How I built a Chrome extension that found thousands of Venmo users PUBLICLY revealing their failed dates, late night food runs, losing poker streaks, and more...
This blog post was adapted from findings in this paper published in Technology Science.
As a college student in the U.S., Venmo has become an app that is hard to live without. Whenever I end up owing someone money for a meal they covered, a bet I lost, or even rent, Venmo is there to help settle the tab instantly. By simply typing in a name, an amount to send and a message describing what the payment is for, I can send almost anyone money using nothing but my phone. It's just so easy to instantly settle debts on the go.
After a few uses of Venmo, I noticed that the app was giving me the option to share transactions (minus the amount) publicly on my Venmo newsfeed.
This transaction (the message, who is paying whom and the time the payment was sent) will be shared publicly, which can been seen by the setting highlighted in red.
Upon first glance at my newsfeed I didn't think that this was an issue. What do I care if the world can see that my roommates and I paid each other for dinner from time to time?
My summer roommate's public Venmo newsfeed on the Android app.
As I started to poke around these newsfeeds though, I realized that Venmo had a default to share all transactions publicly, which many of my friends never turned off. This meant that if I, or anyone else on Venmo, scrolled back through my friends' newsfeeds I could view their entire transaction histories.
I decided to write the Money Trail extension, which you can get here, to aggregate and visualize the data from an individual's Venmo newsfeed. With Money Trail I could see what the app was really revealing about my friends.
A walkthrough of Money Trail using my Venmo data, to give a sense of how the extension works.
What I Found
It may be hard to imagine that the simple information that you made a transaction with a certain message could reveal anything invasive about you. However, I discovered that if I add up the information from all of the transactions you make on Venmo I can start to see patterns about who you interact with, when you interact with them, and most importantly the context of interaction, which lets me infer a lot about your life.
A screenshot of my summer roommate's public newsfeed on Venmo.com. Including a charge from me for "August rent".
Let's start with my summer roommate's public Venmo transactions. At first glance it is pretty easy to tell that we spent a lot of time together, because of the large number of transactions we had over July and August. Additionally a July 3oth payment with the message "August rent" makes it easy to tell that we were roommates.
The people my roommate interacted with the most over the summer according to Venmo.
Money Trail's bubble graph visualization of his newsfeed data shows that my roommate had a large number of public Venmo transactions with me, his high school friend Sanjay and our other roommate Nikhil. This reflects the fact that we all frequently spent time (and money) together over the summer.
On top of this I realized that my roommate, along with many of my other friends, frequently split transportation costs and meals via Venmo, often including things like Uber destinations and restaurant names in the message. This made it easy to find out exactly who these friends are getting dinner with most evenings as well as where they are going on outings with others.
Because all these transactions are shared publicly, not just with friends on the network, anyone on Venmo can discover these things. As an example I looked at the transaction history for someone I had no connection to on Venmo, let's call her "Sarah".
The transaction history for a user I am not friends with and have no mutual friends with.
Like with my roommate's history, with Sarah I am able to tell who her roommate in New York is, who she is eating meals with, and where she is going on outings with others. I can even see who she is going on dates with.
It does not stop there. Last semester I was in an active poker group on campus organized by a small group of individuals, and since almost no one carries cash, Venmo became the default way to buy into these games.
Money Trail's transaction chart for one of the poker game organizers, highlighting a buy-in from one of the frequent players.
Diving into the chart for one of the frequent game organizers (who collected buy ins and paid winners) I can tell when these games are taking place, who is buying into each one, and who is walking away empty handed.
Individuals aren't the only ones sharing data publicly on Venmo. Small businesses around Harvard's campus have recently begun to use the app.
Money Trail's transaction chart for a campus grill that accepts Venmo payments highlighting orders from a frequent customer (incidentally this is a great analytics tool for the grill).
Last semester a grill on campus started accepting Venmo for food orders. Looking though the public transaction data, I can see who is ordering from the grill, when they are ordering food, and even the exact items they are ordering. For example, from this data I was able to tell that one of my friends was a frequent customer at the grill, and tended to order a chicken quesadilla and milkshake most weekend nights around 2 a.m.
It isn't just campus businesses that are using Venmo to collect cash, many student-run organizations have started to accept dues over Venmo. This means that I am able to get a pretty comprehensive list of an organization's members by looking through their public Venmo history.
All the members of a student-run drinking Society at Harvard who have paid dues via Venmo.
I discovered I could find member lists for many of the ethnic, religious and cultural associations on campus, as well as most of the fraternities and sororities. This isn't just limited to Harvard organizations.
