Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Asking Prestashop users about privacy issue with hosted installations
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Asking Prestashop users about privacy issue with hosted installations

SaahibSaahib Host Rep, Veteran
edited April 2020 in Help

Hi, I thought to try Prestashop for a small project , created local install, however, got problem and after giving all details, it stuck on last step where it is supposed to create sample store database.

During course of troubleshooting, I deleted it and went for fresh install , to my surprise it started from where I left, even my db password field is prepopulated.

To double check, I deleted everything, even DB (it was empty anyway). But same directory and same db name, again my db field was pre-populated. I headed to their privacy page here:
https://www.prestashop.com/en/personal-data-protection-policy-prestashop-download

It says that you collect "database name, prefix , db identifier and Database" info from "Prestashop solution installer form".

Why on this earth you need to store each installations database and its password ? It even says database.. what is that, why on earth they need all details for personal hosted installation ?

And during installation , there is no option to say NO to share my info.

Please correct me.. as I am surprised by their data stealing method and being so widely used, I believe I am wrong but its hard to digest such data collection policy.. they have everything about your store right form installation.

Comments

  • angstromangstrom Moderator

    @Saahib said: And during installation , there is no option to say NO to share my info.

    Well, you can always choose not to use their product if this really bothers you.

    Please correct me.. as I am surprised by their data stealing method and being so widely used, I believe I am wrong but its hard to digest such data collection policy.. they have everything about your store right form installation.

    But are they really "stealing" your data? They seem to be very transparent about what data they collect from you. The data that they collect don't seem so outrageous to me (but I'm not a PrestaShop user, so perhaps I've missed something).

  • SaahibSaahib Host Rep, Veteran

    Well, after quite a research I had zeroed to Prestashop, but after seeing the kind of data they are storing, its outrageous.

    When you install such scripts, you give DB name, db server, db user and password. It seems they are taking it all along with owner name, url of store and what not.

    Hope you understand if you have remote DB server, you can access it with given details if its not restricted to set IPs etc.

    So, technically I think if you make store with them, they owns you. If my observations are correct then why nobody is talking about it. Hence I thought to take views of fellow members here as on their official forum , there is still no response.

    PS: Ofcourse I am exploring other options.

  • angstromangstrom Moderator

    @Saahib said: When you install such scripts, you give DB name, db server, db user and password. It seems they are taking it all along with owner name, url of store and what not.

    Hope you understand if you have remote DB server, you can access it with given details if its not restricted to set IPs etc.

    It wasn't clear to me whether they ask for the database password as well, but they do? I'd agree that they shouldn't ask for the database password.

    I guess that there aren't so many PrestaShop users here ...

  • SaahibSaahib Host Rep, Veteran

    I concluded this when I cleaned the install but my db password field was still pre-populated, it means it was sent to their remote server and then when I tried again on fresh install (but same location / server), it was pulled from their records.

    Second, if you see images I attached, they say : "Data collected from solution installer" .. they have everything, even DATABASE , stats and all..

    I though someone here (even if not PS user) can through some more insight on this kind of practice, or if I am wrong, correct me.

  • angstromangstrom Moderator

    @Saahib said:
    I concluded this when I cleaned the install but my db password field was still pre-populated, it means it was sent to their remote server and then when I tried again on fresh install (but same location / server), it was pulled from their records.

    Second, if you see images I attached, they say : "Data collected from solution installer" .. they have everything, even DATABASE , stats and all..

    It wasn't clear to me from your screenshot above that when they write "Data base", they really mean "Database password", but if they do, I fully understand your concern!

  • SaahibSaahib Host Rep, Veteran

    Ya man.. I started topic there, no response yet.

Sign In or Register to comment.