Because Venmo defaults to making all payments public, privacy researcher Hang Do Thi Duc was able to download and analyze 208,000,000 transactions, whose notes and other metadata revealed a wealth of personal, compromising information, including drug deals and breakups.
Venmo users tagged their transactions with revealing personal notes like "You don't love me anymore" or tree and pill emojis.
Thi Duc says that her research reveals the perils of failing to engage with "privacy by design," and points out that in addition to revealing these intimate facts, Venmo also leaks information that would be useful to stalkers, identity thieves, and other bad guys.
“The moment when I went, ‘Wow this is just unbelievable,’ is when I discovered the stories of the lovers,” Do Thi Duc told me in an email. “Just the intimacy of those conversations—this was definitely not mean to be public. But that also applies to all the stories, this information shouldn’t be that easy accessible.”
Any of these interactions could be inside jokes, but gathered over enough time, they still reveal intimate connections and slices of their lives. A lot of the transactions seem too specific, repetitive, and mundane to be one-off jokes. Like the cannabis retailer she found doing business in California, whose transactions made mentions of “weed,” “grass,” medicine,” “CBD,” “stacked kush,” and “gorilla cookie.” She could see that he made a total of 920 incoming payments in 2017.
Then there’s a food cart operator at University of California, who had 8,026 transactions in 2017, and whose customers preferred elote. The API showed who bought food, how often and at what time of day.
Public By Default [Hang Do Thi Duc]
A Privacy Researcher Uncovered a Year’s Worth of Breakups and Drug Deals Using Venmo’s Public Data [Samantha Cole/Motherboard]
Hackers working for China’s government targeted firms working on coronavirus vaccines, and stole hundreds of millions of dollars worth of intellectual property and trade secrets, claims the Justice Department in a statement Tuesday announcing criminal charges.
This is quite a major hack. Now is a good time to change your Twitter password, if you are a user. Hackers pumping a cryptocurrency giveaway scam appear to have compromised the Twitter accounts of leading exchanges, prominent individuals, major corporations, and at least one news organization.
The mobile phones of a number of politicians in Spain, including the president of Catalonia’s parliament, were recently hacked. The government of Spain has been an NSO customer since 2015, reports Motherboard on Tuesday. NSO Group is an Israeli company that sells surveillance and hacking tools to governments around the world.
If the last 50 years of education have taught us nothing else, it’s that it often requires different tactics to best reach different learners. To pick up a foreign language, some students take best to the old-school high school language lab method, using heavy repetition, verb conjugation and grammar emphasis to embed a new language. […]
For those who want a career in video games, there’s no reason to sit around and wait. EA and Rockstar Games probably aren’t going to seek you out and knock on your door with a job opportunity. But if you’re an indie developer with a good idea and some passion, you can create a really […]
Nobody is happy about the current state of our COVID-ravaged education system. With a new school year fast approaching, plans for teaching students still in flux, and political in-fighting driving more fear and confusion about whether or not to re-open campuses, teachers and parents are concerned. Meanwhile, most kids are just fine with spending less […]