Beware of stalkerware: how to avoid falling prey of certain apps
Some popular apps essentially become accidental stalkerware. How can we avoid falling prey to using them—or designing them?
Robert Stribley
·
Follow
Published in
UX Collective
·
7 min read
·
Sep 8
Midjourney imagines someone using stalkerware to track another person online — Prompt by Robert Stribley
You may not realize it, but one or more of the more apps you use regularly may essentially behave like stalkerware. Stalkerware, by definition, allows someone to track your activity without your knowing or consenting to it. We typically think of stalkerware as something that’s accidentally installed by the user or installed by someone else hoping to track their activity. However, the features of some very popular apps you probably have on your mobile device may as well qualify as a sort of “accidental” stalkerware for all the information about you they make public.
Recently, the New York Times featured an article by Brian X. Chen highlighting a privacy issue with Venmo that has persisted for quite some time. That is, that every time you post a payment on the platform, your payment is posted publicly, unless you choose to make it private. Until 2021, Venmo even featured a feed where you could see global transactions between people you didn’t even know. As Chen points out in his piece, too, Venmo still publishes your entire contact list for the public to see, unless you actively opt out of this feature.
Screenshots from two variations of the Venmo payment screen over time, both showing how payments default to “Public,” unless the customer changes this in settings.
More than one project has highlighted these features—for nearly a decade—in an apparently futile effort to bring awareness to the dangerous harmful potential of the feature. Around early 2015, developers Mike Lacher and Chris Baker created Vicemo, which scraped payments from Venmo, which included words associated with drugs, alcohol or sex and then posted them on a website for all to see.
Screenshot from Vicemo, the website which presented scraped Venmo payments
Similarly, in 2018 Joel Guerra created @venmodrugs, a Twitter account, which scraped Venmo and reposted folks’ transactions, focusing, of course, on those which seemed the most salacious. Guerra said at the time he…
