Venmo did not immediately respond to the request for wired comments. In a statement given to Wired in response to questions about Waltz and Wiles accounts, spokesperson Erin Mackey said: “We take the privacy of our customers seriously, this is why we allow customers to choose their confidentiality settings on VenMo for their payment lists and individual friends – and we are incredibly simple for customers to make them private.”
“From my point of view, as a veteran, everyone has the right to use the applications and services they deem necessary to live their lives,” said Tara Lemieux, a 35 -year -old veteran from the American intelligence community, including the National Security Agency, the Department of Homeland Security and support agencies. “That said, when you publish something in these third -party applications and you do not understand how this information can be shared or used, you take a risk for our nation – and it is not acceptable.”
For Lemieux, while public transactions on VEVMO may seem harmless, foreign intelligence services – notes in particular intelligence agencies – are looking for models: who pays who, how often and when. “Let’s say they make payments to their children – now you have a lever point. If there is someone looking to target you, they can use this information and start scareing you for the safety of your children, ”says Lemieux.
“The speed of the digital world has exceeded our ability to maintain it,” she adds. “If you have all this information there-How will you make the toothpaste in the tube?”
Mike Yeagley, specialist in commercial data and its security risks, has spent more than 15 years advising the US Department of Defense on how allies and opponents use what he calls “digital exhaust”, apparently banal details – social connections, service transactions and metadata trails – on the left in daily applications. “At the highest level of our national security leadership, whatever the administration, there must be an awareness of our data and what we are planning that can be discovered,” he says.
“What is the risk of someone at the cabinet using Venmo to pay for personal coach? On the surface, that doesn’t look like much,” said Yeagley. “But now I know who is this coach – or the gardener, or anyone – and suddenly, I have widened my ability to target by identifying the people around this civil servant.”
Yeagley adds that “our opponents are sophisticated and carnivores in their data collection”, which means that “the smallest piece of daylight interests someone sophisticated. They will use this data point. They will get away with it. “
According to VEMMO, its “contact synchronization” function allows users to download telephone contacts to the application so that they can find people they know. When these VenMo exhibited accounts were configured – everything before 2020 – the application displays an invite allowing users to synchronize their telephone contacts, automatically filling their list of friends with anyone in their address book which already uses the platform. Venmo says that this feature was obsolete over two years ago. Today, the synchronization of contacts no longer creates default connections. To add someone as an IMI, users must look for them, send a request and make them accept.
Nevertheless, according to Venmo’s privacy policy, unless users proactively modify their confidentiality parameters, their network remains visible for anyone. This means that even when a user defines his account on Private, his list of friends remains visible unless she takes an additional step. From publication, hiding your connections requires navigating to Parameters > Confidentiality > Friends and select Private.
Stephen Lurie contributed the reports.
