If you can come up with a reason for Venmo to still have a public feed of users’ transactions — other than “Ummm, they had this feature since the start and probably haven’t reconsidered it” — please tell me. I’d love to know.
Because in the year of our Lord 2018, I can think of 0.0 good explanations for this blatant disregard of user privacy. It benefits no one, it’s creepy, and it’s proven that people can use it for nefarious or humiliating purposes, as we’ll discuss in a moment.
Venmo should get rid of this feature, period.
This week, a Twitter account (since devactivated by its creator) started tweeting the first names and profile photos of people who had made public transactions on Venmo that used drug or alcohol terms in their payment descriptions. Some of these were clearly jokes, but some are probably quite humiliating and real. People’s first names and photos, along with the suggestion that they do drugs, are now being put on a much larger and visible platform. This is a kind of doxxing — taking information that is available on a smaller, more obscure platform (the Venmo public feed) and putting it out on a broader platform (Twitter) designed to humiliate these people.
The programmer, Joel Guerra, who created the Twitter bot told Motherboard, “I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings.”
He was building off of the work of privacy researcher Hang Do Thi Duc, who made a project called Public by Default in which she combed through public Venmo data for interpersonal dramas. In her description of the project, she wrote, “I think it’s problematic that there is a public feed which includes real names, their profile links (to access past transactions), possibly their Facebook IDs and essentially their network of friends they spend time with. And all of this is so easy to access!”
A spokesperson for Venmo pointed out that they do have customizable privacy settings. Venmo offers three options: Public, Friends (visible to your friends and your recipient’s friends), and Private. You can change the setting for each payment or set a default — but when you sign up, your default is set to Public so “everyone on the Internet can see, comment on, and enjoy it with you.”
“Venmo was designed for sharing experiences with your friends in today’s social world, and the news feed has always been a big part of this,” a Venmo spokesperson said in a statement over email.
I'd argue privacy should be default. It shouldn’t be the burden of users to dig through their settings and find the menu where they can opt-in to privacy.
Even if it’s easy to make your transaction private (although I’d quibble about just how obvious and easy it is), it doesn’t explain why a “Public” setting needs to exist to begin with. Venmo did not explain to other reporters who recently asked the same question. So I have a suggestion: Just get rid of it!
I’m not the only one who finds this feature problematic. This past winter, Venmo’s parent company settled an FTC complaint about Venmo’s privacy settings. It wasn’t clear to many users how to make transactions fully private. Since then, Venmo has streamlined the privacy settings.
In the beginning, being able to see your friends’ activity is part of what Venmo helped stand out from competing payment apps like Square Cash, making Venmo the VHS to the Square’s Betamax. The friend feed was cheeky and it reinforced the millennial-targeted concept of “social transactions,” unlike boring PayPal (although Venmo was bought by the parent company of PayPal shortly after its public launch in 2012).
Most importantly, you could see that your friends actually used the app. That was key for the nascent product, and a stroke of marketing genius. It lent Venmo a kind of legitimacy: “Hey look! There’s people you trust on here — it’s not too shady to give your bank info to this random new app!”
The Friends setting seems strangely beloved by many users, although of course even this can cause problems: A friend told me that’s how her friends realized she was hooking up with an ex. Another said they found out their other friends had all gone out together and didn’t invite them through Venmo. It’s a weird attempt at making a utilitarian payment app into a chill cool social network, even though, I, like, never actually want to see what my friends are buying on their Chase cards.
But Venmo is no longer just a neat way to pay back friends. You can now use it to pay for things at stores that accept PayPal. And it just announced a partnership with Uber where you can use your Venmo balance to pay for an Uber ride (this does not show up on your activity feed). So as Venmo graduates to a real form of payment, why stick to this weird, gimmicky interface where you can see what strangers your friends just paid?
The public feed is simply out of step with how we understand and expect a peer-to-peer payment app to work.
It’s 2018, post–Cambridge Analytica, post–massive data breach, post–FTC settlement, and people care about their privacy. We demand and expect it on social platforms and the apps we use.
Venmo already has some imperfect privacy features, like how you can’t make your profile undiscoverable or prevent strangers from sending or requesting money. Just ask former White House press secretary Sean Spicer, who people discovered was using Venmo and started flooding with trollish requests; he had no way to stop it.
I guarantee most of the people on the public feed of Venmo either don’t realize how easy it is for people to monitor their activity or would be weirded out to realize that anyone — not just their friends — can see their payments. They’re not dumb, and it’s not their fault. They have a reasonable expectation of privacy on a financial app, even if it claims to have social functions.
The public feed is simply out of step with how we understand and expect a peer-to-peer payment app to work. Venmo should get rid of it. Anyway, thanks for coming to my TED Talk.
UPDATE & CORRECTION
The Twitter bot that tweeted out transactions from the public feed has now been deactivated by its creator, who wrote a post on Medium about why he created it and why he decided to kill it.
An earlier version of this article misstated that the bot tweeted full names of people; it only used first names.