Venmo

7 million Venmo transactions were collected by a college student to prove a point about privacy

You might not think much of the descriptions you put in Venmo transactions, but you just might be snitching on yourself. Dan Salmon, a computer science student at the Minnesota State University, Mankato, showed just how easily others can get ahold of just about anyone's Venmo activity. According to TechCrunch, he scraped seven million transactions over the course of six months that were available through the app's public feed — something that users may not fully be aware of or understand the implications of.

Here's the deal with Venmo activity: when you send or receive money, a transaction is created. The app requires you to add some sort of description of the deal. That can be text explaining what it's for, an emoji or basically whatever you want it to say. (This has resulted in people making jokes that end up getting them suspended.) The person you sent it to will get a notification, and the transaction will, depending on your settings, be viewable in the global feed, which shows all public transactions, and your friends feed, which shows transactions made by people you are connected to.

As fun as the social feed is, it's also fairly revealing. By default, Venmo accounts allow for transactions to be viewed by anyone. Venmo noted to Mic that transactions don't include dollar amounts and payments made through Pay With Venmo — a service that allows users to pay retailers using their Venmo balance — or made with the Venmo card are not posted to the feed.

Still, many feel there isn't enough clarity in what is being shared and just how accessible it is. Salmon was able to snag full public transactions histories from users, including information like who they shared money with, when the transaction was completed, and what the accompanying description was. Venmo says that people should be aware that transactions are public because the app opens directly to the social feed. The company called that the first step in educating users that Venmo is a social app, suggesting that they should expect their transactions to be seen by others.

They probably aren't expecting those transactions to be seen by literally everyone, though. That's what Salmon attempted to draw attention to. All of the transactions he scraped from Venmo are available on GitHub for people to view, download and explore. "I am releasing this dataset in order to bring attention to Venmo users that all of this data is publicly available for anyone to grab," he wrote.

This isn't the first time that someone has done this. Last year, privacy researcher Hang Do Thi Duc downloaded more than 207 million transactions publicly shared on the app to prove how easy it was to do. Venmo responded by kind-of-sort-of making its platform more private. The company changed its privacy guide to help users navigate their options. But for the most part, the same issues that were present when Hang Do Thi Duc scraped the app remain today.

How to make your Venmo transactions private

If you want to avoid having all of your money swapping between friends from getting caught up in the next sweep of public-facing transactions, it's relatively easy to do so. All you need to do is open up Venmo and navigate to the Settings menu (found in the sidebar activated by tapping the three-lined icon on the upper left-hand side of the app). Tap Privacy, which will display your default privacy setting for all transactions. Change the selected option to Private. Doing so will make it so only you and the recipient will be able to see the transaction.

Venmo

When you go to change your setting, a weird thing will happen. Venmo will serve a pop-up that warns you about changing your privacy setting, informing you that you can change the setting on each transaction individually. This is silly! People should be able to set their transactions to private without Venmo trying to talk them out of it. Tap the Change Anyway button and ignore Venmo's nonsensical prompt.

If you want to lock down the rest of your account, you can retroactively make all of your previous transactions private as well. Under the More heading in the Security menu, select Past Transactions. From here, you can select Change All to Private to make your past money swaps only visible to you and the other person.