Ryan Mac, Katie Notopoulos, Ryan Brooks, and Logan McDonald, Buzzfeed News:
On Friday, following a passing mention in the New York Times that the president has sent his grandchildren money on Venmo, BuzzFeed News searched for the president’s account using only a combination of the app’s built-in search tool and public friends feature. In the process, BuzzFeed News found nearly a dozen Biden family members and mapped out a social web that encompasses not only the first family, but a wide network of people around them, including the president’s children, grandchildren, senior White House officials, and all of their contacts on Venmo.
While many critics have focused on how the app makes all transactions public by default, Venmo’s friends lists are arguably a larger privacy issue. Even if a Venmo account is set to make payments private, its friends list remains exposed. There is no setting to make this information private, which means it can provide a window into someone’s personal life that could be exploited by anyone — including trolls, stalkers, police, and spies.
I would love to know why Venmo continues to believe that its financial services app demands a poorer degree of privacy protection than a protected Twitter account. Buzzfeed documents an extraordinary list of proven privacy vulnerabilities that I am sure most people do not think of when they send someone a few bucks. This is not new information; this is basic stuff. And it isn’t like Venmo is some startup that just doesn’t know better — it is owned by PayPal.