Eugen
Follow

Apparently all payments using Venmo, including the real name, are public by default for everyone! venmo.com/api/v5/public?limit=

@gargron
Venmo has always been a very social payment service, but wanting to pay people socially is a bit odd to begin with. It's hard to imagine how many problems that could cause...

@Gargron Venmo, the unnecessarily social payments network.

@annika @Gargron like the Blockchain, but, incredibly, stupider

@Gargron um, what the heck? I don't understand... This looks to be leaking huge amounts of information which is really scary...

@JigmeDatse Is it still leaking if it's supposed to be like that? The only question is whether the users are aware it's like that.

@Gargron Well, it's almost certainly a violation of some protection of private information thing. So, I would say that it is leaking. But it does seem to be intentionally designed that way, though I *suspect* they didn't expect anyone to find it.

@JigmeDatse @Gargron The endpoint is literally called "public". It seems like it is known at least since 2016 (danielgorelick.com/scraping-ve ). But I suppose they underestimate what kind of information can be inferred from the metadata. I'm curious whether they will lock down the API now that this gets some attention. Anyway, a nice dataset for Social Network Analysis I guess.

@Gargron Yep, I got to explain Venmo’s settings to my shrink after seeing her other patients listed as paying her.

@Gargron this has been known since launch. I remember that someone used their public api to build a live stream of everyone buying drugs before they got throttled on api calls

Sign in to participate in the conversation
Mastodon

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!