I Know What You Did on Venmo: Discovering Privacy Leaks in Mobile Social Payments

Venmo is a US-based mobile social payments platform. Each Venmo transaction requires a “payment note”, a brief memo. By default, these memos are visible to all other Venmo users. Using three data sets of Venmo transactions, which span 8 years and a total of 389 M transactions with over 22.5 M unique users, we quantify the extent of private data leaks from public transaction notes. To quantify the leaks, we develop a classification framework SENMO, that uses BERT and regular expressions to classify public transaction notes as sensitive or non-sensitive. We find that 41 M notes (10.5%) leak some sensitive information such as health condition, political orientation and drug/alcohol consumption involving 8.5 M (37.8%) users. We further find that users seek privacy by making their notes private, inconspicuous or cryptic. However, the large increase in Venmo’s user base means that the number of users whose privacy is publicly exposed has grown substantially. Finally, the privacy of a user who transacts with a group on Venmo can be reduced or eliminated through the actions of other users. We find that this happens to around half of Alcoholics Anonymous, gambling and biker gang group members. Our findings strongly suggest that public-by-default payment information puts many users at risk of unintended privacy leaks.