It's pretty easy to find people on Venmo if you have the patience to go through someone's friends' list, which is visible to anyone on the app. In fact, it's so easy, BuzzFeed News was able to find the accounts of President Joe Biden, the first lady and other members of their family a couple of weeks ago. Now, the PayPal-owned mobile payment service has started rolling out a change in users' privacy settings that would allow you to hide your friends list. Show Jane Manchun Wong, a software engineer and app researcher known for unearthing yet-to-be-released features in applications, discovered the new setting on Friday. The new Friends List section lets you set your lists to be visible to friends only or to be visible only to yourself. However, it's still set to public by default, which means any Venmo user can see your list unless you go into your settings and change it. You can now choose not to appear in other people's friends lists, though, by making sure the appropriate option is toggled off in the same settings section. Venmo has confirmed the new feature to BuzzFeed News, telling the publication that it's enhancing its "in-app controls providing customers an option to select a public, friends-only, or private setting for their friends list.” The publication says some users have already set their lists to private, but the feature may take some time to make its way to everyone. Critics and groups like the EFF have been calling out Venmo for years now for not giving users the ability to hide their friends lists. It's a privacy and security issue, seeing as it makes it easy for anyone to look up who's paying who. EFF Associate Director of Research Gennie Gebhart said back in 2019: "Your bank doesn't put details of your financial transactions into a public timeline, and Venmo shouldn’t either without your affirmative consent." While the option to hide friends lists now exists, critics believe Venmo's action is still lacking. As Kaili Lambe, a senior campaigner with Mozilla, told BuzzFeed News: "... consumers shouldn’t have to dig around in product settings to find basic privacy protections. Consumers expect privacy to be the default and so do we." All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing. Venmo confirmed it is adding a feature that would let people set their friend list to private or visible only to their friends. By by Ryan Mac BuzzFeed News Reporter andby Katie Notopoulos BuzzFeed News Reporter Updated on June 1, 2021, 8:26 pmPosted on May 28, 2021, 10:47 pm
Sopa Images / LightRocket via Getty Images Venmo, the mobile payments app owned by PayPal, is changing its privacy settings after a BuzzFeed News story uncovered President Joe Biden’s account earlier this month. The move allows people to make their friend list private or restrict who can see it, adding a privacy feature to an app that digital rights groups and critics have called a security nightmare. Two weeks ago, BuzzFeed News used public friend lists, which previously could not be made private, to find the president, the first lady, and members of their immediate family, showing how the app can put people at risk. A spokesperson for Venmo confirmed that the "hide friends" feature has been added and told BuzzFeed News, “We are enhancing our in-app controls providing customers an option to select a public, friends-only, or private setting for their friends list.” On Friday, Jane Manchun Wong, a software engineer who regularly exposes features being tested by companies like Facebook and Twitter before they are released, found that Venmo was building a way to allow people to make friend lists private and tweeted a screenshot. When she experimented with the feature, she told BuzzFeed News, she could toggle options to make her friend list visible to the public, to her friends on the app, or only to her. There was also an option that apparently allowed her to hide her account from other people's friend lists. Twitter: @wongmjane After several tests, BuzzFeed News reporters could see some friend lists that had been set to private, suggesting the change may take some time to become fully functional. “I’m glad Venmo is working quickly to fix this privacy flaw,” Wong said. “Having my Venmo friend list being visible to everyone, I found it odd that they didn’t provide an option for people to make it private.” For years, digital rights groups like the Electronic Frontier Foundation, security researchers, and journalists have warned that Venmo’s public friend lists were a privacy threat. Founded in 2009 on the idea that payments could be another form of social content, Venmo allowed people to pay each other and post about those payments to its public feed and other social media platforms. While many people have criticized the company for making transactions on the app public by default, Venmo’s public friend lists are a separate privacy issue. Even if a person were to set their Venmo account to make payments private, their friend list had remained exposed, providing a window into their personal life that could be exploited by trolls, stalkers, police officers, and scammers. Twitter: @RMac18 Venmo was the only major social network that had a contact-based friend list that could not be made private. Because people use Venmo to get paid, they often use a variation of their real name and real photos of themselves. The app encourages people to import their phone's contact list or Facebook friend list, creating networks where people can friend hundreds of other people on Venmo to allow them to pay others more easily. To remove someone as a friend, a user has to unfriend the person manually. “It's past time for Venmo to take this step, and it's definitely a step in the right direction,” Gennie Gebhart, the acting activism director at the Electronic Frontier Foundation, told BuzzFeed News. “What we'd really like to see Venmo do next is make privacy the default for friend lists and transactions, not just a settings option.” Another privacy issue with Venmo is how it handles people’s photos. BuzzFeed News reported that Venmo stores all old profile photos on its servers, with no way for people to remove them. These old photos are also easily discoverable by lightly editing the image URL on the web version. In 2018, PayPal settled charges from the FTC over its privacy settings and made it easier for people to find the privacy settings for transactions. However, even after the FTC suit, the default for new users was to have all transactions public. It's unclear whether friend lists will still be public by default for new users. “We applaud Venmo for taking a step in the right direction,” Kaili Lambe, a senior campaigner with Mozilla, told BuzzFeed News. “However, consumers shouldn’t have to dig around in product settings to find basic privacy protections. Consumers expect privacy to be the default and so do we.”
Topics in this article
|