Twitter bot trained to rat out Venmo users
Program tweets when words such as ‘drugs’ and ‘sex’ are used in payments
The word on the street has always been snitches get stitches. But one tattletale Twitter bot has disclosed Venmo users who tag their transactions with words or emojis related to drugs — all for the sake of promoting data privacy.
Venmo is a mobile payment app in which friends can seamlessly send or receive money.
Owned by San Joseheadquartered PayPal, Venmo is one of the most popular mobile payment services in the United States, but its default settings allow the public to see full details of a transaction.
The creator of the bot named “Who's buying drugs on Venmo,” under the Twitter handle @venmodrugs, says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one. The bot also searches for sex-related words on Venmo.
“I wanted to demonstrate how much data Venmo was making publicly available with their open API and their publicby-default settings and encourage people to consider their privacy settings,” Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
As of Friday morning, however, the tweets on @ venmodrugs were all taken down.
“I did shut it down,” said Guerra when this news organization reached out on Twitter. “I made my point and the bot got a lot of attention and served its purpose. I'll probably write
something up, but ultimately didn't need to add to the problem of lack of privacy.”
Guerra also told Motherboard that most of the transactions his bot tweeted out were not actually drug deals happening in the app. He believes the transactions were either tongue-in-cheek jokes like, “Not drugs,” and outof-context sentences such as, “Your love is my drug,” or, “Funding for your Scotland & Ireland trip. God speed.”
Guerra said the entire project is partly in jest and that anyone unhappy about being outed in a tweet could reach out privately to have that tweet deleted.
Another privacy researcher, Hang Do Thi Duc, scraped nearly a year's worth of publicly available Venmo transactions and created a project called “Public by Default,” which chronicles cannabis sales, budding romances and breakups, among other things. Do Thi Duc anonymized the Venmo users in her project. She found more than 200 million transactions from 2017 in a single public web page.
“When you think of your transactions, you might think 'I have nothing to hide,'” wrote Do Thi Duc on her project page. “But after spending time with these stories and insights, perhaps you will ask, 'Do I really need to share this?' and invest a few seconds to change your settings on Venmo and on other services.”
Venmo, in a statement to The Guardian, advised individual users to change their privacy settings so their Venmo history is not made public.
“Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously,” said a Venmo spokesperson. “Like on other social networks, Venmo users can choose what they want to share on the Venmo public feed.”