259

The Free Software Foundation Europe was cancelled by their payment provider after refusing to hand over personal account data! (fsfe.org)

submitted 1 week ago by pantherina@feddit.org to c/foss@beehaw.org

25 comments fedilink hide all child comments

Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request. All our attempts to clarify Nexi’s request, or to understand how their need for such information was necessary and legal, were met with what we consider to be vague and unsatisfactory explanations relating to a general need for risk analysis.

Subsequently, we found ourselves unable to receive credit card donations through Nexi’s system. In the afternoon of 10 March, we were further informed that our contract had been cancelled a few days prior on 7 March, due to our supposed failure to meet their deadline to fulfil their request. This deadline was not communicated to us beforehand, despite us having been Nexi’s customer for the past 15 years.

This is completely crazy! As 450 supporters are affected, that is a huge amount of donations that were cut off!

top 25 comments

sorted by: hot top new old

[-] gressen@lemmy.zip 86 points 1 week ago

Report them to the authorities. This is extortion of private data and needs to be investigated.

[-] Ulrich@feddit.org 29 points 1 week ago

The authorities are probably the ones compelling them to collect this information.

[-] wewbull@feddit.uk 35 points 1 week ago

In which case Nexi should be able to state clearly that they are required to ask for this data by law.

[-] MouldyCat@feddit.uk 13 points 1 week ago

Yes they should, however often they are not allowed to disclose such information. Over the last couple of decades, governments have realised that they can sidestep onerous legal principles such as innocent until proven guilty by requiring financial services companies to enforce KYC rules and the like. These rules were sold to us as a way to prevent the mega rich from dodging tax and organised crime from freely spending and moving their money, but surprise surprise governments have no qualms using them against people who are not so clearly in the wrong.

[-] wewbull@feddit.uk 14 points 1 week ago

So Nexi can't justify it. FSFe would be entirely within their rights to seek a judicial path.

I'd happily contribute towards that case.

[-] gressen@lemmy.zip 2 points 1 week ago

The authorities should not be asking for passwords. FSF should not have those to give.

[-] I_am_10_squirrels@beehaw.org 2 points 1 week ago

Here's a list of usernames, and here's a list of salted and hashed passwords. There is no correlation between the usernames and the passwords. Each password salt is unique.

[-] eleijeep@piefed.social 39 points 1 week ago

The decisions that Nexi has made are incomprehensible to us. Over the last months, as part of a security audit that Nexi claimed to be conducting, we have provided them with large amounts of the FSFE’s financial documentation, which even included private information of our executive staff. We have answered all of their questions. But we have to draw a line when private companies like Nexi demand access to the sensitive and private data of our supporters.

Almost sounds like they're being socially engineered by an impostor. Bizarre behaviour.

[-] pantherina@feddit.org 18 points 1 week ago* (last edited 1 week ago)

Nexi seems like a really bad company, at least it became one...

[-] redsand@infosec.pub 10 points 1 week ago* (last edited 1 week ago)

Nexi sounds hackable and flush with money for a scam audit. I sincerity hope no randsomeware befalls them.

[-] 01189998819991197253@infosec.pub 21 points 1 week ago

specifically the usernames and passwords of our supporters

If FSFE is even able to provide passwords for user accounts in the first place, they're doing password security wrong.

Having gotten that off my chest, of there is nothing missing from this story and it's a complete picture of events, Nexi needs to be investigated for extortion.

[-] jodanlime@midwest.social 21 points 1 week ago

https://www.nexigroup.com/en/media-relations/press-contacts/

I sent them an angry email and you should too.

[-] ulterno@programming.dev 3 points 1 week ago

Also feel free to make an article here, if you have the time

[-] unwarlikeExtortion@lemmy.ml 1 points 1 week ago

Agreed.

The MasterCard backlash playbook seems to have done well.

[-] gressen@lemmy.zip 19 points 1 week ago* (last edited 1 week ago)

Nexi ratings: BBB- (Fitch, 2024)

Ba1 (Moody's, 2025

BBB- S&P, 2025)

Even the rating whores think Nexi is trash.

[-] idriss@lemmy.ml -3 points 1 week ago

I hate to be that guy but it wouldn't have happened if XMR was used

[-] cenzorrll@piefed.ca 3 points 1 week ago

Do they accept xmr for donations?

[-] RykardNixon@lemmy.zip 2 points 1 week ago

I’m curious. Can you elaborate, pretty please?

[-] idriss@lemmy.ml 3 points 1 week ago

Monero (XMR) is a privacy focused cryptocurrency (not a solana or ethereum token like the 99% of the scams you see online), designed and implemented by very talented people, it is untraceable (nobody will know how much you have or trace any transactions you have made) and actively developed. When you exchange it priorize P2P non-KYC places like Retoswap (where you can be your own bank) or Unstoppable wallet (everything is open source)

[-] pantherina@feddit.org 2 points 1 week ago

It would have happened, as many people would donate through that method lol. There are multiple methods available for donation

[-] leviathan@feddit.org 0 points 3 days ago

I'm curious what do you think would have happened if XMR was used instead?

[-] pantherina@feddit.org 1 points 3 days ago

It would not have??

Also note that Retoswap is the only decentralized XMR exchange afaik, so at least the buying of XMR nearly always requires KYC.

Also note that XMR donations cannot be tax reducted and maybe the Verein would also get legal issues as the paperwork doesnt exist.

[-] leviathan@feddit.org 0 points 1 day ago

Also note that Retoswap is the only decentralized XMR exchange afaik, so at least the buying of XMR nearly always requires KYC.

why are you spreading misinformation?

Also note that XMR donations cannot be tax reducted

It's peer to peer, that's not a collateral damage.. It's a good thing

[-] pantherina@feddit.org 1 points 1 day ago* (last edited 1 day ago)

Please just shut up if you cant contribute anything useful...

If it is not then please name alternatives.

If you know how to tax deduct monero payments, please give examples.

[-] leviathan@feddit.org 1 points 10 hours ago

go back to your office, if not here you go

https://apply.intelligencecareers.gov/job-listings?agency=NSA

this post was submitted on 17 Mar 2026

259 points (100.0% liked)

Free and Open Source Software

22135 readers

133 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org