San Francisco – The Electronic Frontier Foundation (EFF) and Mozilla have teamed up in an open letter to Venmo, telling the popular payment app to clean up its privacy settings, which leaves sensitive financial data exposed to the public.

Venmo is marketed as a way for friends to send and receive money, so people can easily split bills like restaurant checks or concert tickets. However, those transactions are public by default, which can reveal private details about who you spend time with and what you do with them. While users do have an option to hide their transactions if they dig into Venmo’s privacy settings, there is no way for users to hide their friend lists. That means that anyone can uncover who you pay regularly, creating a public record of your personal and professional community.

“Your bank doesn’t put details of your financial transactions into a public timeline, and Venmo shouldn’t either without your affirmative consent,” said EFF Associate Director of Research Gennie Gebhart. “Venmo is expanding, and becoming increasingly popular. As it grows, it should give its users the privacy they expect and deserve.”

EFF and Mozilla have both been concerned over Venmo’s policies for many months. EFF included Venmo in its Fix It Already campaign, which focuses on well-known problems and weaknesses in technology that, if fixed, could make a huge difference in people’s lives. And it was a Mozilla Fellow, researcher Hang Do Thi Duc, who demonstrated how public Venmo transactions laid bare users’ drug habits, fights with romantic partners, and more.

“Hang Do Thi Duc’s discoveries came as a shock to many Venmo users, proving that people do not expect the kind of public sharing that Venmo foists on them,” said EFF Tech Projects Director Jeremy Gillula. “It’s time for Venmo to show its commitment to its customers and make pro-privacy changes.”

For the full open letter:

https://www.eff.org/document/open-letter-venmo