I have been complaining about this, basically since Venmo came out. My friends would just say "oh, you just make your account private" like it was no big deal, but I was still flabbergasted. Was it supposed to be some kind of social networking aspect? It just boggles my mind that people would participate in such a product. My primary experience with it was as an undergraduate, where student groups would use it to send money for things like membership fees, outfits, etc. Most of these people were downloading the app for the first time, and I doubt they bothered managing their privacy settings.<p>The fact that this is now just getting attention kind of makes me want to hit my head on my desk. I'm glad it is though; this site is very well done and I hope Venmo and its users take note.
Another FYI for anyone who uses venmo. A few months ago, they changed their method for adding bank accounts. In most cases, they force you to use the plaid method, which straight up asks for your bank password. Do not use it. You will literally give venmo/plaid etc. your entire bank account history. It's done very disingenuously because the log in screen for plaid is meant to look like your bank login.
It's hard to regulate the users' ignorance or to prevent the use of awful dark patterns like "public by default."<p>But it would be a more ethical world if every site with public-facing social features had to create something like the presentation that publicbydefault.fyi has put together here. Something that graphically exposes the exact privacy implications of the data people are leaking. Privacy is at this point an <i>educational</i> problem as much as a technical problem, and it's on us to figure out the best practices for how to <i>teach</i> it.
Wait is is this still true? Transactions are still public to the world by default? I remember seeing this a while back and would have thought Venmo/Paypal would have changed the default by now. I guess that's not the case?
Not long ago Venmo's ability to pay at the website was "Under Construction"... and it never came back.<p>They forced all of their users to perform all transactions via their cell-phone. When I signed up, that was not the deal.<p>I am reasonably responsible online and I never in my wild dreams expected that the default behavior was my purchases would be public knowledge. It was not really a big deal since they weren't embarrassing - but imagine the outrage if VISA had a similar policy.<p>I do not trust Venmo and I hope they go out of business.
I'm surprised nobody has commented on the quality of this website. It's really well done! It's entertaining, informative and aesthetically pleasing all at the same time. Nice job to whomever made it.
To be honest I had no idea they even made transactions public and I'm definitely more proactive about turning on privacy settings than the average consumer. I thought it was just a friends thing......I didn't know it was everyone in the world....
This doesn't seem very GDPR compliant. Though I don't know -- it at least just doesn't seem that way, it could be. "By default privacy isn't baked in" something that GDPR does require.<p>I understand GDPR only applies to EU citizens but I'd imagine theres a lot of EU citizens using this US only product in the US.
I welcome this public by default pattern. Same thing could be said from the other side, public by default is an educational problem, it's to figure out the best practices for how to teach it to the older generation on how to adapt in the society where everything is public. To me privacy issue is better solved by radical transparency for everyone. Public by Default is a good initial step.