> Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”)
requested access to private data, which we understood to be specifically the
usernames and passwords of our supporters. We have refused this request. All our
attempts to clarify Nexi’s request, or to understand how their need for such
information was necessary and legal, were met with what we consider to be vague
and unsatisfactory explanations relating to a general need for risk analysis. >
> Subsequently, we found ourselves unable to receive credit card donations
through Nexi’s system. In the afternoon of 10 March, we were further informed
that our contract had been cancelled a few days prior on 7 March, due to our
supposed failure to meet their deadline to fulfil their request. This deadline
was not communicated to us beforehand, despite us having been Nexi’s customer
for the past 15 years. This is completely crazy! As 450 supporters are affected,
that is a huge amount of donations that were cut off!
Over the past few months, our former payment provider Nexi S.p.A. (“Nexi”) requested access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request. All our attempts to clarify Nexi’s request, or to understand how their need for such information was necessary and legal, were met with what we consider to be vague and unsatisfactory explanations relating to a general need for risk analysis.
Y tho. What in fuck does a payment provider have to do with asking for this?
I mean the name of the people who are originating these ideas. We should be putting names like who are the executives.
They get away with this stuff because they’re faceless organizations or higher ups beyond consequences.
I just see so many systems in place that are there to allow these things to trample us and nobody in this generation challenges. Like the opposition to authority in this generation just seems like they’re apart of the authority. They’re also playing they’re role.
FSFE should report them to the GDPR authority, but also financial ones.
The article says Nexi reached out after ‘cancelling’ the contract - meaning FSFE was financially offline for those few days. If it were a ‘normal’ business this was done to, they would sue for damages to hell and back.
Y tho. What in fuck does a payment provider have to do with asking for this?
How come there’s never a name attached to these things.
As in a name reporting the issue, or a name from the payment provider?
It’s on the FSFE homepage if you need confirmation of the story: https://fsfe.org/news/2026/news-20260316-01.en.html
I mean the name of the people who are originating these ideas. We should be putting names like who are the executives.
They get away with this stuff because they’re faceless organizations or higher ups beyond consequences.
I just see so many systems in place that are there to allow these things to trample us and nobody in this generation challenges. Like the opposition to authority in this generation just seems like they’re apart of the authority. They’re also playing they’re role.
Is this not against GDPR? I feel like this would be a slam dunk case.
FSFE should report them to the GDPR authority, but also financial ones.
The article says Nexi reached out after ‘cancelling’ the contract - meaning FSFE was financially offline for those few days. If it were a ‘normal’ business this was done to, they would sue for damages to hell and back.
And so should FSFE.
Um, excuse me? For starters they should only ever have hashes, but there is never a valid reason to ask for that many passwords.
Missed opportunity for them to troll Nexi and just send them:
Usernames Passwords hunter2 hunter2
Many? Not for one