I have been complaining about this, basically since Venmo came out. My friends would just say "oh, you just make your account private" like it was no big deal, but I was still flabbergasted. Was it supposed to be some kind of social networking aspect? It just boggles my mind that people would participate in such a product. My primary experience with it was as an undergraduate, where student groups would use it to send money for things like membership fees, outfits, etc. Most of these people were downloading the app for the first time, and I doubt they bothered managing their privacy settings.
The fact that this is now just getting attention kind of makes me want to hit my head on my desk. I'm glad it is though; this site is very well done and I hope Venmo and its users take note.
My sibling and their friends use the Cash app, they find the social networking aspect of venmo appalling. I think when Venmo came out, there was nothing else as convenient, so we accepted the social networking aspect for the convenience.
Man, what a brilliant feature though, for Venmo. Provide users with Emoji autocomplete, get perfectly labeled transactions. If I try to pay my roommate for electricity, it asks me to use a series of emojis that represent "electricity bill." In this way, Venmo is getting users to remove the ambiguity in describing their transactions. Something like "electricity" could refer to say, a night club, but Venmo got me to accurately label it as a power bill.
The number of BS posts on Venmo and made up reasons for payments is quite staggering. It became more of a joke for most people I know. Most of them on my news feed are for "eggplant squirt" emoji or something similar.
I think it's brilliant the same way that an evil genius is brilliant. Still evil though. And yes, that is actually what Venmo does if you try to type in "electricity bill"
Maybe they’ve updated it since I last used it, but I suspect that “dollar dollar bill” is still a subtle tag that indicates that the transaction was a “bill” payment.
I just checked and I still get four emoji: lightning bolt, plug, lightbulb, money with wings (those probably aren’t their proper names, I’m just guessing) with the text “electricbill”
> In this way, Venmo is getting users to remove the ambiguity in describing their transactions.
really? i'm pretty sure there are a predefined set of phrases that map directly to emojis. when they already recognize these phrases, replacing them with an emoji removes no ambiguity for venmo.
What good does "perfectly labeled transactions" do for Venmo? What do a couple of emoji so they know you're paying for electricity do differently than the memo field on a check did decades ago?
Presumably your bank wasnt aggregating all your check's memos to sell to some other adtech firm. The more accurate whoever is aggregating your data is, the more that data is worth.
So I do know that they apparently use it for anti-money laundering purposes. I learned that once when writing a request to some friends along the lines of "food from south of North Korea", causing them to flag my friends' payments to me because mentioning the string "North Korea" must have meant that I was secretly laundering money that way. Stupidly, Venmo required that my friends explain their transactions, not me, the requester.
So the lesson is, you can put jokes into your Venmo payments, but not jokes that imply that you're blatantly laundering money.
> So the lesson is, you can put jokes into your Venmo payments, but not jokes that imply that you're blatantly laundering money.
The implication being that either Venmo investigates you for labeling your transaction that, or you're able to violate NK sanctions by using Venmo and just saying it's for something else...
I guess my point is what adtech firm is going to be interested in a person who pays for electricity? Everyone does that. I pay for water too, but that's not going to help anyone sell me stuff.
I guess electric bill isn't a good example, but I can think of lots of other situations where you might reimburse someone else for a product or service that spends on programatic advertising: flights, hotels, concerts, and obviously, all sorts of food and beverages.
That being said, personally, I'm bearish on programatic advertising.
> I guess my point is what adtech firm is going to be interested in a person who pays for electricity? Everyone does that. I pay for water too, but that's not going to help anyone sell me stuff.
If your electricity bill is big, they could bucket you into a group that's potentially interested in "energy efficient appliances."
On the other hand if you're paying your bills with Venmo you're not in the demographic that buys appliances... If this is actually a valuable thing the winner is Visa/Mastercard, not Venmo. Venmo thinks you had a slice of pizza at some point because of an emoji, but Visa knows what pizza slice you had, when you ate it, how many other people went there that day, etc etc.
Back when cash app supported email I used it because I’d much rather send an email and cc cash with a subject of “send $x”. Completely avoid the bs social stuff that i don’t really want
What pissed me off is the "opt-out" approach to public transactions Venmo takes. As a first time user, it's fairly easy to not see the transaction is going to be public (and the privacy button is small and tucked away in a corner).
