I have been complaining about this, basically since Venmo came out. My friends would just say "oh, you just make your account private" like it was no big deal, but I was still flabbergasted. Was it supposed to be some kind of social networking aspect? It just boggles my mind that people would participate in such a product. My primary experience with it was as an undergraduate, where student groups would use it to send money for things like membership fees, outfits, etc. Most of these people were downloading the app for the first time, and I doubt they bothered managing their privacy settings.
The fact that this is now just getting attention kind of makes me want to hit my head on my desk. I'm glad it is though; this site is very well done and I hope Venmo and its users take note.
My sibling and their friends use the Cash app, they find the social networking aspect of venmo appalling. I think when Venmo came out, there was nothing else as convenient, so we accepted the social networking aspect for the convenience.
Man, what a brilliant feature though, for Venmo. Provide users with Emoji autocomplete, get perfectly labeled transactions. If I try to pay my roommate for electricity, it asks me to use a series of emojis that represent "electricity bill." In this way, Venmo is getting users to remove the ambiguity in describing their transactions. Something like "electricity" could refer to say, a night club, but Venmo got me to accurately label it as a power bill.
What pissed me off is the "opt-out" approach to public transactions Venmo takes. As a first time user, it's fairly easy to not see the transaction is going to be public (and the privacy button is small and tucked away in a corner).
Venmo just makes me paranoid about transactions. I want to make sure I am paying the right person (hard to tell sometimes when searching for a friend). I also don't want other people to see my transaction AMOUNT most importantly (seems like an easy way for a criminal/fraudster to target people with lots of money). Further, once you hit send, there is basically no recourse in stopping the transaction (which is why scammers use Venmo, since Venmo support basically says "your problem, not mine").
Other people may have different experiences and perfectly enjoy the app, but this steered me clear of it.
Teenagers/college students use it to show off they are hanging out with each other without looking like they're trying. That probably increased its adoption by young people.
This is why I use Apple Pay, with Apple, I can safely assume privacy is protected. With many other companies, especially PayPal ones, privacy is an inconvenience to their business model.
Yeah and to top things off they don't appear to store transaction history longer than 90 days so If you need to reach back (like me having to prove I paid my rent) then it becomes a huge hassle, if even possible...
Another FYI for anyone who uses venmo. A few months ago, they changed their method for adding bank accounts. In most cases, they force you to use the plaid method, which straight up asks for your bank password. Do not use it. You will literally give venmo/plaid etc. your entire bank account history. It's done very disingenuously because the log in screen for plaid is meant to look like your bank login.
In most cases they even explicitly instruct you to "disable extra security at sign-on" so their scrapers can login with your password. It's absolutely bonkers.
It's hard to regulate the users' ignorance or to prevent the use of awful dark patterns like "public by default."
But it would be a more ethical world if every site with public-facing social features had to create something like the presentation that publicbydefault.fyi has put together here. Something that graphically exposes the exact privacy implications of the data people are leaking. Privacy is at this point an educational problem as much as a technical problem, and it's on us to figure out the best practices for how to teach it.
Wait is is this still true? Transactions are still public to the world by default? I remember seeing this a while back and would have thought Venmo/Paypal would have changed the default by now. I guess that's not the case?
Not long ago Venmo's ability to pay at the website was "Under Construction"... and it never came back.
They forced all of their users to perform all transactions via their cell-phone. When I signed up, that was not the deal.
I am reasonably responsible online and I never in my wild dreams expected that the default behavior was my purchases would be public knowledge. It was not really a big deal since they weren't embarrassing - but imagine the outrage if VISA had a similar policy.
I do not trust Venmo and I hope they go out of business.
I'm surprised nobody has commented on the quality of this website. It's really well done! It's entertaining, informative and aesthetically pleasing all at the same time. Nice job to whomever made it.
“Soooorry, this content is not intended to be viewed in this resolution - you wouldn't enjoy it! Either change to the portrait orientation or a bigger screen.
Thanks for understanding!”
And in portrait it’s text is so small to be nearly unreadable.
To be honest I had no idea they even made transactions public and I'm definitely more proactive about turning on privacy settings than the average consumer. I thought it was just a friends thing......I didn't know it was everyone in the world....
Teenagers/college students use it to show off they are hanging out with each other without looking like they're trying, which probably increases adoption by young people.
This doesn't seem very GDPR compliant. Though I don't know -- it at least just doesn't seem that way, it could be. "By default privacy isn't baked in" something that GDPR does require.
I understand GDPR only applies to EU citizens but I'd imagine theres a lot of EU citizens using this US only product in the US.
GDPR applies to EU residents (“data subjects”). EU citizens in the US are not protected by GDPR. I don’t believe Venmo operates in the EU (as it’s a shim for US financial infrastructure).
I imagine if any of these people were an EU citizen and actually asked in paper writing to be removed, they would be. GDPR does not require that companies make this process electronically initiated, nor that deletion be the default.
I welcome this public by default pattern. Same thing could be said from the other side, public by default is an educational problem, it's to figure out the best practices for how to teach it to the older generation on how to adapt in the society where everything is public. To me privacy issue is better solved by radical transparency for everyone. Public by Default is a good initial step.
>" To me privacy issue is better solved by radical transparency for everyone. Public by Default is a good initial step."
Transparency and privacy are orthogonal concepts. "Radical Transparency" is a management philosophy whereby everyone has access to the same information for the benefit of organizational performance[1]. Posting salary ranges or even employees salaries might be considered part of radical transparency policy. How they spend that salary in their free time is not. The latter provides zero contribution to workplace culture.
