Because Venmo defaults to making all payments public, privacy researcher Hang Do Thi Duc was able to download and analyze 208,000,000 transactions, whose notes and other metadata revealed a wealth of personal, compromising information, including drug deals and breakups.
Venmo users tagged their transactions with revealing personal notes like "You don't love me anymore" or tree and pill emojis.
Thi Duc says that her research reveals the perils of failing to engage with "privacy by design," and points out that in addition to revealing these intimate facts, Venmo also leaks information that would be useful to stalkers, identity thieves, and other bad guys.
“The moment when I went, ‘Wow this is just unbelievable,’ is when I discovered the stories of the lovers,” Do Thi Duc told me in an email. “Just the intimacy of those conversations—this was definitely not mean to be public. But that also applies to all the stories, this information shouldn’t be that easy accessible.”
Any of these interactions could be inside jokes, but gathered over enough time, they still reveal intimate connections and slices of their lives. A lot of the transactions seem too specific, repetitive, and mundane to be one-off jokes. Like the cannabis retailer she found doing business in California, whose transactions made mentions of “weed,” “grass,” medicine,” “CBD,” “stacked kush,” and “gorilla cookie.” She could see that he made a total of 920 incoming payments in 2017.
Then there’s a food cart operator at University of California, who had 8,026 transactions in 2017, and whose customers preferred elote. The API showed who bought food, how often and at what time of day.
Public By Default [Hang Do Thi Duc]
A Privacy Researcher Uncovered a Year’s Worth of Breakups and Drug Deals Using Venmo’s Public Data [Samantha Cole/Motherboard]
For decades, it was a commonplace in western business that no one could afford to ignore China: whatever problems a CEO might have with China's human rights record could never outweigh the profits to be had by targeting the growing Chinese middle-class.
A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out […]
How can a single, ill-conceived law wreak havoc in so many ways? It prevents you from making remix videos. It blocks computer security research. It keeps those with print disabilities from reading ebooks. It makes it illegal to repair people's cars. It makes it harder to compete with tech companies by designing interoperable products. It's even been used […]
Remember when the default state of your online presence was anonymity? That’s not so clear-cut anymore, and the worst part is you may not even know who is using your data or what they’re using it for. Small wonder that so many people are choosing to surf through virtual private networks. VPNs filter web access […]
Get ready for the stream of your dreams, binge-watchers. There’s a contest afoot, and at stake is a lifetime subscription to Netflix. All you have to do is sign up, and you’re entered to win this ultimate Netflix plan. When does it expire? Only when you do. And hey, just in case you need something […]
There’s overwhelming support for clean energy, and the planet is giving us more reasons to invest in renewable power sources with every passing year. Even in the most inhospitable areas, wind and solar can provide a good chunk of our power, if not all of it. So why aren’t we all taking advantage of it? […]