Venmo just makes me paranoid about transactions. I want to make sure I am paying the right person (hard to tell sometimes when searching for a friend). I also don't want other people to see my transaction AMOUNT most importantly (seems like an easy way for a criminal/fraudster to target people with lots of money). Further, once you hit send, there is basically no recourse in stopping the transaction (which is why scammers use Venmo, since Venmo support basically says "your problem, not mine").
Other people may have different experiences and perfectly enjoy the app, but this steered me clear of it.
I just created a Venmo account today, since I'm going to a class that requires payment via Venmo or cash, and I have no cash. They had a few screens at initial sign in that went over public vs private, and let you set it right there, although they advised leaving everything public. So at least they are making it easy to change for a first time user now that this news has come out.
Teenagers/college students use it to show off they are hanging out with each other without looking like they're trying. That probably increased its adoption by young people.
This is why I use Apple Pay, with Apple, I can safely assume privacy is protected. With many other companies, especially PayPal ones, privacy is an inconvenience to their business model.
Yeah and to top things off they don't appear to store transaction history longer than 90 days so If you need to reach back (like me having to prove I paid my rent) then it becomes a huge hassle, if even possible...
Another FYI for anyone who uses venmo. A few months ago, they changed their method for adding bank accounts. In most cases, they force you to use the plaid method, which straight up asks for your bank password. Do not use it. You will literally give venmo/plaid etc. your entire bank account history. It's done very disingenuously because the log in screen for plaid is meant to look like your bank login.
In most cases they even explicitly instruct you to "disable extra security at sign-on" so their scrapers can login with your password. It's absolutely bonkers.
It's hard to regulate the users' ignorance or to prevent the use of awful dark patterns like "public by default."
But it would be a more ethical world if every site with public-facing social features had to create something like the presentation that publicbydefault.fyi has put together here. Something that graphically exposes the exact privacy implications of the data people are leaking. Privacy is at this point an educational problem as much as a technical problem, and it's on us to figure out the best practices for how to teach it.
Wait is is this still true? Transactions are still public to the world by default? I remember seeing this a while back and would have thought Venmo/Paypal would have changed the default by now. I guess that's not the case?
Not long ago Venmo's ability to pay at the website was "Under Construction"... and it never came back.
They forced all of their users to perform all transactions via their cell-phone. When I signed up, that was not the deal.
I am reasonably responsible online and I never in my wild dreams expected that the default behavior was my purchases would be public knowledge. It was not really a big deal since they weren't embarrassing - but imagine the outrage if VISA had a similar policy.
I do not trust Venmo and I hope they go out of business.
I'm surprised nobody has commented on the quality of this website. It's really well done! It's entertaining, informative and aesthetically pleasing all at the same time. Nice job to whomever made it.
“Soooorry, this content is not intended to be viewed in this resolution - you wouldn't enjoy it! Either change to the portrait orientation or a bigger screen.
Thanks for understanding!”
And in portrait it’s text is so small to be nearly unreadable.
To be honest I had no idea they even made transactions public and I'm definitely more proactive about turning on privacy settings than the average consumer. I thought it was just a friends thing......I didn't know it was everyone in the world....
Teenagers/college students use it to show off they are hanging out with each other without looking like they're trying, which probably increases adoption by young people.
This doesn't seem very GDPR compliant. Though I don't know -- it at least just doesn't seem that way, it could be. "By default privacy isn't baked in" something that GDPR does require.
I understand GDPR only applies to EU citizens but I'd imagine theres a lot of EU citizens using this US only product in the US.
GDPR applies to EU residents (“data subjects”). EU citizens in the US are not protected by GDPR. I don’t believe Venmo operates in the EU (as it’s a shim for US financial infrastructure).
Say you went to a place where child sex traffic was legal, or the laws not enforced. This is illegal in several EU countries and the US, and you can be prosecuted upon return:
I imagine if any of these people were an EU citizen and actually asked in paper writing to be removed, they would be. GDPR does not require that companies make this process electronically initiated, nor that deletion be the default.
