Open Source Initiative (OSI) Privacy Fiasco in Detail: More on the Complaint, Which Also Points the Finger at Stefano Mafulli and Deb Nicholson

posted by Roy Schestowitz on Apr 11, 2025,
updated Apr 11, 2025

IN THE introduction and the following two parts we gave sufficient background for people who are not familiar with this fiasco. The previous two parts showed most of the complaint (as a PDF).

Today we add some more bits from the aforementioned complaint:

[complainant:] Original Complaint - truncated. Not much here. Requested a copy.

Additionally, the information can be found here, if they are not timely with my request, I will request it under:

Public Records Act (PRA) Requests:

Email: PRA@cppa.ca.gov with the Subject: ATTN: PRA Coordinator

Mail: CPPA

ATTN: PRA Coordinator

2101 Arena Blvd

Sacramento, CA 95834

Fees are determined by the number of copies and availability of the documents/records requested. CPPA will tell you the final cost. You must pay the fees before CPPA can release the documents/records.

Here's the gist of it again:

[complainant:] Captured from original complaint - truncated

What is the complaint about? Check all that apply.*

A business’s collection, use, storing or sharing of my personal information

Right to Limit the Use of My Sensitive Personal Information

[complainant:] If I recall, I selected these.

What are the name(s) of the business(es), service provider(s), contractor(s), or people that you believe violated the California Consumer Privacy Act?*

Open Source Initiative: A California corporation

Helios: Third party vendor used by the Open Source Initiative for elections.

Deb Nicholson previous Interim Director

Stefano Mafulli as well as their IT staff and those working/volunteering at OSI who may also be held accountable for this neglect of private data.

Are you a California Resident?

no

Please describe the complaint.*

The Open Source Initiative, hereafter known as OSI, used a third party vendor for elections. The 3rd party is hosting that information live with a search function still in place of 589 members for over 4 years.

Please describe any materials you have supporting the complaint.

Publicly available list:

https://vote.heliosvoting.org/helios/elections/bff2406c-ee29-11eb-8191-767e6b2f70fa/voters/list

[Editor: it's still all there!!!]

Have you already contacted the business(es), service provider(s), contractor(s), or people about the complaint?*

no

Do you wish to submit this complaint as an unsworn complaint, or a sworn complaint?*

Sworn

Contact Information: [redacted]

If known, please identify the following information for the business, service provider, contractor or person who allegedly violated the California Consumer Privacy Act

opensource.org

"The stewards are not in the house," we got told. "The OSI allege they are "stewards" of the Open Source Definition, a derivative of the Debian Free Software Guidelines."

"Perens also drafted the Debian social contract."

"The Debian Free Software Guidelines announcement by Perens."

"The Open Source Definition was a derivative of the DFSG. I reached out to Perens to clarify whether DFSG announcement means we can use the DFSG as a model for other projects - partial email to Perens requesting clarification. Just sent today but excited to hear the response: "I recently came across the Debian Free Software Guidelines announce and would like to use the document as a model for my projects as well as promote DFSG or a derivative as a model for other projects. We hope that other software projects, including other Linux distributions, will use this document as a model. We will gladly grant permission for any such use.""

"Does this statement mean we can simply use the document as a model with no further due diligence or explicit permissions?"

Beware face-saving attempts to change the subject.

Judging by what's happening in opensource.org and opensource.net this week, the OSI might be trying to urgently change the subject. As noted in the sister site, in [1] below we see Microsoft proxies doing "State of Open Source Report". Openwashing is also talked about by Microsoft's Nick Vidal [2], who is back with openwashing nonsense for "AI" - the Microsoft Ponzi scheme that OSI gets bribed to constantly prop up. Vidal has been absent from the blog for nearly 3 months. He mostly ducked the turbulent OSI times and now he complains about “open enough.” Is he even aware of what his paymaster (Microsoft) does? Why does he promote GitHub? It's proprietary.

Anyway, the OSI is a big pile of inconsistent messaging, often attacking its very own mission.

Focus on what they are attempting to distract from. █

_________

1. Key insights from the 2025 State of Open Source Report [Ed: OpenLogic is a Microsoft proxy]

   Each year, the State of Open Source Report offers a valuable pulse check on the global Open Source ecosystem—and the 2025 edition is no exception. Produced by Perforce OpenLogic, in partnership with the Eclipse Foundation and the Open Source Initiative, this report uncovers the latest trends, tensions, and transformations shaping how Open Source is adopted, managed, and scaled in organizations of all sizes.

2. There are no “Degrees of Open”: why Openness is binary

   For Hey Hi (AI) to be truly Open Source, it must uphold the same principles that have defined Open Source software for over two decades. There is no “80% open” or “open enough.” The freedom to use, study, modify, and share isn’t negotiable. It’s either there, or it isn’t.