Bonum Certa Men Certa

Amandine Jambert (cryptie), CNIL, FSFE Financial data breach

posted by Roy Schestowitz on Apr 02, 2024

[Article 1.5 years old]

Reprinted with permission from the Free Software Fellowship.

We already wrote about Amandine "Cryptie" Jambert who is working for the French privacy regulator, CNIL while using a pseudonym to participate in the FSFE.

We mentioned that FSFE covered up the financial data privacy breach.

We want to publish more evidence and show why this is happening.

Amandine 'cryptie' JAMBERT, CNIL, FSFE

FSFE financial statements show they have lots of money. Their budget is €600,000 per year.

Looking at their employee list, they don't employee anybody with real technical competence. The one technical staff member is a social science graduate who is re-training as a "hopeful" developer. All the money goes to the imposters and female interns.

They use volunteers and students to do the sysadmin work. The FSFE jobs page is currently looking for a student sysadmin to work on the minimum wage.

Working time and compensation: The desired working time would be 10 hours per week but can be discussed. You will start working in our Berlin office to get a feeling for the organisation and the faces behind it, but at a later stage, home office is possible. The salary is based on the currently applicable minimum wage in Germany but can be higher depending on your experience. A mandatory requirement is that you are enrolled as a student at a university in Germany.

As a student, the sysadmin won't be available for about 6 weeks each semester while undertaking exams.

Volunteers also discovered FSFE using teenagers, children, child labour - see the YH4F and Outreachy Grooming scandals

Here we publish the full email about the privacy breach.

In this leak, Matthias Kirschner claims that nobody has taken copies of the financial data so there was no obligation to make any warning to the donors.

In fact, many volunteers, former employees, students, interns and maybe even children have copies of data about the FSFE donors. It was 15 year olds in Belfast who hacked the British phone company Talk-Talk. FSFE would be a walk in the park for those kids. We are publishing a copy of the FSFE Berlin mailing list membership to prove that copies exist outside the FSFE and therefore Matthias Kirschner is a liar.

We will remove the list when Matthias Kirschner removes all the defamation from the FSFE web sites, all other free software projects and search results.

Subject: [GA] Report about privacy problem with financial data
Date: Thu, 15 Mar 2018 14:26:10 +0100
From: Matthias Kirschner <mk@fsfe.org>
To: FSFE General Assembly <ga@lists.fsfe.org>, FSFE system hackers <system-hackers@lists.fsfe.org>

The archives of finance@lists.fsfe.org, and thereby all the information including full names, amount, credit card and bank details, were public from 18 December 2017 until 13 March 2018. It is now fixed and nobody outside the FSFE should have had access to them. Please help to check if the archives of your list should be public or not (see below).
On 13 March Reinhard noticed, that finance@lists.fsfe.org has a public archive, he informed me, I directly changed the archive to private and changed the admin password for the list which is currently only available to Heiki and myself. Due to a communication mistake neither Jan and Vincent nor I myself checked finance@lists.fsfe.org when checking the list settings after we were informed about the problems with staff@lists.fsfe.org (which Jonas created on 1 November). I myself forgot to remember that finance@ was also a mailing list, after Jonas migrated the former finance@ alias to a mailman list on 18 December 2017, and Jan and Vincent used the external mailing list listing, instead of the internal list. So we missed the list when checking other mailing lists after the former incident.
As the mailing list had public archives everybody knowing the URL would have had access to information like full name, amount of money for the donation, and the last 4 digits of the credit card number, for bank transfers the whole info BIC + IBAN numbers, contract discussions about the legal workshop, info messages from corporate donors (e.g. Google's Benevity), invoices, internal discussion by our finance team, etc.
I first wanted to inform you about the problem and discuss how to communicate the privacy problem to the effected parties, but Heiki suggested to first check all IP logs to see if they archives were accessed by third parties. Thanks to Albert's work, we can now say that the archives were only accessed this week, and that the IP addresses belonged either to Heiki, Reinhard, or the Berlin office (in comparison with staff@ the mailing list was not advertised on our list server and we were able to confirm.)
Jan, Vincent, and myself did some other checks, and when we wondered if the list should be public asked the people involved if it is ok that their list archive is public. # How you can help
One wish how you can help: if you are part of a mailing list which was not mentioned before, please do one quick check if the archives are publicly available, and if that should be the case. Else either change it yourself, or inform system-hackers@lists.fsfe.org about it. In general if you setup a list with sensitive information, please check how people can subscribe, if the list should be advertised on our list server, if there should be an archive, and make sure that the archive is not public. Best Regards, Matthias
-- Matthias Kirschner - President - Free Software Foundation Europe Schönhauser Allee 6/7, 10119 Berlin, Germany | t +49-30-27595290 Registered at Amtsgericht Hamburg, VR 17030 | (fsfe.org/join) Contact (fsfe.org/about/kirschner) - Weblog (k7r.eu/blog.html) _______________________________________________ GA mailing list GA@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/ga

FSFE internal forms were captured by search engines

If you try to access the pages today they are demanding a password. It looks like somebody disabled the authentication and left them unprotected long enough for the search engines to take snapshots.

