Venmo's Public Transactions Policy Stirs Privacy Concerns
upstart writes:
Submitted via IRC for Bytram
Venmo's Public Transactions Policy Stirs Privacy Concerns
In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.
Your simple $5 Venmo payment to a friend after splitting a pizza could easily expedite various malicious attacks, from stalking to spear-phishing, according to researcher concerns.
Many have weighed in on Venmo's privacy practices, but the latest are Mozilla Foundation and the Electronic Frontier Foundation (EFF), which on Thursday blasted popular mobile transaction app for its data-privacy policies. The companies specifically pointed out the lack of privacy around Venmo transactions, which are public by default, and around public lists of users' friends that they can interact with on the app, for which there is not even an option to hide.
Venmo, a mobile payment service owned by PayPal, is an app that enables friends on the app to pay or request payments from one another. The app's popularity is not to be understated, with 40 million active users in 2019, and $12 billion in transactions on the platform in the first quarter of 2018.
In a Thursday joint public letter the Mozilla Foundation and EFF penned their concerns. "We are writing to express our deep concern about Venmo's disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: Make transactions private by default, and give users privacy settings for their friend lists," the organizations said in their letter.
The plea to Venmo comes after the app's privacy policies have been criticized by several researchers, who showed how they could scrape millions of Venmo payments - even if they don't use the app. That's because Venmo utilizes a public API endpoint to return the data for its transaction feed - meaning that anyone, even those not using the app, could make a GET request to see anyone else's transactions.
[...] "The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date and do business with you," they said. "Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings."
Read more of this story at SoylentNews.