Open letter to Venmo: Make Privacy the Default
Venmo’s public by default settings aren’t just potentially embarrassing – they’re a real problem that could pose security risks. Last week, journalists were able to find President Biden on Venmo – and see the people connected to him. The fact is that because Venmo doesn’t allow people to change their profile or their friends list to private, this could have happened to anyone.
In 2019, Mozilla partnered with the Electronic Frontier Foundation (EFF) to send a letter to Venmo calling on the company to make two critical updates to its privacy settings: change transactions to private by default, and give users privacy settings for their friend lists. The company did neither, but now with the news about President Biden’s Venmo account, there’s a very clear case as to why Venmo is jeopardizing not just people’s privacy, but possibly even national security by refusing to act.
We are again sending a letter to Venmo, and this time we plan to include signatures from tens of thousands of privacy advocates like you. Read the letter below, and then add your name.
Dear Mr. Schulman,
In 2019, we wrote to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: give users privacy settings for their friend lists and make transactions private by default.
The news broke last week that journalists were able to find President Biden and those connected to him on Venmo in a matter of minutes. We were sadly unsurprised. As we wrote to you in 2019:
“Users’ transactions are not the only sensitive data Venmo makes public—their friend lists are also exposed to the open web. And while Venmo offers a setting for users to make their transactions private, there is no option for a user to hide their friend list. Despite an EFF campaign around this issue, Venmo has given no reason for this discrepancy. The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date, and do business with you. Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.”
It shouldn’t have taken a story like last week’s for you to act. Now that the real threat of your public-by-default settings and design has been made even more alarmingly clear, we hope that it will spur you to finally make the long-needed changes to your privacy settings.
Electronic Frontier Foundation
P.S. You can read the full text of our 2019 letter here.