Venmo is testing a significant app redesign that will, for the first time, set new users' transaction posts to friends-only visibility by default — a fundamental shift for a platform whose public-by-default approach has drawn criticism from security researchers and privacy advocates for nearly a decade.
Venmo, the PayPal-owned peer-to-peer payments app used by tens of millions of Americans, is rolling out a redesigned interface that includes a long-overdue privacy change: new users will now have their posts visible only to friends by default, rather than to the general public.
The change, currently in testing, represents a meaningful departure from Venmo's longstanding design philosophy, which made social sharing of transactions a core feature. Users can still opt to make their activity public, but they will now have to actively choose to do so — a reversal of the previous default.
A History of Privacy Missteps
Venmo's privacy shortcomings have been documented for years. In 2018, a security researcher demonstrated that the app's API could be used to harvest a significant volume of personal data about users, including their transaction histories and social connections. The findings were described at the time as "alarming" by privacy advocates.
The issue resurfaced prominently in 2021, when BuzzFeed News reporters used Venmo's then-public friend lists to locate President Joe Biden's account and identify members of his inner circle. Venmo moved to allow users to make their contact lists private shortly after the story broke — but critics noted the fix was reactive rather than proactive.
As recently as 2024, a related vulnerability was used to surface potentially sensitive information about then-vice-presidential candidate JD Vance, suggesting the platform's privacy architecture had remained porous despite earlier patches.
What the Redesign Changes
Under the new onboarding process, incoming users will be automatically assigned a friends-only privacy setting for their posts — the transaction notes and emoji-laden descriptions that appear in Venmo's social feed. Previously, those posts defaulted to public visibility, meaning anyone could view them without being connected to the account holder.
The redesign also includes broader interface changes, though Venmo has not yet disclosed the full scope of those updates. The company has not announced a firm rollout date for the changes beyond confirming they are currently being tested.
Industry Context
The move brings Venmo closer in line with competing services, many of which have adopted privacy-first defaults in response to growing regulatory scrutiny and consumer awareness around data practices. The shift also comes against a backdrop of increasing legislative attention to financial data privacy in the United States, with several states having enacted or proposed rules governing how fintech apps handle user information.
For existing Venmo users, it remains unclear whether the new defaults will be applied retroactively or only to newly created accounts. Venmo has not issued a statement clarifying this point.
Analysis
Why This Matters
- Venmo has over 90 million users in the United States, meaning even a default privacy setting change has significant real-world implications for how financial behaviour data is exposed online.
- The move signals a broader industry reckoning with "privacy by default" standards — regulators and consumers increasingly expect opt-in rather than opt-out models for sensitive data sharing.
- Existing users may remain on older, more permissive settings unless Venmo takes proactive steps to migrate them, leaving a substantial portion of the user base still exposed.
Background
Venmo launched in 2012 and was acquired by PayPal in 2013. From the outset, it differentiated itself from traditional banking apps through a social feed that turned payments into shareable, emoji-annotated moments — by design, a public activity stream. This approach drove viral adoption but embedded privacy risks at an architectural level.
In 2018, security researcher Hang Do Thi Duc published research showing Venmo's public API exposed millions of transactions in real time, allowing anyone to infer users' personal relationships, habits, and routines. The company acknowledged the research but made no immediate changes to default settings.
Subsequent high-profile incidents — including the Biden account discovery in 2021 and the Vance-related exposure in 2024 — kept Venmo's privacy practices in the public eye. Each incident prompted incremental fixes, but critics argued the company was consistently behind the curve, patching individual vulnerabilities rather than addressing the underlying default-public architecture.
Key Perspectives
Venmo / PayPal: The company has framed the redesign as a positive evolution of the product, positioning the privacy change as part of a broader effort to modernise the app experience. No senior executive has publicly addressed the years of criticism directly.
Privacy advocates and security researchers: Many will welcome the default change but are likely to argue it should have come years earlier and that the fix may not go far enough if existing users are not migrated to stricter settings automatically.
Critics / Skeptics: Some observers question whether a friends-only default is sufficient, noting that "friends" on Venmo can be a loosely defined category, and that the social feed itself — even when restricted — still creates a record of financial interactions that could be subpoenaed, breached, or misused. Others note that Venmo's changes have historically been reactive to public embarrassment rather than driven by principled privacy commitments.
What to Watch
- Whether Venmo applies the new privacy defaults to its existing user base, not just new sign-ups — this would be the more consequential and difficult change.
- Any regulatory response, particularly from the Consumer Financial Protection Bureau (CFPB) or state-level data protection authorities, which may use the redesign as a benchmark for industry expectations.
- The timeline for the full public rollout of the redesign, and whether further privacy features — such as the ability to disable the social feed entirely — are included in the final release.