Community mailing list archives
Re: MAJOR SECURITY PROBLEM! PRIVACY VIOLATED!by
Well Luke this is one reason why Magento looses ground in EU to other software solutions and no reason that ODOO has to do it the same way.
">From what I understand of it Odoo collects some anonymised instance usage statistics among other things, however nothing related to your customer's private data, as some seem to be suggesting."
No matter what gets collected it would be simply good to know what it is.
And it would even much easier if somone who knows what it is will simply make a list and post it here. This will help to talk with the customers about it and they than can decide if they want this disabled or what they want to have disabled (as disabling costs more time = money) for them too and perhaps also more maintenance fee as those custom modules or overwrites would be needed to maintained separately.
Another option would be to make that thematic interesting and give it i.e. Heise.de to check and write an article about it - which than might make SAP happy - even they perhaps do the same ;-) Right now where people use the Open Software argument in the Volkswagen scandal discussion, it would put another view to Free Open Source Software Products, if they are spying out customer data themselves, if this is really the case at all what would need to be proofed first.
On Thu, Nov 12, 2015 at 2:56 PM, Luke Branch <email@example.com> wrote:
The issue you've described is restricted to these Odoo.com community mailing lists.
Some companies seem to monitor the email addresses on this list and collect them to allow them to cold call/email marketing their Odoo services.
The problem is when you reply to the community mailing lists on Odoo, your email address is visible to recipients of the list. You can take a look at the email headers in this reply as an example to see my email address.
From what I understand of it Odoo collects some anonymised instance usage statistics among other things, however nothing related to your customer's private data, as some seem to be suggesting.
Magento does exactly the same thing, and includes magento branding and links all over its software, like transactional emails, static blocks, etc. Look at the default theme and transactional emails and you'll see what I mean.
Custom extensions and themes can be used to override these defaults. Just like any other open source project (sugarcrm, Wordpress, etc., there are loads of examples) Odoo of course includes branding in key places. It's your job to override these defaults if you don't want them there.
oAuth should be switched off if you're not using it to resolve your problem.
Switch your Odoo user into debug/developer mode and you should find what you need in the technical settings that appear.
I suggest checking out some of the great books on Odoo Development and Odoo functional operations in the packtpub website, as well as the many training MooC training courses available online. They have been an invaluable resource for me along with the Odoo official documentation and the many users in the Odoo community forum help.odoo.com that are often happy to provide insight or advice based on their own experience with the platform.
I am still very much only scratching the surface in terms of my own understanding of Odoo, however I suggest picking apart the code to learn how different things work, and if you can't figure it out ask humbly for help in the mailing lists and help forum. People are often happy to help out if they can, and I have learnt a huge amount just from the advice of others in these two forums.
Sent from my iPhone
Privacy IS an issue. We have been approached by emails marketing Odoo user information or potential customers. It is wondered how many more Odoo partners have received such emails. We did not respond, so not sure from where those info was leaked, and what details were in their hands. Also we do not know what details have been exposed from our own implementations.
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Gunnar Wagner
Sent: Thursday, November 12, 2015 1:27 PM
To: Community <firstname.lastname@example.org>
Subject: Re: MAJOR SECURITY PROBLEM! PRIVACY VIOLATED!
On 11/12/2015 10:57 AM, Andreas Becker wrote:
>> ... Where can we find a no phone home module - could you recommend one
https://bitbucket.org/BizzAppDev/oerp_no_phoning_home should be what he is referring to
Gunnar Wagner | Iris Germanica Co., Ltd. | Jin Qian Gong Lu 385, 8-201, Feng Xian District, 201404 Shanghai, P.R. CHINA
+86.159.0094.1702 | skype: professorgunrad | wechat: 15900941702
-- N. Arranz-Velazquez OpusVL Odoo Specialist Team (OOST) Product Owner OpusVL Drury House Drury Lane Rugby CV21 3DE T: 01788 298 450 W: opusvl.com