For example, to make an internal order for business cards using the name Adolf Hitler, you can try to use this form.

FSFE, internal forms, unsecured, Matthias Kirschner

Membership list for the Berlin FSFE mailing list

You can use this page to join the list or browse the archives.

0xf10e@fsfe.org
99735@gmx.de
ahmruoff@gmail.com
ajh92@fsfe.org
albert@fsfe.org
alex01at@gmail.com
alex.graichen.ag@gmail.com
alex.sander@fsfe.org
anwalt@rechtsanwalt-stehmann.de
archive@mail-archive.com
arvid@fsfe.org
axel.b.kaiser@fsfe.org
axelmetzger@gmx.de
behrens_lars@gmx.de
benedikt.geissler@mailbox.org
benjamin.wand@web.de
benny@benny.de
bernhard@fsfe.org
bernhard@weitzhofer.org
bettgens@wesel-net.de
bh@intevation.de
birgit.huesken@fsfe.org
blanky0230@gmail.com
blipp@fsfe.org
brucker@spamfence.net
buenger@mytum.de
bussec@fsfe.org
c11f49af@posteo.de
cal@zls.de
carl-daniel.hailfinger@bsi.bund.de
carsten.knoll@posteo.de
cb@christian-bertram.de
cc@cmesh.de
chorse@gnu.org
chris.schabesberger@mailbox.org
christian.bleich.b@outlook.com
christian.imhorst@fsfe.org
christian@leber.de
christian@maxen.de
christian.naehle@posteo.de
christop@physik.tu-berlin.de
comzeradd@fsfe.org
cornelius@fsfe.org
cpoell@web.de
cw@fsfe.org
cybercow@triangulum.uberspace.de
dan.scharon@fsfe.org
denefi@fsfe.org
dennis.kawurek@hotmail.de
derik@fsfe.org
dg-lists@restfarbe.de
dhaen@gmx.de
dnt@gmx.com
dosbart@fsfe.org
dr-faustus@gmx.de
dschreiber@gmx.de
dzemisch@emailaholics.org
eal@fsfe.org
ebner@rosinak.at
edu-ml@unormal.org
egnun@fsfe.org
eht16@fsfe.org
erack@fsfe.org
erik@erlenweg.de
etjen.delilovic@gmail.com
e-user@fsfe.org
ff@chello.at
filla-news@online.de
fixtux@t-online.de
flo@4freax.net
floriansnow@fsfe.org
flx@fsfe.org
fphome@live.de
frank.becker@posteo.de
frank@frank.uvena.de
frank.koormann@intevation.de
frank.zimmermann.berlin@freenet.de
freebsd-listen@fabiankeil.de
fseidl@f9s.eu
fsfe@alteholz.de
fsfe@datentopf.org
fsfe@david-huecking.de
fsfe_dl@yahoo.de
fsfe@mo-online.org
fsferesignations@tuta.io
fsfe@rince.de
fsfe@sebdu.de
fsfeurope-german@lists.infodrom.org
fullstack@gmx.de
fw@deneb.enyo.de
ggiedke@fsfe.org
gian-maria.daffre@giammi.org
gnu-fsfe-de@m.gmane.org
gregor6464hp@posteo.de
greve@fsfe.org
gs@gstange.de
guido@fsfe.org
g.w.kugler@posteo.de
haagch@frickel.club
hannes.mayr@digitalcourage.de
he.ne@gmx.net
henning@jacobs1.de
hjensen@mailbox.org
hweidner-lists@gmx.net
idrost@htwm.de
ilu@fsfe.org
irie@wakeupandlive.de
irmhild.rogalla@institut-pi.de
jaeger@jbb-berlin.de
ja@fsfe.org
jan@dittberner.info
jan@intevation.de
jannis@pinterjann.is
jansson@gmx.net
janwey@fsfe.org
j.avdg@fsfe.org
jens@koch-der-gaertner.de
jj@pr-profi.com
jj.sarton@t-online.de
jlk@fsfe.org
jochen@herr-schmitt.de
joerg.berkel@phbern.ch
johannes@hubertz.de
joris.baum@runbox.com
jotbe@fsfe.org
julian.rueth@gmail.com
jurzik@guug.de
jzarl@fsfe.org
kar.dre.2017@gmail.com
karsten.reincke@telekom.de
kdambiec@fsfe.org
kelvan@ist-total.org
kloschi@subsignal.org
kontakt@do-foss.de
kontakt@freiesoftwareog.org
laabs@dasr.de
leize@leize.de
