Privacy: Venmo, Subsidiary of Paypal, Leaves Transactions on the Internet



[ad_1]

Paypal's daughter, Venmo, announces her services as "The easy and fun way to send, spend and receive money". Transactions managed by the payment service are publicly visible by default and can be entertaining to non-users. The computer student, Dan Salmon, collected seven million transactions and published them on Github, as reported by Techcrunch. The payment service currently has about 40 million users.

Job market

  1. Pfennigparade SIGMETA GmbH, Stuttgart
  2. ERGO Group AG, Düsseldorf



A year ago, developer and privacy researcher Hang Do Thi Duc was able to download more than 207 million records from Venmo. She prepared the data in a creative and fun way with the project Public By Default. In addition to various statistics, she uses the data to tell small stories about the lives of Venmo users, such as a married couple who go to the vet, shop at Walmart and order some takeaway. With the project, Do Thi Duc wanted to draw attention to the privacy issues of the payment service. She has anonymously released the data and stories and explained in a tutorial how users can delete the public setting.

Venmo data has also inspired other projects, such as Bot Twitter called "Who buys drugs from Venmo?" This was searched in the transaction comments for expressions or emoticons, and then tweeted the profile images and user names of the participating Venmo users. The tweets have since been deleted.

Data is easy to recover

Little has changed since then. Salmon has been able to download millions of records in the last six months. Venmo has not responded to press requests nor changed the default settings. On the venmo.com/api/v5/public?limit=1 URL, the latest transactions on Venmo can still be viewed by anyone.

Via the API, data such as user names, first and last names, links to profile pictures, as well as the date of registration of the sender and the recipient, as well as the commentary of the transaction concerned can be viewed publicly. "There is really no reason to open this API for unauthenticated queries"Salmon Techcrunch said. Venmo has now limited API requests to 40 transactions per minute – but this still allowed the researcher to read about 57,600 transactions per day.

[ad_2]
Source link