EFF and Mozilla write open letter to Venmo about its lack of privacy

The decade in internet scamming
From Yahoo boys to Caroline Calloway, scammers were a big part of the 2010s.

See all Editor's Picks

The Electronic Frontier Foundation (EFF) and the Mozilla Foundation are demanding that mobile payment service Venmo fix numerous privacy issues affecting its app.

In a letter Wednesday to Venmo parent company PayPal, the two organizations called for the implementation of stricter privacy settings.

“We are writing to express our deep concern about Venmo’s disregard for the importance of user privacy, and to call on Venmo to make two critical changes to its privacy settings: make transactions private by default, and give users privacy settings for their friend lists,” the letter states.

Venmo, which lets users to send and receive money, currently makes everyone’s transaction history public unless they dig through the app’s settings to make them private. Users’ friend lists are also public and the option to make them private does not exist.

The letter specifically cites Hang Do Thi Duc, a privacy researcher who in 2018 revealed how Venmo’s lax privacy settings allowed her to view everything from users purchasing drugs to fights between significant others.

Dan Salmon, another researcher interested in Venmo, was also able to collect data on seven million public Venmo transactions earlier this year.

The letter further states that failing to fix the privacy issues leaves Venmo users open to “stalking, snooping, or hacking.”

“In an era of massive financial data breaches, consumers are increasingly concerned and Venmo has the opportunity to lead the way by making privacy its default,” the letter adds. “As two organizations deeply invested in the strength and health of a secure, private, and vibrant internet, we urge you to make these pro-privacy changes.”

Despite the pressure, Venmo thus far does not appear willing to change the settings for its app.

READ MORE: 

Mikael Thalen

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.