Bonum Certa Men Certa

Amandine Jambert (cryptie), CNIL, FSFE Financial data breach

posted by Roy Schestowitz on Apr 02, 2024

[Article 1.5 years old]

Reprinted with permission from the Free Software Fellowship.

We already wrote about Amandine "Cryptie" Jambert who is working for the French privacy regulator, CNIL while using a pseudonym to participate in the FSFE.

We mentioned that FSFE covered up the financial data privacy breach.

We want to publish more evidence and show why this is happening.

Amandine 'cryptie' JAMBERT, CNIL, FSFE

FSFE financial statements show they have lots of money. Their budget is €600,000 per year.

Looking at their employee list, they don't employee anybody with real technical competence. The one technical staff member is a social science graduate who is re-training as a "hopeful" developer. All the money goes to the imposters and female interns.

They use volunteers and students to do the sysadmin work. The FSFE jobs page is currently looking for a student sysadmin to work on the minimum wage.

Working time and compensation: The desired working time would be 10 hours per week but can be discussed. You will start working in our Berlin office to get a feeling for the organisation and the faces behind it, but at a later stage, home office is possible. The salary is based on the currently applicable minimum wage in Germany but can be higher depending on your experience. A mandatory requirement is that you are enrolled as a student at a university in Germany.

As a student, the sysadmin won't be available for about 6 weeks each semester while undertaking exams.

Volunteers also discovered FSFE using teenagers, children, child labour - see the YH4F and Outreachy Grooming scandals

Here we publish the full email about the privacy breach.

In this leak, Matthias Kirschner claims that nobody has taken copies of the financial data so there was no obligation to make any warning to the donors.

In fact, many volunteers, former employees, students, interns and maybe even children have copies of data about the FSFE donors. It was 15 year olds in Belfast who hacked the British phone company Talk-Talk. FSFE would be a walk in the park for those kids. We are publishing a copy of the FSFE Berlin mailing list membership to prove that copies exist outside the FSFE and therefore Matthias Kirschner is a liar.

We will remove the list when Matthias Kirschner removes all the defamation from the FSFE web sites, all other free software projects and search results.

Subject: [GA] Report about privacy problem with financial data
Date: Thu, 15 Mar 2018 14:26:10 +0100
From: Matthias Kirschner <mk@fsfe.org>
To: FSFE General Assembly <ga@lists.fsfe.org>, FSFE system hackers <system-hackers@lists.fsfe.org>

The archives of finance@lists.fsfe.org, and thereby all the information including full names, amount, credit card and bank details, were public from 18 December 2017 until 13 March 2018. It is now fixed and nobody outside the FSFE should have had access to them. Please help to check if the archives of your list should be public or not (see below).
On 13 March Reinhard noticed, that finance@lists.fsfe.org has a public archive, he informed me, I directly changed the archive to private and changed the admin password for the list which is currently only available to Heiki and myself. Due to a communication mistake neither Jan and Vincent nor I myself checked finance@lists.fsfe.org when checking the list settings after we were informed about the problems with staff@lists.fsfe.org (which Jonas created on 1 November). I myself forgot to remember that finance@ was also a mailing list, after Jonas migrated the former finance@ alias to a mailman list on 18 December 2017, and Jan and Vincent used the external mailing list listing, instead of the internal list. So we missed the list when checking other mailing lists after the former incident.
As the mailing list had public archives everybody knowing the URL would have had access to information like full name, amount of money for the donation, and the last 4 digits of the credit card number, for bank transfers the whole info BIC + IBAN numbers, contract discussions about the legal workshop, info messages from corporate donors (e.g. Google's Benevity), invoices, internal discussion by our finance team, etc.
I first wanted to inform you about the problem and discuss how to communicate the privacy problem to the effected parties, but Heiki suggested to first check all IP logs to see if they archives were accessed by third parties. Thanks to Albert's work, we can now say that the archives were only accessed this week, and that the IP addresses belonged either to Heiki, Reinhard, or the Berlin office (in comparison with staff@ the mailing list was not advertised on our list server and we were able to confirm.)
Jan, Vincent, and myself did some other checks, and when we wondered if the list should be public asked the people involved if it is ok that their list archive is public. # How you can help
One wish how you can help: if you are part of a mailing list which was not mentioned before, please do one quick check if the archives are publicly available, and if that should be the case. Else either change it yourself, or inform system-hackers@lists.fsfe.org about it. In general if you setup a list with sensitive information, please check how people can subscribe, if the list should be advertised on our list server, if there should be an archive, and make sure that the archive is not public. Best Regards, Matthias
-- Matthias Kirschner - President - Free Software Foundation Europe Schönhauser Allee 6/7, 10119 Berlin, Germany | t +49-30-27595290 Registered at Amtsgericht Hamburg, VR 17030 | (fsfe.org/join) Contact (fsfe.org/about/kirschner) - Weblog (k7r.eu/blog.html) _______________________________________________ GA mailing list GA@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/ga

