by sam_lowry_
3 subcomments
- Reminds me of the famous "Our security auditor is an idiot. How do I give him the information he wants? [1]
[1] https://serverfault.com/questions/293217/our-security-audito...
- The FSFE justly drew the line at providing private information of supporters. How many other customers of Nexi simply handed over such data 'because audit'?
- > Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters.
I must be missing something, but why is there an expectation that clear text passwords would even be known?
- We work with MLS provider(s) that requires us to keep plaintext password for our users and provide it on request in case of `breach in the security of MLS Listing Information or a violation of MLS Rules`.
The user is accessing only copy of their data in _our_ systems, the user has no contact with MLS itself directly or indirectly.
- Sounds like someone is being "overenthusiastic" about interpreting the KYC/ALM regulations.
Combined with the FSFE not being your "usual" charitable or business organization so setting off auditor red flags and perhaps raising the risk profile of Nexi as a payment processor.
- As an Italian living in another EU country, I always thought that the amount of (broken) bureaucracy of Italy was not particularly worse. However this story comes after a couple more I heard this week, in a line of absurd practice possibly due to absurd regulations.
- So what did Nexi really want, and how did it get mangled so badly that it came out as "specifically the usernames and passwords of our supporters"?
by littlecranky67
2 subcomments
- Everytime people say bitcoin has no use case, I'd like to point them to cases like this.
- [dead]
- Maybe now more F/OSS supporters will understand the need of Bitcoin/Monero
Hacker News