Community mailing list archives

community@mail.odoo.com

Re: MAJOR SECURITY PROBLEM! PRIVACY VIOLATED!

by
Skillteam, Houssine BAKKALI
- 11/12/2015 06:27:01
Well you maybe just missed the most important part... The fact that maybe Odoo is a hidden project of the illuminati to control the world...

2015-11-12 12:21 GMT+01:00 Andreas Becker <andi@lisandi.com>:
Well Luke this is one reason why Magento looses ground in EU to other software solutions and no reason that ODOO has to do it the same way.

">From what I understand of it Odoo collects some anonymised instance usage statistics among other things, however nothing related to your customer's private data, as some seem to be suggesting."

No matter what gets collected it would be simply good to know what it is. 

And it would even much easier if somone who knows what it is will simply make a list and post it here. This will help to talk with the customers about it and they than can decide if they want this disabled or what they want to have disabled (as disabling costs more time = money) for them too and perhaps also more maintenance fee as those custom modules or overwrites would be needed to maintained separately.

Another option would be to make that thematic interesting and give it i.e. Heise.de to check and write an article about it - which than might make SAP happy - even they perhaps do the same ;-) Right now where people use the Open Software argument in the Volkswagen scandal discussion, it would put another view to Free Open Source Software Products, if they are spying out customer data themselves, if this is really the case at all what would need to be proofed first.











With kind regards,
Mit freundlichen Grüßen,
Con un cordial saludo,
Cordialement,
с сердечным приветом,
เรื่องที่เกี่ยวกับชนิด,
與親切的問候,

<html><div> 

</div><div> ANDI BECKER

CEO/General Manager LisAndi Co., Ltd.

about.me/andibecker</div></html>
--------------------------------------------------

LisAndi Co. Ltd., Phuket, Thailand (lisandi.com)
15/21 M.2 Viset Road, Rawai, Muang, Phuket, Thailand 83130

VoIP:   +49 (0)711 50 88788 50
Fax:     +49 (0)711 50 88788 50
Skype:          lisandi
Facebook:     andibecker
Google Talk/Facetime/eMail:  andi@lisandi.com

--------------------------------------------------

This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email by mistake), please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly prohibited. Email transmission security and error-free status cannot be guaranteed as information could be intercepted, corrupted, destroyed, delayed, incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which may arise as a result of email transmission

On Thu, Nov 12, 2015 at 2:56 PM, Luke Branch <odoocommunitywidgets@gmail.com> wrote:
Hi Jason,

The issue you've described is restricted to these Odoo.com community mailing lists.

Some companies seem to monitor the email addresses on this list and collect them to allow them to cold call/email marketing their Odoo services.

The problem is when you reply to the community mailing lists on Odoo, your email address is visible to recipients of the list. You can take a look at the email headers in this reply as an example to see my email address.

From what I understand of it Odoo collects some anonymised instance usage statistics among other things, however nothing related to your customer's private data, as some seem to be suggesting.

Hi Andreas,

Magento does exactly the same thing, and includes magento branding and links all over its software, like transactional emails, static blocks, etc. Look at the default theme and transactional emails and you'll see what I mean.

Custom extensions and themes can be used to override these defaults. Just like any other open source project (sugarcrm, Wordpress, etc., there are loads of examples) Odoo of course includes branding in key places. It's your job to override these defaults if you don't want them there.

oAuth should be switched off if you're not using it to resolve your problem.

Switch your Odoo user into debug/developer mode and you should find what you need in the technical settings that appear.

I suggest checking out some of the great books on Odoo Development and Odoo functional operations in the packtpub website, as well as the many training MooC training courses available online. They have been an invaluable resource for me along with the Odoo official documentation and the many users in the Odoo community forum help.odoo.com that are often happy to provide insight or advice based on their own experience with the platform.

I am still very much only scratching the surface in terms of my own understanding of Odoo, however I suggest picking apart the code to learn how different things work, and if you can't figure it out ask humbly for help in the mailing lists and help forum. People are often happy to help out if they can, and I have learnt a huge amount just from the advice of others in these two forums.

Sent from my iPhone

On 12 Nov 2015, at 2:27 PM, Jason / 崔建平 <jason@qdodoo.com> wrote:

Privacy IS an issue. We have been approached by emails marketing Odoo user information or potential customers. It is wondered how many more Odoo partners have received such emails. We did not respond, so not sure from where those info was leaked, and what details were in their hands. Also we do not know what details have been exposed from our own implementations.

 

 

From: bounce-4148214-mail.group-59@mail.odoo.com [mailto:bounce-4148214-mail.group-59@mail.odoo.com] On Behalf Of Gunnar Wagner
Sent: Thursday, November 12, 2015 1:27 PM
To: Community <community@mail.odoo.com>
Subject: Re: MAJOR SECURITY PROBLEM! PRIVACY VIOLATED!

 

On 11/12/2015 10:57 AM, Andreas Becker wrote:


>> ... Where can we find a no phone home module - could you recommend one

https://bitbucket.org/BizzAppDev/oerp_no_phoning_home should be what he is referring to


--
Gunnar Wagner | Iris Germanica Co., Ltd. | Jin Qian Gong Lu 385, 8-201, Feng Xian District, 201404 Shanghai, P.R. CHINA
+86.159.0094.1702 | skype: professorgunrad | wechat: 15900941702

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe


_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe