FSFE supporters affected: Payment provider Nexi cancelled us

Freak_NL

The FSFE justly drew the line at providing private information of supporters. How many other customers of Nexi simply handed over such data 'because audit'?

butokai

As an Italian living in another EU country, I always thought that the amount of (broken) bureaucracy of Italy was not particularly worse. However this story comes after a couple more I heard this week, in a line of absurd practice possibly due to absurd regulations.

grigio

Maybe now more F/OSS supporters will understand the need of Bitcoin/Monero

eequah9L

> Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. I must be missing something, but why is there an expectation that clear text passwords would even be known?

littlecranky67

Everytime people say bitcoin has no use case, I'd like to point them to cases like this.

sam_lowry_

Reminds me of the famous "Our security auditor is an idiot. How do I give him the information he wants? [1] [1] https://serverfault.com/questions/293217/our-security-audito...

janpio

So what did Nexi really want, and how did it get mangled so badly that it came out as "specifically the usernames and passwords of our supporters"?

samsk

We work with MLS provider(s) that requires us to keep plaintext password for our users and provide it on request in case of `breach in the security of MLS Listing Information or a violation of MLS Rules`. The user is accessing only copy of their data in _our_ systems, the user has no contact with MLS itself directly or indirectly.

rswail

Sounds like someone is being "overenthusiastic" about interpreting the KYC/ALM regulations. Combined with the FSFE not being your "usual" charitable or business organization so setting off auditor red flags and perhaps raising the risk profile of Nexi as a payment processor.