lemming@henning-thielemann.de
lgradl@posteo.net
linux@7mhz.de
liste3@gmx.de
listen@leena.de
lists@apfelkraut.org
lists@bitkeks.eu
lists@koffeinfrei.org
lists-mm@netcologne.de
lists@realcyber.de
lists@sumpfralle.de
lorenz@vulgrim.de
lorenz.wenner@posteo.de
luc.saffre@gmx.net
mail@florianhaas.net
mailinglist@doczkal.de
mail@michael-weimann.eu
mail@rolandgreim.de
mail@zimmer428.net
majestyx@fsfe.org
mararm@fsfe.org
marcoschlicht@onlinehome.de
maria.w@fsfe.org
mark.gerber.1976@gmail.com
martin@gerwinski.de
martone@fsfe.org
marvin.cohrs@hotmail.de
marvin.kohl@posteo.de
mason.edwards.20@outlook.com
mat@fsfe.org
matthias.kabel@tyche.de
matthias@vorlons.info
maurice@prtrc.net
max.mehl@fsfe.org
mbauer@mailbox.org
mf@fsfe.org
mfritsche@reauktion.de
mgross@junetz.de
michael.wehram@wolfsburg.de
micha@stoecker.me
michele.martone@ipp.mpg.de
mkellner@innnet.de
mk@fsfe.org
ml@mareichelt.com
ml@schoenitzer.de
m.mittler@gmx.net
modlinger@erneuerbare-freiheit.de
moritz@headstrong.de
m_szczawinski@poczta.fm
neal@walfield.org
news@gernot-schulz.com
newsletter@danielklier.com
news@schiermeier-it.de
nick.blackberg@nurfuerspam.de
nidi@fsfe.org
nowakewitz@yahoo.de
ntj@allesjetzt.net
oj@null.at
oliver.horn@gmx.net
olli@sopos.org
ooo@altsys.de
pascalwittmann@gmx.net
paul@fsfe.org
p.beier@t-online.de
peter.hormanns@jalin.de
peter.muehlbauer@gmx.net
pfarrch@gmail.com
phil@hoefer-elze.de
philipp.n@fsfe.org
philipp.schneider@mailbox.org
post@lespocky.de
prawn@fsfe.org
proedie@fsfe.org
radoje.stojisic@posteo.de
r.brusa@gmx.ch
reedts@fsfe.org
reg+fsfe@disroot.org
reinhard@fsfe.org
riepernet@fsfe.org
rmacek@fsfe.org
roland.hummel@student.hu-berlin.de
roland@mxchange.org
ronny-fs@vlugnet.org
sascha@girrulat.de
schiessle@fsfe.org
schult@reneschult.de
schulz@fsfe.org
schwirz.linux-ag@freenet.de
sebastian@dorni.net
sebastian.fedrau@gmail.com
sebastian@feltel.de
sebastian@lubo-net.de
sebsch@geblubber.org
selva@posteo.de
shin@posteo.jp
silvan.heintze@gmx.de
simon.parrer@gmail.com
singer.felix@t-online.de
softmetz@fsfe.org
spam.an.joker@googlemail.com
spikespiegel@gmx.net
stefan.boehringer@posteo.de
stefan@debxwoody.de
stefan.frech@gmx.de
stefan.nagy@posteo.net
stefano.cavallari@posteo.de
steffenfritz@fsfe.org
suhrj@fsfe.org
sus2006@bluewin.ch
su@su2.info
sw@fsfe.org
tblu@autistici.org
tb@makesyoualwaysgorgeous.org
tes@fsfe.org
thb@documentfoundation.org
thomasb-fsfe-de@dawnlink.net
thomas@koch.ro
thomas@leske.biz
thomas@schwinge.name
tiestes@gmx.de
tilljaeger@web.de
till.schaefer@do-foss.de
tks@fsfe.org
tobiasd@mailbox.org
tobias_huttner@mailbox.org
tobias.rothfelder@tum.de
tobias.schrank@fsfe.org
tom@voodoo-arts.net
t.schilde@firetech-online.de
tsctob@web.de
u.volmer@u-v.de
vanitasvitae@riseup.net
vassilis@raccoonia.com
v@njh.eu
volker@ixolution.de
volker@netkladde.de
vschlecht@fsfe.org
vv01f@fsfe.org
weo@weo1.de
wg@fsfe.org
wharms@bfs.de
wicker@posteo.de
wilde@intevation.de
willi.uebelherr@gmx.de
woro@wolfgangromey.de
wromey@fsfe.org
yqxoqjno@umail.furryterror.org
zwiebel444@yahoo.de