FSFE internal forms were captured by search engines

If you try to access the pages today they are demanding a password. It looks like somebody disabled the authentication and left them unprotected long enough for the search engines to take snapshots.

For example, to make an internal order for business cards using the name Adolf Hitler, you can try to use this form.

FSFE, internal forms, unsecured, Matthias Kirschner

Membership list for the Berlin FSFE mailing list

You can use this page to join the list or browse the archives.

0xf10e@fsfe.org
99735@gmx.de
ahmruoff@gmail.com
ajh92@fsfe.org
albert@fsfe.org
alex01at@gmail.com
alex.graichen.ag@gmail.com
alex.sander@fsfe.org
anwalt@rechtsanwalt-stehmann.de
archive@mail-archive.com
arvid@fsfe.org
axel.b.kaiser@fsfe.org
axelmetzger@gmx.de
behrens_lars@gmx.de
benedikt.geissler@mailbox.org
benjamin.wand@web.de
benny@benny.de
bernhard@fsfe.org
bernhard@weitzhofer.org
bettgens@wesel-net.de
bh@intevation.de
birgit.huesken@fsfe.org
blanky0230@gmail.com
blipp@fsfe.org
brucker@spamfence.net
buenger@mytum.de
bussec@fsfe.org
c11f49af@posteo.de
cal@zls.de
carl-daniel.hailfinger@bsi.bund.de
carsten.knoll@posteo.de
cb@christian-bertram.de
cc@cmesh.de
chorse@gnu.org
chris.schabesberger@mailbox.org
christian.bleich.b@outlook.com
christian.imhorst@fsfe.org
christian@leber.de
christian@maxen.de
christian.naehle@posteo.de
christop@physik.tu-berlin.de
comzeradd@fsfe.org
cornelius@fsfe.org
cpoell@web.de
cw@fsfe.org
cybercow@triangulum.uberspace.de
dan.scharon@fsfe.org
denefi@fsfe.org
dennis.kawurek@hotmail.de
derik@fsfe.org
dg-lists@restfarbe.de
dhaen@gmx.de
dnt@gmx.com
dosbart@fsfe.org
dr-faustus@gmx.de
dschreiber@gmx.de
dzemisch@emailaholics.org
eal@fsfe.org
ebner@rosinak.at
edu-ml@unormal.org
egnun@fsfe.org
eht16@fsfe.org
erack@fsfe.org
erik@erlenweg.de
etjen.delilovic@gmail.com
e-user@fsfe.org
ff@chello.at
filla-news@online.de
fixtux@t-online.de
flo@4freax.net
floriansnow@fsfe.org
flx@fsfe.org
fphome@live.de
frank.becker@posteo.de
frank@frank.uvena.de
frank.koormann@intevation.de
frank.zimmermann.berlin@freenet.de
freebsd-listen@fabiankeil.de
fseidl@f9s.eu
fsfe@alteholz.de
fsfe@datentopf.org
fsfe@david-huecking.de
fsfe_dl@yahoo.de
fsfe@mo-online.org
fsferesignations@tuta.io
fsfe@rince.de
fsfe@sebdu.de
fsfeurope-german@lists.infodrom.org
fullstack@gmx.de
fw@deneb.enyo.de
ggiedke@fsfe.org
gian-maria.daffre@giammi.org
gnu-fsfe-de@m.gmane.org
gregor6464hp@posteo.de
greve@fsfe.org
gs@gstange.de
guido@fsfe.org
g.w.kugler@posteo.de
haagch@frickel.club
hannes.mayr@digitalcourage.de
he.ne@gmx.net
henning@jacobs1.de
hjensen@mailbox.org
hweidner-lists@gmx.net
idrost@htwm.de
ilu@fsfe.org
irie@wakeupandlive.de
irmhild.rogalla@institut-pi.de
jaeger@jbb-berlin.de
ja@fsfe.org
jan@dittberner.info
jan@intevation.de
jannis@pinterjann.is
jansson@gmx.net
janwey@fsfe.org
j.avdg@fsfe.org
jens@koch-der-gaertner.de
jj@pr-profi.com
jj.sarton@t-online.de
jlk@fsfe.org
jochen@herr-schmitt.de
joerg.berkel@phbern.ch
johannes@hubertz.de
joris.baum@runbox.com
jotbe@fsfe.org
julian.rueth@gmail.com
jurzik@guug.de
jzarl@fsfe.org
kar.dre.2017@gmail.com
karsten.reincke@telekom.de
kdambiec@fsfe.org
kelvan@ist-total.org
kloschi@subsignal.org
kontakt@do-foss.de
kontakt@freiesoftwareog.org
laabs@dasr.de
leize@leize.de
lemming@henning-thielemann.de
lgradl@posteo.net
linux@7mhz.de
liste3@gmx.de
listen@leena.de
lists@apfelkraut.org
lists@bitkeks.eu
lists@koffeinfrei.org
lists-mm@netcologne.de
lists@realcyber.de
lists@sumpfralle.de
lorenz@vulgrim.de
lorenz.wenner@posteo.de
luc.saffre@gmx.net
mail@florianhaas.net
mailinglist@doczkal.de
mail@michael-weimann.eu
mail@rolandgreim.de
mail@zimmer428.net
majestyx@fsfe.org
mararm@fsfe.org
marcoschlicht@onlinehome.de
maria.w@fsfe.org
mark.gerber.1976@gmail.com
martin@gerwinski.de
martone@fsfe.org
marvin.cohrs@hotmail.de
marvin.kohl@posteo.de
mason.edwards.20@outlook.com
mat@fsfe.org
matthias.kabel@tyche.de
matthias@vorlons.info
maurice@prtrc.net
max.mehl@fsfe.org
mbauer@mailbox.org
mf@fsfe.org
mfritsche@reauktion.de
mgross@junetz.de
michael.wehram@wolfsburg.de
micha@stoecker.me
michele.martone@ipp.mpg.de
mkellner@innnet.de
mk@fsfe.org
ml@mareichelt.com
ml@schoenitzer.de
m.mittler@gmx.net
modlinger@erneuerbare-freiheit.de
moritz@headstrong.de
m_szczawinski@poczta.fm
neal@walfield.org
news@gernot-schulz.com
newsletter@danielklier.com
news@schiermeier-it.de
nick.blackberg@nurfuerspam.de
nidi@fsfe.org
nowakewitz@yahoo.de
ntj@allesjetzt.net
oj@null.at
oliver.horn@gmx.net
olli@sopos.org
ooo@altsys.de
pascalwittmann@gmx.net
paul@fsfe.org
p.beier@t-online.de
peter.hormanns@jalin.de
peter.muehlbauer@gmx.net
pfarrch@gmail.com
phil@hoefer-elze.de
philipp.n@fsfe.org
philipp.schneider@mailbox.org
post@lespocky.de
prawn@fsfe.org
proedie@fsfe.org
radoje.stojisic@posteo.de
r.brusa@gmx.ch
reedts@fsfe.org
reg+fsfe@disroot.org
reinhard@fsfe.org
riepernet@fsfe.org
rmacek@fsfe.org
roland.hummel@student.hu-berlin.de
roland@mxchange.org
ronny-fs@vlugnet.org
sascha@girrulat.de
schiessle@fsfe.org
schult@reneschult.de
schulz@fsfe.org
schwirz.linux-ag@freenet.de
sebastian@dorni.net
sebastian.fedrau@gmail.com
sebastian@feltel.de
sebastian@lubo-net.de
sebsch@geblubber.org
selva@posteo.de
shin@posteo.jp
silvan.heintze@gmx.de
simon.parrer@gmail.com
singer.felix@t-online.de
softmetz@fsfe.org
spam.an.joker@googlemail.com
spikespiegel@gmx.net
stefan.boehringer@posteo.de
stefan@debxwoody.de
stefan.frech@gmx.de
stefan.nagy@posteo.net
stefano.cavallari@posteo.de
steffenfritz@fsfe.org
suhrj@fsfe.org
sus2006@bluewin.ch
su@su2.info
sw@fsfe.org
tblu@autistici.org
tb@makesyoualwaysgorgeous.org
tes@fsfe.org
thb@documentfoundation.org
thomasb-fsfe-de@dawnlink.net
thomas@koch.ro
thomas@leske.biz
thomas@schwinge.name
tiestes@gmx.de
tilljaeger@web.de
till.schaefer@do-foss.de
tks@fsfe.org
tobiasd@mailbox.org
tobias_huttner@mailbox.org
tobias.rothfelder@tum.de
tobias.schrank@fsfe.org
tom@voodoo-arts.net
t.schilde@firetech-online.de
tsctob@web.de
u.volmer@u-v.de
vanitasvitae@riseup.net
vassilis@raccoonia.com
v@njh.eu
volker@ixolution.de
volker@netkladde.de
vschlecht@fsfe.org
vv01f@fsfe.org
weo@weo1.de
wg@fsfe.org
wharms@bfs.de
wicker@posteo.de
wilde@intevation.de
willi.uebelherr@gmx.de
woro@wolfgangromey.de
wromey@fsfe.org
yqxoqjno@umail.furryterror.org
zwiebel444@yahoo.de

