Venmo did not immediately respond to britcommerce’s request for comments. In a statement given to britcommerce in response to questions about the accounts of Waltz and Wiles, spokeswoman Erin Mackey said: “We take the privacy of our clients seriously, so we allow customers to choose their privacy settings in venmo for their individual payments and lists of friends, and we make it incredibly simple that customers do these private if they choose to do it.”
“From my perspective, as a veteran, everyone has the right to use the applications and services they consider necessary to live their lives,” says Tara Lemieux, a 35 -year veteran from the United States intelligence community, including the National Security Agency, the National Security Department and support agencies. “That said, when he publishes anything in those third -party applications and does not understand how this information can be shared or exploited, it is risking our nation, and that is not acceptable.”
For Lemieux, while public transactions in venmo may seem harmless, foreign intelligence services, particularly indicate to intelligence agencies, look at the patterns: who is paying who, how often and when. “Let’s say they are making payments to your children; now you have a point of leverage. If there is someone out there who seeks to point to you, you can use that information and start making you feel the safety of your children,” says Lemieux.
“The speed of the digital world has overcome our ability to maintain it,” he adds. “If you have all this information, how the hell are you going to put the toothpaste in the tube again?”
Mike Yeagley, a commercial data specialist and their security risks, has spent more than 15 years advising the United States Department of Defense on how both allies and adversaries take advantage of what he calls “digital escape”, seemingly mundane details: social connections, service transactions and metadata trails, delayed in everyday applications. “At the highest level of our national security leadership, regardless of the administration, there must be an awareness of our data and what we project to be discovered,” he says.
“What is the risk that someone at the level of the cabinet use venmo to pay your personal coach? On the surface, it doesn’t seem much,” says Yeagley. “But now I know who that coach is, or the gardener or whoever, and suddenly I have expanded my ability to aim by identifying people around that official.”
Yeagley adds that “our adversaries are sophisticated and carnivorous in their data collection”, which means that “only the smallest light of the day is of interest to someone sophisticated. They will use that data point. They will be built from it.”
According to Vemmo, its “contact synchronization” function allows users to load telephone contacts to the application so that they can find people who know. When these exposed venmo accounts were configured, everything before 2020, the application would show a notice that allows users to synchronize their telephone contacts, britcommerceally populating their list of friends with any person in their address notebook that already uses the platform. Venmo says that this functionality was disused more than two years ago. Today, contact synchronization no longer creates default connections. To add someone as a friend, users have to look for it, send an application and accept it.
However, according to the avemo privacy policy, unless users proactively change their privacy configuration, their network remains visible to anyone. That means that even when a user establishes his account in private, his list of friends remains visible unless they take an additional step. From the publication, hiding its connections requires navigating Settings > Privacy > List of friends and selecting Private.
Stephen Lurie contributed reports.