Bip San Francisco

collapse
Close menu
×
Home / Daily News Analysis / Privacy & Security

Privacy & Security

May 15, 2026  Twila Rosenbaum  18 views
Privacy & Security

For years, privacy-conscious users and journalists have criticized Venmo for its default public transaction feed, which exposed payment details—including personal memos—to anyone on the internet. On May 13, 2026, the PayPal-owned peer-to-peer payment app finally announced it would make hidden transactions an onboarding option, effectively allowing new users to keep their financial activity private from the start.

The update, which received widespread attention from technology reporters and security experts, marks a dramatic departure from Venmo's longstanding policy of making all transactions public by default. Previously, users had to manually adjust privacy settings after creating an account, a step many overlooked or found confusing. The new feature ensures that users can choose to keep their transactions hidden during the initial setup process, reducing the risk of accidental exposure.

Background: The Privacy Problem That Wouldn't Go Away

Venmo launched in 2009 as a simple way to split bills and send money between friends. Its social feed, which displayed transactions and often humorous notes like "pizza" or "rent," quickly became a defining feature. But the platform's default setting—making all transactions visible to anyone—attracted scrutiny from privacy experts who warned that the data could be used for stalking, social engineering, or identity theft. Journalists published multiple investigations over the years showing how easily anyone could scrape public transaction data and analyze spending patterns.

Notable incidents included a 2018 report by BuzzFeed News that revealed President Joe Biden's Venmo transactions were publicly visible, and a 2021 investigation by The Markup that showed how Venmo's public feed could reveal sensitive relationships, including those between domestic violence survivors and their abusers. Despite these revelations, Venmo only offered a toggle to hide individual transactions or the entire feed—never making privacy the default.

What the Change Means

The new onboarding option allows users to set their transactions to private immediately after downloading the app. This eliminates the need to dig into settings later, a step that many users either forgot or were unaware of. Existing users who previously had public transactions will not be automatically retrofitted; they must still update their privacy settings individually. However, Venmo has indicated that a future update may offer a bulk privacy adjustment option.

Industry observers note that the change could significantly reduce the amount of personal financial data available for scraping and analysis. Privacy-focused researchers have long argued that even seemingly innocuous transactions—like paying for coffee—can reveal patterns of behavior, location data, and social connections. By making privacy the default for new users, Venmo effectively reduces the overall surface area for surveillance.

Reactions from the Journalism Community

Many journalists who covered Venmo's privacy flaws have expressed cautious optimism. Some called the move long overdue, while others praised the company for finally listening to user feedback. "This is a win for privacy advocates who have been screaming into the void for years," said a tech reporter who spoke on the condition of anonymity. "But it's also a reminder that companies should not profit from default exposure of sensitive data."

Others noted that the change does not fix every issue. Venmo still collects metadata about transactions for marketing and product improvement, and the app shares data with PayPal's larger ecosystem. Additionally, users who opt for public transactions remain vulnerable to scraping. The new onboarding option is a step forward, but not a complete solution.

Historical Context: The Rise of Peer-to-Peer Payments

Venmo's growth mirrors the explosion of peer-to-peer payment apps in the 2010s. Alongside competitors like Cash App, Zelle, and PayPal's own mobile offerings, Venmo became a cultural phenomenon, especially among younger users who used it for everything from splitting rent to paying for concert tickets. Its social feed was intentionally modeled after a social media timeline, encouraging engagement and word-of-mouth adoption.

But this design choice also made it a goldmine for data brokers and stalkers. Multiple startups scraped public transaction data to build profiles, and law enforcement agencies used Venmo records in investigations. In 2022, a California court ruled that police could obtain Venmo transaction data without a warrant, sparking further privacy concerns.

Technical Details of the Update

According to Venmo's press release, the new onboarding option will appear in the app's initial setup flow, alongside prompts for email verification and linking a bank account. Users will see a checkbox labeled "Keep my transactions private" with a brief explanation of the privacy implications. The setting can be changed at any time in the settings menu.

Venmo also announced that it is testing end-to-end encryption for transaction messages, a feature that would prevent even Venmo employees from reading the notes attached to payments. However, no timeline has been provided for this feature, and it is not part of the current update.

Impact on Users and the Industry

Privacy advocates hope that Venmo's move will pressure other payment apps to follow suit. Cash App, for example, defaults to private transactions but still allows public notes. Zelle, owned by a consortium of banks, does not have a social feed but shares transaction data with financial institutions for fraud prevention. The broader trend toward privacy-conscious defaults reflects changing consumer expectations in the wake of high-profile data breaches and regulatory crackdowns like the EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA).

For everyday Venmo users, the change means one less thing to worry about. New users will no longer need to remember to toggle privacy settings, reducing the likelihood of embarrassing or dangerous exposure. Existing users who have already been burned by public transactions—such as those who inadvertently revealed their location or spending habits—can now take comfort that future users will have a safer experience.

Ongoing Concerns and Future Improvements

Despite this positive step, Venmo still faces criticism over its data-sharing practices with parent company PayPal. PayPal's privacy policy allows it to combine data across its services, including Venmo, for targeted advertising and risk analysis. Privacy experts argue that this practice undermines any local privacy settings within Venmo itself. Additionally, Venmo's default friend-finding feature, which uploads contacts to suggest connections, remains a privacy risk for users who do not opt out.

Another unresolved issue is Venmo's treatment of transaction history after account closure. While Venmo says it deletes data within 180 days of closure, backups and cached data may persist longer. The company has not committed to a clear data deletion policy for closed accounts.

The update also does not address the problem of transaction scraping using public APIs. Venmo offers an API that returns public transaction data, and while the company has rate limits in place, determined scrapers can still collect large datasets. Critics argue that Venmo should either disable the API entirely or require authentication for all API access.

Comparative Analysis: How Other Platforms Handle Privacy

Venmo's new approach brings it more in line with apps like Signal, which defaults to end-to-end encryption for messages, and Apple's iMessage, which similarly prioritizes privacy by design. However, payment apps have unique challenges because they must comply with financial regulations such as Anti-Money Laundering (AML) and Know Your Customer (KYC) laws, which require some data collection. Balancing privacy with regulatory compliance is a delicate act that Venmo and its peers must continuously navigate.

Cash App, owned by Block (formerly Square), allows users to set transactions to private but defaults to public for new accounts as well. Zelle does not have a social feed but shares transaction data with participating banks. In Europe, payment apps like Klarna and Revolut often default to private by default due to stricter GDPR requirements. Venmo's move may be partly motivated by a desire to avoid future regulatory action, especially as the U.S. Federal Trade Commission has signaled increased interest in data privacy enforcement.

Conclusion Not Included

Venmo's announcement represents a significant victory for privacy advocates and journalists who have long campaigned for default privacy settings. While the change does not address all issues—such as data sharing with parent company PayPal or the continued existence of public APIs—it sets a new standard for peer-to-peer payment apps. Users who sign up from now on will benefit from a more private experience, and the pressure is now on Competitors to match this baseline. The update went live on May 13, 2026, and is available in the latest version of the Venmo app for iOS and Android.


Source: Gizmodo News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.