Other Recent Techrights' Posts

Richard Stallman's Next Public Talk is on Friday, 17:30 in Córdoba (Spain), FSF Cannot Mention It
Any attempt to marginalise founders isn't unprecedented as a strategy
Stefano Maffulli's (and Microsoft's) Openwashing Slant Initiative (OSI) Report Was Finalised a Few Months Ago, Revealing Only 3% of the Money Comes From Members/People
Microsoft's role remains prominent (for OSI to help the attack on the GPL and constantly engage in promotion of proprietary GitHub)
[Video] Online Brigade Demands That the Person Who Started GNU/Linux is Denied Public Speaking (and Why FSF Cannot Mention His Speeches)
So basically the attack on RMS did not stop; even when he's ill with cancer the cancel culture will try to cancel him, preventing him from talking (or be heard) about what he started in 1983
 
Bruce Perens & Debian: swiping the Open Source trademark
Reprinted with permission from disguised.work
Ean Schuessler & Debian SPI OSI trademark disputes
Reprinted with permission from disguised.work
Windows in Sudan: From 99.15% to 2.12%
With conflict in Sudan, plus the occasional escalation/s, buying a laptop with Vista 11 isn't a high priority
Anatomy of a Cancel Mob Campaign
how they go about
[Meme] The 'Cancel Culture' and Its 'Hit List'
organisers are being contacted by the 'cancel mob'
IRC Proceedings: Monday, April 22, 2024
IRC logs for Monday, April 22, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Don't trust me. Trust the voters.
Reprinted with permission from Daniel Pocock
Chris Lamb & Debian demanded Ubuntu censor my blog
Reprinted with permission from disguised.work
Ean Schuessler, Branden Robinson & Debian SPI accounting crisis
Reprinted with permission from disguised.work
William Lee Irwin III, Michael Schultheiss & Debian, Oracle, Russian kernel scandal
Reprinted with permission from disguised.work
Microsoft's Windows Down to 8% in Afghanistan According to statCounter Data
in Vietnam Windows is at 8%, in Iraq 4.9%, Syria 3.7%, and Yemen 2.2%
[Meme] Only Criminals Would Want to Use Printers?
The EPO's war on paper
EPO: We and Microsoft Will Spy on Everything (No Physical Copies)
The letter is dated last Thursday
Links 22/04/2024: Windows Getting Worse, Oligarch-Owned Media Attacking Assange Again
Links for the day
Links 21/04/2024: LINUX Unplugged and 'Screen Time' as the New Tobacco
Links for the day
Gemini Links 22/04/2024: Health Issues and Online Documentation
Links for the day
What Fake News or Botspew From Microsoft Looks Like... (Also: Techrights to Invest 500 Billion in Datacentres by 2050!)
Sededin Dedovic (if that's a real name) does Microsoft stenography
[Meme] Master Engineer, But Only They Can Say It
One can conclude that "inclusive language" is a community-hostile trolling campaign
[Meme] It Takes Three to Grant a Monopoly, Or... Injunction Against Staff Representatives
Quality control
[Video] EPO's "Heart of Staff Rep" Has a Heartless New Rant
The wordplay is just for fun
An Unfortunate Miscalculation Of Capital
Reprinted with permission from Andy Farnell
Online Brigade Demands That the Person Who Made Nix Leaves Nix for Not Censoring People 'Enough'
