Bonum Certa Men Certa

Sirius ‘Open Source’ Outsourcing Confidential Information to Spying Companies in Another Continent

Putin koala: I got all of his passwords! Not my fault!

Summary: The Sirius ‘Open Source’ management made the decision (without any consultation with the staff affected) to outsource key operations to foreign, third-party entities that are subjected to the US government's prying eyes and several of the National Security Agency's programs; this affected clients as well (usually without their awareness, let alone consent)

THIS is the last part of the third section of a report I left with the company before leaving at the start of this month. There will be a lot more information about this scandal next month. Recent E-mails are appended below (with certain stuff redacted for privacy's sake).

I cautioned about this repeatedly (for about 4 years) and suffered retribution, threats, and more. Nothing has improved since then.

As just a little sample, please see the E-mails at the bottom (recent); shared in the future will be some longer E-mails about this issue.

But first... the report.




The morale around that time was low, set aside COVID-19 becoming a growing problem, along with lock-downs. Roy noted that in order to comply with the law he cannot post clients' details on the Slack network. So he chose to obey the regulations and the law, in line with security standards. Stuff like "hi" is probably considered OK and safe enough for Slack, but not addresses, passwords etc. Things have not improved since, as the final section notes again (with examples).

This long section, along with written messages as evidence, is very important. Bad leadership worsened the corporate climate and changed how people viewed the company from within, if not from the outside as well.

This document now proceeds to a discussion about the latest and maybe the final blow. The company already had capacity issues (not enough staff to cover shifts) and now it's even worse.

Roy and Rianne hoped to prevent a 'death spiral' and ironically enough it seems like the company wants to accelerate its own 'death spiral', due to tactless, insensitive remarks.




One of many messages to that effect -- messages which I was sending for years to highlight the problem. Of course nothing was done about this; usually there was not even as much as a reply. Hush hush as a company-wide policy...

This one is from August of this year:

Date: Tue, 30 Aug 2022 09:00:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317
 Thunderbird/1.0.2 Mnenhy/0.7.4.0
From: Roy Schestowitz
Subject: Handover to Shift 2 (30/08/22)
To: [whole team]



[...]

https://www.darkreading.com/cloud/lastpass-data-breach-source-code-stolen

users need to change all the passwords they have there and not keep them there if they value real security not paper mills.


Another one from August of this year:

Date: Thu, 11 Aug 2022 03:10:53 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050317
 Thunderbird/1.0.2 Mnenhy/0.7.4.0
Content-Language: en-US
From: Roy Schestowitz
Subject: Slack admits to leaking hashed passwords for five years
To: [whole team]
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit



https://nakedsecurity.sophos.com/2022/08/08/slack-admits-to-leaking-hashed-passwords-for-three-months/

Does not surprise me at all. They only admit this because they got caught, hence they need to spin this somehow, belittling the severity, just as LastPass did after several blunders (it had suffered a breach). The way forward is self-hosting and encrypting things (on server one controls, not leasing).

Recent Techrights' Posts

Names Are Not Unique IDs and the UK Government's "Digital ID System" Would be a Nightmare
Digital surveillance, "apps", and worse (all the time)
Why the EPO Never Managed to Silence Us (After Over a Decade of Trying)
Firms like Mishcon de Reya and Brett Wilson LLP contribute to a bad stigma, staining the entire occupation
It Feels Like Brett Wilson LLP Has Just Tacitly Admitted That It Defamed Me
It arguably admitted many other things by refusing to deny or address them (altogether)
 
