Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request. All our attempts to clarify Nexi’s request, or to understand how their need for such information was necessary and legal, were met with what we consider to be vague and unsatisfactory explanations relating to a general need for risk analysis.
Y tho. What in fuck does a payment provider have to do with asking for this?
FSFE should report them to the GDPR authority, but also financial ones.
The article says Nexi reached out after ‘cancelling’ the contract - meaning FSFE was financially offline for those few days. If it were a ‘normal’ business this was done to, they would sue for damages to hell and back.
I mean the name of the people who are originating these ideas. We should be putting names like who are the executives.
They get away with this stuff because they’re faceless organizations or higher ups beyond consequences.
I just see so many systems in place that are there to allow these things to trample us and nobody in this generation challenges. Like the opposition to authority in this generation just seems like they’re apart of the authority. They’re also playing they’re role.
Y tho. What in fuck does a payment provider have to do with asking for this?
Um, excuse me? For starters they should only ever have hashes, but there is never a valid reason to ask for that many passwords.
Many? Not for one
Missed opportunity for them to troll Nexi and just send them:
Usernames Passwords hunter2 hunter2
Is this not against GDPR? I feel like this would be a slam dunk case.
FSFE should report them to the GDPR authority, but also financial ones.
The article says Nexi reached out after ‘cancelling’ the contract - meaning FSFE was financially offline for those few days. If it were a ‘normal’ business this was done to, they would sue for damages to hell and back.
And so should FSFE.
How come there’s never a name attached to these things.
As in a name reporting the issue, or a name from the payment provider?
It’s on the FSFE homepage if you need confirmation of the story: https://fsfe.org/news/2026/news-20260316-01.en.html
I mean the name of the people who are originating these ideas. We should be putting names like who are the executives.
They get away with this stuff because they’re faceless organizations or higher ups beyond consequences.
I just see so many systems in place that are there to allow these things to trample us and nobody in this generation challenges. Like the opposition to authority in this generation just seems like they’re apart of the authority. They’re also playing they’re role.