I couldn't help but notice your profile doesn't contain your real name or email address or anything about you. That seems at odds with someone who claims to welcome the "Public by default" pattern no?
I very deeply disagree with your sentiment. This kind of thing is about normalising authoritarian intrusion into your life, and total destruction of privacy. Radical transparency for all is the worst possible scenario -- you, me, we all have secrets; Secrets are important for business, they are important for friendship, they are important for the continued prosperity of society. There are many things that you dont have the right to know, and I have the right not to tell you. You are talking about coercively forcing all secrets into the open. I can tell you that many would not live productive, or even long lives if this was the case.
Please provide a link to your latest bank statement, your last 5 years of web browsing history, full address, phone number and a link to a gallery of every photo on your phone. Perhaps your last 10 tax returns as well. Maybe a video feed of you and your family.
> To me privacy issue is better solved by radical transparency for everyone.
Human societies don't work like this, and never had. People aren't meant to live in a world where everything is public. You are advocating for a very dangerous and unhealthy transformation.
[+] [-] CSEThrowaway|7 years ago|reply
The fact that this is now just getting attention kind of makes me want to hit my head on my desk. I'm glad it is though; this site is very well done and I hope Venmo and its users take note.
[+] [-] chickenfries|7 years ago|reply
Man, what a brilliant feature though, for Venmo. Provide users with Emoji autocomplete, get perfectly labeled transactions. If I try to pay my roommate for electricity, it asks me to use a series of emojis that represent "electricity bill." In this way, Venmo is getting users to remove the ambiguity in describing their transactions. Something like "electricity" could refer to say, a night club, but Venmo got me to accurately label it as a power bill.
[+] [-] siruncledrew|7 years ago|reply
Venmo just makes me paranoid about transactions. I want to make sure I am paying the right person (hard to tell sometimes when searching for a friend). I also don't want other people to see my transaction AMOUNT most importantly (seems like an easy way for a criminal/fraudster to target people with lots of money). Further, once you hit send, there is basically no recourse in stopping the transaction (which is why scammers use Venmo, since Venmo support basically says "your problem, not mine").
Other people may have different experiences and perfectly enjoy the app, but this steered me clear of it.
[+] [-] cbau|7 years ago|reply
[+] [-] briandear|7 years ago|reply
[+] [-] meko|7 years ago|reply
[+] [-] bubblethink|7 years ago|reply
[+] [-] sdf43543t345|7 years ago|reply
[+] [-] dopamean|7 years ago|reply
[+] [-] chatmasta|7 years ago|reply
[+] [-] decasia|7 years ago|reply
But it would be a more ethical world if every site with public-facing social features had to create something like the presentation that publicbydefault.fyi has put together here. Something that graphically exposes the exact privacy implications of the data people are leaking. Privacy is at this point an educational problem as much as a technical problem, and it's on us to figure out the best practices for how to teach it.
[+] [-] djsumdog|7 years ago|reply
[+] [-] coolspot|7 years ago|reply
Transactions are still public by default and you can browse strangers and see what they are paying for.
Crazy!
[+] [-] cjhanks|7 years ago|reply
They forced all of their users to perform all transactions via their cell-phone. When I signed up, that was not the deal.
I am reasonably responsible online and I never in my wild dreams expected that the default behavior was my purchases would be public knowledge. It was not really a big deal since they weren't embarrassing - but imagine the outrage if VISA had a similar policy.
I do not trust Venmo and I hope they go out of business.
[+] [-] orarbel1|7 years ago|reply
[+] [-] chatmasta|7 years ago|reply
[+] [-] valuearb|7 years ago|reply
“Soooorry, this content is not intended to be viewed in this resolution - you wouldn't enjoy it! Either change to the portrait orientation or a bigger screen.
Thanks for understanding!”
And in portrait it’s text is so small to be nearly unreadable.
[+] [-] scienceman|7 years ago|reply
[+] [-] Nightshaxx|7 years ago|reply
[+] [-] heinrichf|7 years ago|reply
[+] [-] mediumdeviation|7 years ago|reply
[+] [-] _eht|7 years ago|reply
[+] [-] phyzome|7 years ago|reply
[+] [-] cbau|7 years ago|reply
[+] [-] trumped|7 years ago|reply
[+] [-] fiatjaf|7 years ago|reply
[+] [-] s_dev|7 years ago|reply
I understand GDPR only applies to EU citizens but I'd imagine theres a lot of EU citizens using this US only product in the US.
[+] [-] toomuchtodo|7 years ago|reply
[+] [-] djsumdog|7 years ago|reply
[+] [-] btown|7 years ago|reply
[+] [-] briandear|7 years ago|reply
[+] [-] matz1|7 years ago|reply
[+] [-] bogomipz|7 years ago|reply
Transparency and privacy are orthogonal concepts. "Radical Transparency" is a management philosophy whereby everyone has access to the same information for the benefit of organizational performance[1]. Posting salary ranges or even employees salaries might be considered part of radical transparency policy. How they spend that salary in their free time is not. The latter provides zero contribution to workplace culture.
I couldn't help but notice your profile doesn't contain your real name or email address or anything about you. That seems at odds with someone who claims to welcome the "Public by default" pattern no?
[1] https://www.psychologytoday.com/us/blog/your-brain-work/2012...
[+] [-] sdf43543t345|7 years ago|reply
[+] [-] briandear|7 years ago|reply
You want “radical transparency?” Lead the way.
[+] [-] eerwrq|7 years ago|reply
Human societies don't work like this, and never had. People aren't meant to live in a world where everything is public. You are advocating for a very dangerous and unhealthy transformation.