Because Venmo defaults to making all payments public, privacy researcher Hang Do Thi Duc was able to download and analyze 208,000,000 transactions, whose notes and other metadata revealed a wealth of personal, compromising information, including drug deals and breakups.
Venmo users tagged their transactions with revealing personal notes like "You don't love me anymore" or tree and pill emojis.
Thi Duc says that her research reveals the perils of failing to engage with "privacy by design," and points out that in addition to revealing these intimate facts, Venmo also leaks information that would be useful to stalkers, identity thieves, and other bad guys.
“The moment when I went, ‘Wow this is just unbelievable,’ is when I discovered the stories of the lovers,” Do Thi Duc told me in an email. “Just the intimacy of those conversations—this was definitely not mean to be public. But that also applies to all the stories, this information shouldn’t be that easy accessible.”
Any of these interactions could be inside jokes, but gathered over enough time, they still reveal intimate connections and slices of their lives. A lot of the transactions seem too specific, repetitive, and mundane to be one-off jokes. Like the cannabis retailer she found doing business in California, whose transactions made mentions of “weed,” “grass,” medicine,” “CBD,” “stacked kush,” and “gorilla cookie.” She could see that he made a total of 920 incoming payments in 2017.
Then there’s a food cart operator at University of California, who had 8,026 transactions in 2017, and whose customers preferred elote. The API showed who bought food, how often and at what time of day.
Public By Default [Hang Do Thi Duc]
A Privacy Researcher Uncovered a Year’s Worth of Breakups and Drug Deals Using Venmo’s Public Data [Samantha Cole/Motherboard]
Hackers working for China’s government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
The mobile phones of a number of politicians in Spain, including the president of Catalonia’s parliament, were recently hacked. The government of Spain has been an NSO customer since 2015, reports Motherboard on Tuesday. NSO Group is an Israeli company that sells surveillance and hacking tools to governments around the world.
Building blocks are among a child’s first, and arguably, most important, toys. Once they start stacking one tentatively on top of another, the blocks not only spark waves of creativity, but actual real-world understanding of scientific principles like engineering and physics. It wouldn’t even be a stretch to call blocks on of the first true […]
Time management and self-motivation, the ability to stay on task and achieve in the office or when you’re working with home, is the true test of any person’s professional mettle. While that’s easier said than done, those skills can be taught and developed as you’ll find in The 2020 Work From Anywhere Hacker Bundle. The […]
It’s easy to be instantly dismissive about most Bluetooth speakers, especially small travel-sized units. Over the past few years, makers of every shape, size, and variety have started pounding out Bluetooth speakers, many barely able to sound much better than your smartphone speaker, let alone provide the bass and volume heft of legitimate portable speakers […]