Trying to 'nix' the founder over alleged "safety" of so-called 'minorities'
[Video] Inauthentic Sites and Our Upcoming Publications
In the future, at least in the short term, we'll continue to highlight Debian issues
List of Debian Suicides & Accidents
Reprinted with permission from disguised.work
Jens Schmalzing & Debian: rooftop fall, inaccurately described as accident
Reprinted with permission from disguised.work
[Teaser] EPO Leaks About EPO Leaks
Yo dawg!
On Wednesday IBM Announces 'Results' (Partial; Bad Parts Offloaded Later) and Red Hat Has Layoffs Anniversary
There's still expectation that Red Hat will make more staff cuts
IBM: We Are No Longer Pro-Nazi (Not Anymore)
Historically, IBM has had a nazi problem
Bad faith: attacking a volunteer at a time of grief, disrespect for the sanctity of human life
Reprinted with permission from Daniel Pocock
Bad faith: how many Debian Developers really committed suicide?
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 21, 2024
IRC logs for Sunday, April 21, 2024
A History of Frivolous Filings and Heavy Drug Use
So the militant was psychotic due to copious amounts of marijuana
Bad faith: suicide, stigma and tarnishing
Reprinted with permission from Daniel Pocock
UDRP Legitimate interests: EU whistleblower directive, workplace health & safety concerns
Reprinted with permission from Daniel Pocock
Links 21/04/2024: Earth Day Coming, Day of Rest, Excess Deaths Hidden by Manipulation
Links for the day
Bad faith: no communication before opening WIPO UDRP case
Reprinted with permission from Daniel Pocock
Bad faith: real origins of harassment and evidence
Reprinted with permission from Daniel Pocock
Links 21/04/2024: Censorship Abundant, More Decisions to Quit Social Control Media
Links for the day
Bad faith: Debian Community domain used for harassment after WIPO seizure
Reprinted with permission from Daniel Pocock
If Red Hat/IBM Was a Restaurant...
Two hours ago in thelayoff.com
Why We Republish Articles From Debian Disguised.Work (Formerly Debian.Community)
articles at disguised.work aren't easy to find
Google: We Run and Fund Diversity Programs, Please Ignore How Our Own Staff Behaves
censorship is done by the recipients of the grants
Paul Tagliamonte & Debian Outreachy OPW dating
Reprinted with permission from disguised.work
Disguised.Work unmasked, Debian-private fresh leaks
Reprinted with permission from disguised.work
[Meme] Fake European Patents Helped Fund the War on Ukraine
The European Patent Office (EPO) does not serve the interests of Europe
European Patent Office (EPO) Has Serious Safety Issues, This New Report Highlights Some of Them
9-page document that was released to staff a couple of days ago
IRC Proceedings: Saturday, April 20, 2024
IRC logs for Saturday, April 20, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Microsoft-Run FUD Machine Wants Nobody to Pay Attention to Microsoft Getting Cracked All the Time
Fear, Uncertainty, Doubt (FUD) is the business model of "modern" media
Torvalds Fed Up With "AI" Passing Fad, Calls It "Autocorrect on Steroids."
and Microsoft pretends that it is speaking for Linux
Gemini Links 21/04/2024: Minecraft Ruined
Links for the day