Question about Paypal&Moneybooker

[Lazylegs]

Hello, once again here, this time bit more polite so hopefully will not get banned after my first post.

 

Todays topic, why prestashop does spy many of the stores setup on the application?

 

I am building a quick payment gateway plugin for my client so decided to check how other modules do it. So opened paypal module, good place to snip some code as is quite broad module. So suddenly noticed that application fetches image from prestashop.com with MY paypal account's email address and payment method with it.

 

This was quite a shock, so decided to check some other module and noticed that money bookers does even more. It sends my moneybookers passphrase as MD5 with the account email and obviously my sites URL is included.

 

I have just scratched the surface a bit and haven't checked the files fully, should build regexp to go through the files for these url's that I definitely don't want to see there.

 

At the same go, might ask why the currency conversion goes through some silly xml file located at prestashop.com? http://www.prestasho.../currencies.xml

[olea]

On which version of prestashop do you have this ?

 

In which file/lines of the paypal module do you see theses calls ?

[Lazylegs]

You can find the codes from 1.4.7.0 module files

 

So for paypal you can check: /modules/paypal/paypal.php inside method: _postProcess()

 

For Moneybookers: /modules/moneybookers/moneybookers.php and inside method: getContent()

 

That's a admin configure page, still don't want to see it there. If I make deal with Moneybookers, I do it with them and don't want any middle men between me and the service.

[Lazylegs]

Quite many modules seem to fetch images from the prestashop.com with url variables passed with them. Not only payment modules but socolissimo seems to fetch one image also at _postProcess()

 

I'll stop there, got this module to be written

[Fabien Serny]

Hi Lazylegs,

 

There is not secret here and I can assure you we are not spying on you.

We do not retrieve any sensitive informations such as payment amount, paypal credentials, ...

 

We have a partnership with paypal and we need to know how many merchants are using PayPal (same thing for moneybookers and some others modules).

This partnership permits us to earn money and offers new free features to community (you) such as multishop, ...

 

For the file currency.xml permits you to retrieve the currency rate. This rate can change every day, that's why you retrieve it from prestashop.com. Moreover, this file is retrieved only when you click on a button. So if you don't want this call to be made, don't push the button

 

I hope I answered all your interrogations and that you are not worried anymore.

I'm one of the core developer, so if you have any others questions, feel free to ask me

 

Best regards,

[Lazylegs]

Actually no it does not answer.

 

Or it does answer but does not explain the fact that no one knows about this. I don't care if you got partnership or not, I am not in partnership with you [Carl : Moderated, you can say the same thing politely] off from my site.

 

If I want to share info with you, please modify the install so that there is checkbox "You want to participate with our user surveillance program so we get affiliate money from our partners like Paypal"

 

And about the currency conversion, Id rather use some certified resource than shady file from your site. It is lacking lot of currencies first off. And If I would like to refresh my currencies hourly, your xml does not provide it.

[Fabien Serny]

Hi,

 

I will really appreciate if you could stay polite.

 

There is no secret there, many topics are talking about it and we publish a document about it :

http://doc.prestashop.com/download/attachments/4096008/Communication+between+stores+and+PrestaShop.pdf?version=1&modificationDate=1317646465000

This document is in the user guide.

 

I understand that you don't care about our partnership even if it permits you to use a free e-commerce software with many features, that's why you are free to remove all trackers that disturb you. It's open source and you're a developer, so I don't think you will have any problem with this

 

Best regards,

[Lazylegs]

Hey it was asterisk marks, I meant fend, that is polite word. I would not say [Carl: So do not say it at all, next time is permanent ban] at public forums

 

How bout those stores that are now aware about you collecting private information in form of email addresses, that is confidential even people think that it is public. And even more concerning on the fact that the email addresses passed on are "banking" accounts and more confidential. You saying that you don't store any information or pass it to 3rd parties? Would be a big lie when thinking that why on earth would image file have GET variables.

[Carl Favre]

Hello Lazylegs,

 

As Fabien said you can make your voice heard but in a polite way.

 

About your other questions, everything is explained in the document he gave you. We also have had many topics about this issue so do not hesitate to use the search function.

 

Finally as Fabien said, it is open source so if you do not want it to work that way, you can just fix it.

[Fabien Serny]

Hi,

 

As I explained, we do not sell give or sell your e-mail to third party.

 

It's just to know that you are using paypal service by PrestaShop, but, as you can imagine, this is not problem because PayPal has already your e-mail if you're using their service. We do not retrieve any password so there is no sensitive informations there.

We can't access to merchants "bank" account like you are insinuating (it seems to be defamation to me).

 

Best regards,

[Lazylegs]

Ok, so you renamed the thread, this is interesting as this does not only affect those you have set to it.

 

For transparency of service, I ask you to remove all code that has any usernames posted to your site through these modules. Your document defines Anonymous data, since when usernames are anonymous? And to remove them as you define they don't have any importance for you. As you collect anonymous data, it should be enough to have the payment method for example. If you cannot remove them, then they do have some importance and it is not anonymous anymore.

 

On that basis each store owner could request you the print out what data you got about them by EU law as their guard.

 

And it is wrong to ban people for writing something that might slightly imply to be a swear word, when you don't actually know what is behind the asterisks. I might as well meant funk.

[Pippo3000]

many merchants are using PayPal (same thing for moneybookers

salut fabien, sorry for hijacking this topic but I would like to know why the latest moneybookers module does not offer iframes anymore? I used v0.8 of the module with PS1.3.2 for 2 years w/o problems. Now I am migrating to PS1.4.8.2. and the moneybookers module coming with that install always leaves my shop (like paypal) and I do not see the iframe option anymore. That is a real pity since I found it quite a benefit of moneybookers to offer iframes and leave the customers on my site.

 

are there any plans to add iframes here again in the near future? by the way, that would be great also for paypal.

 

or do you know whether the v0.8 moneybookers module happens to work with PS1.4.8.2 so I could use that old module again?

 

merci

phil

Edited July 25, 2012 by Mike Kranzler
Only one issue per thread. (see edit history)

[Mike Kranzler]

Phil,

"Hijacking this topic" is not permitted. Please post a new thread for this sort of question.

 

-Mike