Almost a Couple of Years After Microsoft Hijacked the Name 'Sudo' (to Describe Unrelated Windows Stuff) Microsoft Canonical Breaks Sudo in Ubuntu
These are vandals in "goodwill" or "security" clothing
Does the Good Law Project (GLP) Know the Director of Brett Wilson LLP Deems It OK to Endorse Violent Actions Against Trans People?
We were miffed to see this morning's report
What is Roy and Rianne's Righteously Royalty-free RSS Reader?
A news reader that uses OPML files and parses RSS feeds
The Free Software Foundation (FSF) Turns 40 in 5 Days
We should be talking about software freedom, not "Open Source"
Stefano Maffulli's Front Page Mentions "AI" 11 Times
They're more focused on slop (plagiarism) than sharing or Software Freedom
CMS Rot
With "modern" (bloated) content management systems (CMSs) there is a long chain of dependencies
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 28, 2025
IRC logs for Sunday, September 28, 2025
Slopwatch: Fake Articles About Linux 6.17 and Microsoft Meddling in Linux Development
today's Slopwatch is short because the picks are from Sunday
Gemini Links 29/09/2025: The Labor Wars and Retro
Links for the day
Links 28/09/2025: Windows TCO, Security Breaches, and Deutsche Bahn Woes
Links for the day
Datacentres Aren't Reliable for Backups
bad practices cause immeasurable levels of permanent data losses each and every day
Links 28/09/2025: Science, Censorship, and Security Incidents/Advisories
Links for the day
Gemini Links 28/09/2025: Golem and Cybertrucks
Links for the day
Links 28/09/2025: Moldova Elections, LLM Slop Failing Again to Accomplish Anything
Links for the day
Links 28/09/2025: Slop Does More Harm, Newly Released Epstein Estate Documents
Links for the day
Links 28/09/2025: Fentanylware (TikTok) 'Going Private' (the Dictator's Media Allies) and UK Mirror Lays Off More Journalists
Links for the day
A Year Ago, Only a Few Weeks After We Countersued the 'Hulk Hogan of UEFI', Our Webhost Came Under Attack
At the end of September 2024 our webhost received several threats
If Only Someone Warned Us About This...
Ubuntu is committing suicide with Rusty code
The Register - Kissing the hand that feeds it
hired to manage the publication several people connected to Microsoft, including the new Editor in Chief
The Myths of "Linux" and of "Intelligence"
As noted this morning
People Remembered GNU's Birthday (Which Helps Remind People It All Started in 1983, Not 1991)
Have the FSF and GNU earned the respect they deserve?
Slopwatch: Ponzi Schemes Promoted by Media Companies, Linux Journal Turning Its 30-Year Reputation to Dust, and Serial Slopper Brian Fagioli Plagiarising, As Usual
This bubble will end up very badly
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 27, 2025
IRC logs for Saturday, September 27, 2025
Links 27/09/2025: Squashing Software Patents and When Hospitals Become For-Profit
Links for the day
Gemini Links 27/09/2025: Young Feet and Online Bots
Links for the day
GNU Project Turns 42
In 2033 it'll be 50
Next Step: Find Out Who's Funding the 'Hulk Hogan of UEFI' to SLAPP Us
We now have the 'Hulk Hogan of UEFI' working alongside a strangler of women, who as a Microsoft employee spent time in prison for it
Web Sites That Are Independent Are Also Like Software Projects (Sometimes Literally So)
Roll out your own 'stack'
Pieter Hintjens on Codes of Misconduct a Decade Ago
original is still online
Links 27/09/2025: Australia Might Ban Microsoft GitHub for Young People, Likely Illegal Executive Order Turns TikTok Into Cheeto Propaganda
Links for the day
Repeating the Lies to Promote a Ponzi Scheme is Not OK Because "Many Other Sites Do This" (Including Slopfarms)
They already work on the next Ponzi scheme
The Register MS (Situation Publishing) is Participating in a Ponzi Scheme
The market in "tech" seems awful when a lot of it sells a fraud and journalism about this market is part of the fraud
Glimmer of Hope: More People Realise and Come to Accept "AI" is Just a Giant, Elaborate Ponzi/Pyramid Scheme That Will Leave Everyone Worse Off (Except the "Top of the Pyramid")
quoting Einhorn and some comments
Mass Layoffs in Starbucks... and Society Loses Nothing of Value
Society might even be better off if Starbucks shuts down entirely
Do Your Job and Demand Your Compensation - But in That Order.
We'll do our best to convince the Judge to award all costs to us (lawyers, barrister, LIP bills etc.) plus judgements against them, for abusive litigation and needless suffering associated with that abuse
Matthew J. Garrett Behaved in a Similar Fashion to 4Chan and Kiwi Farms
Opposites attract? Are they opposites at all?
Drew DeVault Suggests "CoC Enhancement", Starts Trolling Projects in Microsoft GitHub
And it backfires immediately
Like Nazi Germany and Volkswagen
Tell us all about "freedom" when your government runs a Ponzi scheme
Microsoft Sponsored This Man, Microsoft Sponsored His Behaviour (and He Controls Microsoft)
They get what they paid for
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 26, 2025
IRC logs for Friday, September 26, 2025
He Talks Too Much, He Says Dumb Things
only British when that suits him
Slopwatch: FUD and Plagiarism (Working Against Linux) Promoted and Rewarded by Google News
Shame on Google News