You might be confusing EU citizens with EU residents. An EU citizen in the US, dealing with a US health provider is covered by HIPAA, while an American citizen dealing with an EU health provider is not covered by HIPAA.
EU consumer protection laws don’t apply to items purchased in the US, nor do US laws apply on EU purchases.
There seems to be confusion over “jurisdiction.”
An EU citizen resident in the US is subject to both EU and US tax law, but a US employer who hires a US resident who happens to be an EU citizen is not subject to EU tax law because that US company, in this context, is not within the jurisdiction of the EU, while an EU citizen still retains obligations to the EU by virtue of citizenship. (And vice versa for Americans.)
Venmo isn’t doing any EU business even if EU citizens are using the system within the US. The citizenship of the customer is irrelevant.
Venmo is owned by PayPal who have an existing entity and operation in the EU -- they are absolutely covered by GDPR and they can't get out of it by having a subsidary based exclusively in the US.
I welcome this public by default pattern. Same thing could be said from the other side, public by default is an educational problem, it's to figure out the best practices for how to teach it to the older generation on how to adapt in the society where everything is public. To me privacy issue is better solved by radical transparency for everyone. Public by Default is a good initial step.
>" To me privacy issue is better solved by radical transparency for everyone. Public by Default is a good initial step."
Transparency and privacy are orthogonal concepts. "Radical Transparency" is a management philosophy whereby everyone has access to the same information for the benefit of organizational performance[1]. Posting salary ranges or even employees salaries might be considered part of radical transparency policy. How they spend that salary in their free time is not. The latter provides zero contribution to workplace culture.
I couldn't help but notice your profile doesn't contain your real name or email address or anything about you. That seems at odds with someone who claims to welcome the "Public by default" pattern no?
I very deeply disagree with your sentiment. This kind of thing is about normalising authoritarian intrusion into your life, and total destruction of privacy. Radical transparency for all is the worst possible scenario -- you, me, we all have secrets; Secrets are important for business, they are important for friendship, they are important for the continued prosperity of society. There are many things that you dont have the right to know, and I have the right not to tell you. You are talking about coercively forcing all secrets into the open. I can tell you that many would not live productive, or even long lives if this was the case.
I would expect transparent society would be a very different society, whether it worse, I'm not sure. I hate having to keep secret because it inconvenient and costly but unfortunately in today society is necessary.
Please provide a link to your latest bank statement, your last 5 years of web browsing history, full address, phone number and a link to a gallery of every photo on your phone. Perhaps your last 10 tax returns as well. Maybe a video feed of you and your family.
How many defaced pictures of peoples' kids redistributed to harass people? FYI: I see that insane failure of human decency happening in 2018, on Facebook, in reality currently.
> Please provide a link to your latest bank statement, your last 5 years of web browsing history, full address, phone number and a link to a gallery of every photo on your phone. ... You want “radical transparency?” Lead the way.
> Sure, if you give me yours as well. Ideally i want all of this to be public for everyone.
You're the one advocating solving the privacy issue with "radical transparency for everyone." It's cowardly for you to expect others to take the risk and lead the way, especially people who don't agree with you.
You go first. We'll all then follow your lead. At least put your real name, phone number, and email address in your HN profile. But if you can't put up, shut up.
I'm not interested to be the leader, but I'll support other, in this case such as what venmo did. Regardless what I did, the society seems to go toward that way anyway.
> To me privacy issue is better solved by radical transparency for everyone.
Human societies don't work like this, and never had. People aren't meant to live in a world where everything is public. You are advocating for a very dangerous and unhealthy transformation.
Society always changing. It will not be a quick change, it will be gradual. It seem like the trend is going toward that way though.We have this expression "Information wants to be free". The advancement of technology make it easier for information to spread. Most kids today is already gradually accustomed to live where many thing is public.
i always took the expression to be a valueless statement on the tendency of digital information to be widely disseminated. more "you can't stop the signal" than a moral claim.
The fact that this is now just getting attention kind of makes me want to hit my head on my desk. I'm glad it is though; this site is very well done and I hope Venmo and its users take note.