Bonum Certa Men Certa

Amandine Jambert (cryptie), CNIL, FSFE Financial data breach

posted by Roy Schestowitz on Apr 02, 2024

[Article 1.5 years old]

Reprinted with permission from the Free Software Fellowship.

We already wrote about Amandine "Cryptie" Jambert who is working for the French privacy regulator, CNIL while using a pseudonym to participate in the FSFE.

We mentioned that FSFE covered up the financial data privacy breach.

We want to publish more evidence and show why this is happening.

Amandine 'cryptie' JAMBERT, CNIL, FSFE

FSFE financial statements show they have lots of money. Their budget is €600,000 per year.

Looking at their employee list, they don't employee anybody with real technical competence. The one technical staff member is a social science graduate who is re-training as a "hopeful" developer. All the money goes to the imposters and female interns.

They use volunteers and students to do the sysadmin work. The FSFE jobs page is currently looking for a student sysadmin to work on the minimum wage.

Working time and compensation: The desired working time would be 10 hours per week but can be discussed. You will start working in our Berlin office to get a feeling for the organisation and the faces behind it, but at a later stage, home office is possible. The salary is based on the currently applicable minimum wage in Germany but can be higher depending on your experience. A mandatory requirement is that you are enrolled as a student at a university in Germany.

As a student, the sysadmin won't be available for about 6 weeks each semester while undertaking exams.

Volunteers also discovered FSFE using teenagers, children, child labour - see the YH4F and Outreachy Grooming scandals

Here we publish the full email about the privacy breach.

In this leak, Matthias Kirschner claims that nobody has taken copies of the financial data so there was no obligation to make any warning to the donors.

In fact, many volunteers, former employees, students, interns and maybe even children have copies of data about the FSFE donors. It was 15 year olds in Belfast who hacked the British phone company Talk-Talk. FSFE would be a walk in the park for those kids. We are publishing a copy of the FSFE Berlin mailing list membership to prove that copies exist outside the FSFE and therefore Matthias Kirschner is a liar.

We will remove the list when Matthias Kirschner removes all the defamation from the FSFE web sites, all other free software projects and search results.

Subject: [GA] Report about privacy problem with financial data
Date: Thu, 15 Mar 2018 14:26:10 +0100
From: Matthias Kirschner <>
To: FSFE General Assembly <>, FSFE system hackers <>

The archives of, and thereby all the information including full names, amount, credit card and bank details, were public from 18 December 2017 until 13 March 2018. It is now fixed and nobody outside the FSFE should have had access to them. Please help to check if the archives of your list should be public or not (see below).
On 13 March Reinhard noticed, that has a public archive, he informed me, I directly changed the archive to private and changed the admin password for the list which is currently only available to Heiki and myself. Due to a communication mistake neither Jan and Vincent nor I myself checked when checking the list settings after we were informed about the problems with (which Jonas created on 1 November). I myself forgot to remember that finance@ was also a mailing list, after Jonas migrated the former finance@ alias to a mailman list on 18 December 2017, and Jan and Vincent used the external mailing list listing, instead of the internal list. So we missed the list when checking other mailing lists after the former incident.
As the mailing list had public archives everybody knowing the URL would have had access to information like full name, amount of money for the donation, and the last 4 digits of the credit card number, for bank transfers the whole info BIC + IBAN numbers, contract discussions about the legal workshop, info messages from corporate donors (e.g. Google's Benevity), invoices, internal discussion by our finance team, etc.
I first wanted to inform you about the problem and discuss how to communicate the privacy problem to the effected parties, but Heiki suggested to first check all IP logs to see if they archives were accessed by third parties. Thanks to Albert's work, we can now say that the archives were only accessed this week, and that the IP addresses belonged either to Heiki, Reinhard, or the Berlin office (in comparison with staff@ the mailing list was not advertised on our list server and we were able to confirm.)
Jan, Vincent, and myself did some other checks, and when we wondered if the list should be public asked the people involved if it is ok that their list archive is public. # How you can help
One wish how you can help: if you are part of a mailing list which was not mentioned before, please do one quick check if the archives are publicly available, and if that should be the case. Else either change it yourself, or inform about it. In general if you setup a list with sensitive information, please check how people can subscribe, if the list should be advertised on our list server, if there should be an archive, and make sure that the archive is not public. Best Regards, Matthias
-- Matthias Kirschner - President - Free Software Foundation Europe Schönhauser Allee 6/7, 10119 Berlin, Germany | t +49-30-27595290 Registered at Amtsgericht Hamburg, VR 17030 | ( Contact ( - Weblog ( _______________________________________________ GA mailing list

FSFE internal forms were captured by search engines

If you try to access the pages today they are demanding a password. It looks like somebody disabled the authentication and left them unprotected long enough for the search engines to take snapshots.

For example, to make an internal order for business cards using the name Adolf Hitler, you can try to use this form.

FSFE, internal forms, unsecured, Matthias Kirschner

Membership list for the Berlin FSFE mailing list

You can use this page to join the list or browse the archives.

Other Recent Techrights' Posts

Links 14/04/2024: Tesla and OpenAI (Microsoft) Layoffs Floated in the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 13, 2024
IRC logs for Saturday, April 13, 2024
Gemini Links 13/04/2024: SEO Spam and ‘Broadband Nutrition Label’
Links for the day
Gemini Links 13/04/2024: GmCapsule 0.7 Released
Links for the day
Links 13/04/2024: Whistleblowers, OpenAI and Microsoft Leakers
Links for the day
'Our' Technology Inside the Home is Becoming Less Reliable and It Implements the Vision of Orwell's '1984' (Microphones and Cameras Inside Almost Every Room)
Technology controlled by who exactly?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 12, 2024
IRC logs for Friday, April 12, 2024
Google, FSFE & Child labor
Reprinted with permission from the Free Software Fellowship
Links 13/04/2024: Huawei and Loongson PCs, IBM Layoffs
Links for the day
Gemini Links 13/04/2024: Specification Changes and Metaverse Newbie
Links for the day
Links 12/04/2024: Big Brother in the Workplace and Profectus Browser Alpha 0.3
Links for the day
[Video] Trainline Finally Issues a Refund, But It Took 9 Days and Showed How 'Modern' Systems Fail Travelers
They treat people like a bunch of animals or cattle, not like valuable customers
WIPO UDRP D2024-0770 Debian vendetta response
Reprinted with permission from Daniel Pocock
Links 12/04/2024: Reporters Without Borders Rep Kicked Out of Hong Kong
Links for the day
Gemini Links 12/04/2024: Funny Thing, Manual Scripts, and More
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 11, 2024
IRC logs for Thursday, April 11, 2024