I’m thinking of setting up a joint Monzo account with my wife. However the process requires that I give Monzo access to ALL my contacts in order to select my wife’s number. This seems both unnecessary and intrusive. Have I got this right or is there a simple way of doing this without allowing Monzo to harvest the private contact data of everyone I know?
Hmm. I couldn’t say whether they harvest contact information or not, haven’t read the details quite that closely.
However I believe it gives you a richer application user experience as it reconciles who is on Monzo already making payments, tabs (plus setting up joint accounts) easier for you
I agree, they should provide a way to enter your partner’s number without sharing all your contacts.
They would have to in order to find other people on Monzo from your contacts. The best we could hope for is that the app sends only truncated hashes of your contacts phone numbers to the Monzo service, which responds with the intersection of registered users.
Signal implemented SGX based contact discovery, but it’s very unlikely Monzo are using that technique.
One possible work around, assuming your syncing contacts to an iPhone using iCloud/Fastmail/Google or something like that (not sure how to do this on Android):
- Un-sync your contacts and verify they’re not in the contacts app.
- Add your wife as a local contact.
- Enable contacts access for Monzo.
- Setup your joint account.
- Disable contacts access for Monzo from the Settings app.
- Delete your wife’s local contact information so you don’t have a duplicate card.
- Re-enable contact sync to get your old contacts back.
For clarification, when you enable Monzo to read your contacts, absolutely none of your contacts personal information gets sent to Monzo.
This includes their name, phone number, or any other detail.
Edit: I’ve found the original post explaining how this process works:
And here’s an extract for anybody that doesn’t want to click through:
Thank you Dan that seems reassuring but I think we have all been stung in the past by sharing contact info with other apps particularly Facebook. Could you clarify what Monzo means when you say: “We never send or store your full address book on our servers.” Does that mean you store a partial version of it and if so what details are retained?
Of course, I totally understand! I have the exact same privacy concerns as you. It is daunting when an app asks for access to something super personal like your contacts or photos.
I can’t speak for Monzo here, but I’d imagine that although that language is vague, and like you say, leaves them room for uploading a partial version, they do say:
I imagine the “full” language is used because when there is a match, your device asks Monzo’s servers for information such a contact name and their Monzo profile picture (so they can display them nicely in the app). So during this process, they will technically discover a link between two users if you both have each other as contacts.
Just a guess from my part. I’ve not had coffee yet so that might seem just like an incoherent ramble, so apologies if it’s the case!
Also, I just want to point out, in my experience, Monzo isn’t one to lean on using non-explicit language to catch users out, or do things maliciously but creating “outs” by using vague language. They’re really upfront and transparent about their rights, wrongs and everything in-between. It’d really surprise me if they used language to trick people.
Based on what they’ve said, and an experiment I just did on my iPhone, here’s my best guess:
When you enable access to your contacts, the app sends Monzo partial hashes of the phone numbers of your contacts. These truncated hashes should be small enough that there are conflicts. In other words, the hash doesn’t prove that a specific phone number was ever in your contacts because it could have been one of many phone numbers with the same partial hash.
The Monzo service replies by sending a list of hashes that start with the same characters as your truncated hash. The app on your phone then checks to see if any of those full hashes match the full hashes of your contacts phone numbers. This is the same technique 1Password uses to check your passwords against ~10GB of leaked passwords without exposing them to the service.
If they match, and only if they match, I believe the app would need to request information from the Monzo service such as their name, profile picture, etc. This would confirm to Monzo that they were in your contacts, but Monzo doesn’t necessarily store this information.
Monzo doesn’t need to store any information about your contacts until you send or receive money from them. After that, the transaction acts as a link that Monzo necessarily need to know about.
I’ve tested this by logging out of the Monzo app, disabling contacts access and logging back in. Most of the contacts I previously synced didn’t show up, while the contacts I’d actually sent money to did.
When I re-enabled contacts access, all my Monzo contacts showed up again.
I should add, I think this is a very responsible approach to contact discovery. You don’t often see this level of commitment to privacy from startups or banks and Monzo is both.
Oh I know where you’re coming from. By harvest I meant to take the information into their CRM / eMarketing or data science solution and leverage it that way.
That’s not possible unless they lied about their implementation of contact discovery. We don’t know how long their truncated hashes are to verify this, but it looks like they did it right with K-anonymity.
For sure. Also GDPR wouldn’t allow such use of data. At my firm we don’t even allow the use of cold lists.
All of this was on the presumption the OP meant the use of ‘harvesting’ in that context. Which, in today’s world, is what people are over cautious of
Thanks all for your replies. I have been mostly reassured but it does seem an over-elaborate method for creating a joint account. Why not just ask for the other person’s mobile and see if it matches?
Also, why doesn’t iOS allow you to select whether to share a single contact, a group of contacts, or all contacts? I can’t use WhatsApp because of this. They most certainly do harvest your contacts from your address book.
I think because that’s focusing on one part of a wider, richer, UX.
If this was the only use of your contacts throughout Monzo’s model then I take your point however time and time again I’m looking up into my contacts to send payments / add to tabs
Because inputting a mobile number each time for that would be a pain in the bum
I don’t recall that step at all when we setup our joint account, maybe it’s changed since then?? Odd.
You wouldn’t have noticed the step if you’ve already given Monzo access to your address book.
I haven’t, it’s still asking me
@gmclean stahhhp that!