Other Recent Techrights' Posts

A Week After a Worldwide Windows Outage Microsoft is 'Bricking' Windows All On Its Own, Cannot Blame Others Anymore
A look back at a week of lousy press coverage, Microsoft deceit, and lessons to be learned
 
Links 26/07/2024: Tesco Cutbacks and Fake Patent Courts
Links for the day
Links 26/07/2024: Grimy Residue of the 'AI' Bubble and Tensions Around Alaska
Links for the day
Gemini Links 26/07/2024: More Computers and Tilde Hosting
Links for the day
Links 26/07/2024: "AI" Hype Debunked and Elon Musk's "X" Already Spreads Political Disinformation
Links for the day
"Why you boss is insatiably horny for firing you and replacing you with software."
Ask McDonalds how this "AI" nonsense with IBM worked out for them
No Olympics
We really need to focus on real news
Nobody Holds the GNOME Foundation Accountable (Not Even IRS), It's Governed by Lawyers, Not Geeks, and Headed by a Shaman Crank
GNOME is a deeply oppressive institutions that eats its own
[Meme] The 'Modern' Web and 'Linux' Foundation Reinforcing Monopolies and Cementing centralisation
They don't care about the users and issuing a few bytes with random characters costs them next to nothing. It gives them control over billions of human beings.
'Boiling the Frog' or How Online Certificate Status Protocol (OCSP) is Being Abandoned at Short Notice by Let's Encrypt
This isn't a lack of foresight but planned obsolescence
When the LLM Bubble Implodes Completely Microsoft Will be 'Finished'
Excuses like, "it's not ready yet" or "we'll fix it" won't pass muster
"An escalator can never break: it can only become stairs"
The lesson of this story is, if you do evil things, bad things will come your way. So don't do evil things.
When Wikileaks Was Still Primarily a Wiki
less than 14 years ago the international media based its war journalism on what Wikileaks had published
The Free Software Foundation Speaks Out Against Microsoft
the problem is bigger than Microsoft and in the long run - seeing Microsoft's demise - we'll need to emphasise Software Freedom
IRC Proceedings: Thursday, July 25, 2024
IRC logs for Thursday, July 25, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 26/07/2024: E-mail on OpenBSD and Emacs Fun
Links for the day
Links 25/07/2024: Talks of Increased Pension Age and Biden Explains Dropping Out
Links for the day
Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior
Links for the day
[Meme] Microsoft's "Dinobabies" Not Amused
a slur that comes from Microsoft's friends at IBM
Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure)
"Paid Kenyan Workers Less Than $2 Per Hour"
From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017)
If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
Microsoft Windows Became Rare in Antarctica
Antarctica's Web stats still near 0% for Windows
Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands
Links for the day
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day
LWN (Earlier This Week) is GAFAM Openwashing Amplified
Such propaganda and openwashing make one wonder...
Open Source Initiative (OSI) Blog: Microsoft Operatives Promoting Proprietary Software for Microsoft
This is corruption
Libre-SOC Insiders Explain How Libre-SOC and Funding for Libre-SOC (From NLNet) Got 'Hijacked' or Seized
One worked alongside my colleagues and I in 2011
Why We're Revealing the Ugly Story of What Happened at Libre-SOC
Aside from the fact that some details are public already
Removing the Lid Off of 'Cancel Culture' (in Tech) and Shutting It Down by Illuminating the Tactics and Key Perpetrators
Corporate militants disguised as "good manners"
FSF, Which Pioneered GNU/Linux Development, Needs 32 More New Members in 2.5 Days
To meet the goal of a roughly month-long campaign
Lupa Statistics, Based on Crawling Geminispace, Will Soon Exceed Scope of 4,000 Capsules
Capsules or unique capsules or online capsules are in the thousands and growing
Links 24/07/2024: Many New Attacks on Journalists, "Private Companies Own The Law"
Links for the day
Gemini Links 24/07/2024: Face à Gaïa, Emacs Timers for Weekly Event, Chromebook Survives Water Torture
Links for the day
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
A Total Lack of Transparency: Open and Free Technology Community (OFTC) Fails to Explain Why Over 60% of Users Are Gone (Since a Week Ago)
IRC giants have fallen
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024