All the members of the Kappa Sigma fraternity at a university in Pennsylvania who paid dues via Venmo.
Many of the student organizations on Venmo also sell things via the app, such as swag and tickets to events.
The Venmo transaction history for an organization over the week that they were selling tickets for their formal event.
Beyond letting me see who is buying T-Shirts from an organization, this public data allows me to generate a comprehensive list of who has paid to attend an organization's events, such as concerts and parties.
Even with all this, it seems that I have only scratched the surface with the kind of things I can find by looking though users' public Venmo feeds with Money Trail. If you want to visualize your friends' Venmo data to see for yourself what fun (and creepy) things you can uncover, you can download the extension for Chrome here. The code is also available and open source on Github.
Is There An Issue?
You may wonder if this is even a problem? After all, users always have the option to switch the visibility of their payments to "Friends only" or "Participants Only", so people must know that they are sharing this information.
The menu on the Android app to let you change an individual transaction's public visibility. This is accessible by holding down on any transaction in your newsfeed.
However, the fact that many of the friends who I showed this extension to were taken aback by accuracy with which the chart described their social life, suggests that the issue is more nuanced.
The problem seems to be similar to the one I uncovered with my previous work on Facebook Messenger's location sharing default. Because public sharing of transactions is the default setting on Venmo, people rarely go through the trouble to change it, especially when it's so easy to ignore the fact that any given transaction is being shared.
With Venmo's Android notification, highlighted here, you don't even have to think about who you are sharing your transaction with. All you have to do is hit "Accept".
People often don't realize that through their use of Venmo they are inadvertently broadcasting a lot of information about themselves over time, and this data can be added up to reveal some pretty personal things.
Beyond being a privacy issue, the availability of this data may also become a security problem. Slate showed in a few recent articles that fraud on Venmo is already happening in a variety of ways and an M.I.T. paper published in 2014 mentioned that having public transaction data available could make users more vulnerable to fraud, since attackers can use it to identify users' close friends on Venmo and pose as them.
Make it Stop!
At this point you might be asking if there is an easier way to keep your Venmo history private than individually setting the visibility of each one of your new transactions. At first glance it seems pretty easy. As soon as you open the settings page, without even scrolling down, you can see the "Default Audience" setting under Sharing and switch it to private.
A screenshot of the settings page on Android app immediately after being opened, highlighting the "Default Audience" sharing setting, which is set to private.
However you may soon realize that public transactions involving you are still showing up on your newsfeed. That's because the "Default Audience" setting only makes the charges and payments you initiate private. Any charges or payments initiated by friends who have not changed their default privacy setting will still be shared publicly.
To hide these kinds of transactions you have to go back into the settings page and scroll down to find the easy-to-miss "Transactions Involving You" setting, which was only recently added to the Android app, and switch that to private as well.
A screenshot of the setting page the Android app after scrolling down, highlighting the "Transactions Involving You" setting, which is still set to public.
While Venmo.com and the iOS app were recently updated with a setting that let's you make your entire transaction history retroactively private, as of the most recent version of the Android app the only way to hide your past public transactions is by individually setting the visibility of each one.
This jumble of settings strikes me as not very streamlined and leaves me wondering why managing Venmo privacy is so complicated? I'm not saying Venmo is purposefully trying to make this process tedious or hard for users, however there certainly aren't huge incentives for the app to make users share fewer payments publicly. I gave my financial information to Venmo because I could see online that so many friends of mine were frequently using the app, and Venmo's head of growth confirmed that users join the app at a higher rate if they are able to see other people, especially friends, publicly using it.
I am not the first person to notice the potentially privacy invasive nature of the default sharing feature on Venmo, and I am not the first person to build an app that demonstrates it's consequences. While Venmo has been forced by regulators to be responsive to security issues, the company has done little to tighten its privacy controls in response to public criticism.
With all this said I am probably going to remain a Venmo user, even though I know that I must be constantly vigilant about my privacy when I am using the app. This is not because there is no better alternative, Square Cash does essentially the same thing without a sharing feature, and this is not because I don't care about sacrificing my privacy. This is because everyone I know and almost everyone I meet is already on Venmo, making it simply too convenient to stop using entirely.
It seems as if the price Venmo is charging for the convenience that it provides is a bit of your privacy. With the Money Trail extension you can see for yourself how much of your privacy Venmo is costing you and decide for yourself if that is a price you are willing to pay.
For deeper analysis check out the corresponding paper in Technology Science.