The word on the street has always been snitches get stitches. But one tattletale Twitter bot flies right into the age-old adage by disclosing Venmo users who tag their transactions with words or emojis related to drugs — all for the sake of promoting data privacy.
Venmo is a mobile payment app in which friends can seamlessly send or receive money. Venmo, owned by San Jose-headquartered PayPal, is one of the most popular mobile payment services in the United States, but its default settings allows the public to see full details of a transaction.
The creator of the bot named “Who’s buying drugs on Venmo” under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender’s photo, if there is one. The bot also searches for non-drug-related words such as sex, blowjob, porn, and hookers on Venmo.
“I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings,” Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
As of Friday morning, however, the tweets on @venmodrugs were all taken down.
“I did shut it down,” said Guerra when reached out by this news organization on Twitter. “I made my point and the bot got a lot of attention and served its purpose. I’ll probably write something up but ultimately didn’t need to add to the problem of lack of privacy.”
Guerra also told Motherboard that most of the transactions his bot tweets are not actually drug deals happening in the app. He believes that the transactions were either tongue-in-cheek jokes like “Not drugs,” out-of-context sentences such as “Your love is my drug” or “Funding for your Scotland & Ireland trip. God speed.”
Guerra says the entire project is partly in jest and that anyone unhappy about being outed in a tweet can reach out privately to have that tweet deleted.
Another privacy researcher, Hang Do Thi Duc, scraped nearly a year’s worth of publicly available Venmo transactions and created a project called “Public by Default,” which chronicles cannabis sales, budding romances and breakups, among others. Do Thi Duc anonymized the Venmo users in her project. She found more than 200 million transactions from 2017 in a single public webpage.
“When you think of your transactions, you might think ’I have nothing to hide,'” wrote Do Thi Duc on her project page. “But after spending time with these stories and insights, perhaps you will ask, ’Do I really need to share this?’ and invest a few seconds to change your settings on Venmo and on other services.”
Venmo in a statement to The Guardian advised individual users to change their privacy settings so their Venmo history is not made public.
“Our users trust us with their money and personal information, and we take this responsibility and applicable privacy laws very seriously,” said a Venmo spokesperson. “Like on other social networks, Venmo users can choose what they want to share on the Venmo public feed.”