Pixel Envy

Written by Nick Heer.

Venmo Transactions Are Public By Default

Olivia Solon, the Guardian:

Anyone can track a Venmo user’s purchase history and glean a detailed profile – including their drug deals, eating habits and arguments – because the payment app lacks default privacy protections.


By accessing the data through a public application programming interface, Do Thi Duc was able to see the names of every user who hadn’t changed their settings to private, along with the dates of every transaction and the message sent with the payment. This allowed her to explore the lives of unsuspecting Venmo users and learn “an alarming amount about them”.

The default state for transactions when a user signs up to the app is “public”, which means they can be seen by anyone on the internet. Users can change this to “private” by navigating to the app’s settings, but it’s not clearly highlighted during sign-up.

Hang Do Thi Duc’s resulting work, Public By Default, is extraordinary. She has extrapolated fairly rich narratives from payment data alone. It’s worth checking out in full.

But let’s not waffle here: why was — and is — Venmo’s transaction data public? Sure, it doesn’t show the amounts, but who would have designed any payments system with a totally unauthenticated method to view anyone’s payment history? Isn’t that a base expectation of any finance-related system? Am I missing something here, or is this just unbelievably stupid of Venmo?