Today, Mozilla and our friends at EFF are sending a public letter to PayPal’s leadership, CEO Dan Schulman and COO Bill Ready. We’re urging them to make Venmo users’ transactions private by default. And, to give users more privacy control over their friend lists.
For more than a year, Mozilla has been calling on Venmo to fix its privacy practices.
In July 2018, Mozilla Fellow Hang Do Thi Duc released publicbydefault.fyi, a project exposing just how much personal information is up for grabs on Venmo — from drug habits to fights with romantic partners. “It's Time to Stop Sending Money on Venmo,” wrote WIRED in response.
Then, in September 2018, Mozilla delivered to Venmo headquarters a petition signed by 25,000 people urging the company to make privacy the default. Also, public polling by Mozilla and Ipsos showed that a majority of Americans believe payment apps should not make transactions public by default.
Then, this past June, another researcher revealed just how creepy Venmo can be.
Meanwhile, EFF has urged Venmo to give users more privacy control over their friend lists. “Even a ‘social’ payment app should give its users the choice of just how social they want to be,” EFF writes.
Dan Schulman, President and CEO
Bill Ready, COO
Dear Mr. Shulman and Mr. Ready,
We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: make transactions private by default, and give users privacy settings for their friend lists.
As you are likely aware, last year Hang Do Thi Duc, who was at the time a Mozilla Fellow, exposed the serious implications of Venmo’s settings by uncovering how countless Venmo users’ drug habits, junk food vices, personal finances, and fights with significant others are available for all to see. Although you made the decision to adjust the rate limit for public data after major news coverage of Do Thi Duc’s work, and a subsequent Mozilla petition that gained over 25,000 signatures, you still have not sufficiently prioritized newsfeed privacy. In recent months, another researcher, Dan Salmon, was able to obtain an additional 7 million public transactions.
Users’ transactions are not the only sensitive data Venmo makes public--their friend lists are also exposed to the open web. And while Venmo offers a setting for users to make their transactions private, there is no option for a user to hide their friend list. Despite an EFF campaign around this issue, Venmo has given no reason for this discrepancy. The list of people with whom you exchange money paints a startlingly clear picture of the people who live, date, and do business with you. Just as Venmo has given users newsfeed privacy settings, it must give them, at a minimum, equivalent friend list privacy settings.
Venmo’s disregard for its users’ privacy is especially alarming as the company expands. It appears that your users may assume that, like their other financial transactions, their activity on Venmo is both private and secure. They might not know that they must change their newsfeed privacy settings—or, in the case of friend lists, that they have no option to do so. As a result, they are vulnerable to stalking, snooping, or hacking with so much of their data available to anyone on the web.
In an era of massive financial data breaches, consumers are increasingly concerned and Venmo has the opportunity to lead the way by making privacy its default.
As two organizations deeply invested in the strength and health of a secure, private, and vibrant internet, we urge you to make these pro-privacy changes.
Thank you for your consideration,
Electronic Frontier Foundation