Venmo is a strong example of how even as social norms shift on the ways we use technology, the companies and their apps don’t change much. Venmo was founded in 2009 as a music start-up that let users buy songs from bands through a text message. By the time eBay acquired it in 2013, it had become a mobile wallet service that was trendy among younger people who were gung-ho about sharing information about themselves online.

At the time, social networking was novel, and posting your thoughts, movements and achievements for everyone to know about was cutting edge, not sinister. Since then, we have learned the hard way that sharing such seemingly innocuous information can be hazardous. Stalkers, employers or data brokers can use the data to study our whereabouts and activities to target us.

But Venmo remains an app with a strong social networking element, one of many in a generation of apps that are now nearly 15 years old. And if you have apps and internet accounts from then that are on autopilot, it’s best to revisit them periodically to check their settings so that you can safeguard your privacy. If you no longer find value in the service, the safest bet may be to delete the account.

Before we get into that, let’s dive into why Venmo remains a privacy concern and what to do to protect your data.

In the early 2010s, as smartphones became popular, Venmo rode the coattails of companies like Facebook and Twitter, which brought the concept of a public timeline into the mainstream. Similar to those networks, Venmo allowed people to publicly post to a feed, in its case details of payment transactions, including the dollar amount, time, date and a description, such as a pizza or taxicab emoji.

At the time, Braintree, the payments company that bought Venmo in 2012 before it was purchased by eBay, said Venmo had created “rave-worthy experiences” to simplify mobile payments between smartphone users. (Venmo is now owned by PayPal, which was spun off from eBay in 2015.)

Venmo has made some changes over the years to protect its users’ privacy. In 2021, it disabled its global feed, a stream where users could see Venmo transactions among strangers.

But critics say the app still falls short. Today, you can see transactions among people who are not your friends if you visit their profiles.

Venmo is still set by default to publicly share when you receive or make a payment. There’s an option to make the transaction private, but if you use the app quickly and don’t notice the setting, you could unknowingly broadcast the payments between you and others.

“It’s not just that I went out to pizza with this person,” said Gennie Gebhart, a managing director at the Electronic Frontier Foundation, a digital rights nonprofit. “It’s a pattern of who you live with, interact with and do business with, and how it changes over time.”

Last month, The Guardian discovered through a Venmo feed that an aide for Justice Clarence Thomas was taking payments from lawyers who have had business with the Supreme Court, a potential conflict of interest. The aide has since hidden his Venmo activity from public view.

While the idea of posting pizza and beer emojis and dollar amounts could sound like a fun way to tell others that you are out and about, there may eventually be consequences. Those transactions could be used to study your movements or, in the case of Justice Thomas, inadvertently disclose relationships.

In 2017, Hang Do Thi Duc, a data researcher who was at the Mozilla Foundation, published Public by Default, an interactive graphic summarizing the intimate details scraped from 208 million Venmo transactions. The graphic homed in on the daily lives of several Venmo users, including a cannabis dealer, a food cart vendor and a married couple splitting bills and paying off a loan together.

Venmo said in a statement that it had worked to change its privacy measures for customers and that privacy settings could be controlled within its app. “The privacy and safety of all Venmo users is always a top priority,” the company said.

To prevent your day-to-day life from being broadcast on Venmo, make sure to change the settings. Inside the app, click on the Me tab, tap the settings icon and select Privacy. Under default privacy settings, select Private. Then, under the “More” section in Privacy, click “Past Transactions” and make sure to set that to “Change All to Private.”

Venmo has made the contacts list, which can be generated from your smartphone’s address book or your Facebook friends list, viewable to any other user on the app.

That can make a lot of information public. In 2021, my colleague Ryan Mac, who was then at BuzzFeed News, used Venmo to discover President Biden’s account and personal contacts list. Mr. Biden later deleted his Venmo account.

On a personal level, a public address book can reveal a new romantic partner to an ex. For professionals, it could expose a doctor’s patients, a journalist’s sources or a salesperson’s clients.

To hide your contacts list from public view, visit the privacy settings, click on Friends List and select Private. Also, toggle off the option for “appear in other users’ friends lists.”

All tech companies change their data-sharing features and settings over time. So take a moment to scroll through your phone and review the settings inside apps you haven’t used in a while to see if there’s something you missed.

Ms. Do Thi Duc, who is now a graphics editor at The New York Times, said she wasn’t surprised that Venmo was still making headlines, because the app relied on people’s public oversharing as a marketing mechanism. She said she deleted her Venmo account when conducting her research on the company.

After writing this column, I did the same.