Audacity Controversy continues with newly published Privacy Notice

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Content source
https://www.ghacks.net/2021/07/04/audacity-controversy-continues-with-newly-published-privacy-notice/
The last couple of months have been all but pleasant for the new owners of the open source audio editor Audacity. It all began in May 2020 with news that Audacity was acquired by MuseGroup; what acquired meant exactly was not made clear back then, considering that Audacity was an open source project.

Also in May of the same year, plans to add Telemetry to Audacity were introduced on GitHub. These plans were dropped a week later because the move was criticized highly.

An update to the Desktop Privacy Notice was published in July 2021, and it too is generating uproar. The note lists the data that Audacity is collecting as well as the reason for collecting the data, with whom the data is shared and under which circumstances, how the data is protected, and how it is stored and deleted.

The following data is or may be collected by Audacity:
  • App Analytics and App Improvements:
    • OS version
    • User country based on IP address
    • OS name and version
    • CPU
    • Non-fatal error codes and messages (i.e. project failed to open)
    • Crash reports in Breakpad MiniDump format
  • For legal enforcement
    • Data necessary for law enforcement, litigation and authorities’ requests (if any)
The "legal enforcement" data collecting part of the Desktop Privacy Notice is vague, as it does not list the data that Audacity may provide for "law enforcement, litigation and authorities’ requests". It is unclear why it is not listed. While it is clear that a company does not know which data law enforcement may request, a list of information that Audacity collects or may collect could be listed there.

Another paragraph that is seen as problematic is 7.1 Data storage and transfers of data. Audacity data is stored on servers in the European Economic Area according to the paragraph, but personal data may be shared occasionally with the group's main office in Russia and the group's external counsel in the United States.

The privacy notice looks like a lighter version of the group's Musescore privacy policy, but with less data collecting. The group's initial plan to collect more Telemetry in Audacity was halted because of the public outcry over the decision.
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: Mercenary, Behold Eck, zoran popovic and 17 others
SumTingWong

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,714
For legal enforcement
  • Data necessary for law enforcement, litigation and authorities’ requests (if any)
Click to expand...

This is a big no for me. Why they want to access it and need this? This is an open source(well not anymore after acquiristion) audio record and playback software. What they want to hear? Me talking trash to my friends on weekends? Me drop my mixtapes? Me summon an anime girl to sleep with me? Me and my friends casting voodoo magic to our phones so our phones can have infinite battery life and fly?
They want to spy on us in another word. Going to uninstall it asap. Open source software and developer got acquired by a a company is a big sign it will going down hill. Anyone knows a good alternative?

In addition,
Controversy surrounding the new project owners of Audacity continues. It should be clear by now that any changes made that may affect user privacy are under scrutiny, especially if they are vague or may reduce the privacy of users.
The undefined data that Audacity may collect for law enforcement purposes falls into the category. The transferring of data to Russia or the United States is also problematic from a privacy point of view.
Click to expand...
ayo, ain't this going way too far for an audio record and playback software?

Edit: the name of the software speaks itself.

Their Audacity to be snitches. Their Audacity to spy on their clients.
Click to expand...
 
  • Like
  • Applause
Reactions: DJ Panda, Venustus, Nevi and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
SumTingWong said:
This is a big no for me. Why they want to access it and need this? This is an open source(well not anymore after acquiristion) audio record and playback software. What they want to hear? Me talking trash to my friends on weekends? Me drop my mixtapes? Me summon an anime girl to sleep with me? Me and my friends casting voodoo magic to our phones so our phones can have infinite battery life and fly?
They want to spy on us in another word. Going to uninstall it asap. Open source software and developer got acquired by a a company is a big sign it will going down hill. Anyone knows a good alternative?

In addition,

ayo, ain't this going way too far for an audio record and playback software?

Edit: the name of the software speaks itself.
Click to expand...
For alternatives look to the next Ghacks article:
www.ghacks.net

The best free Audacity Alternatives - gHacks Tech News

Here are the best free alternatives to the open source cross-platform audio editor Audacity.
www.ghacks.net
Audacity Forks: cookiengineer/audacity
Ocenaudio: ocenaudio
Wavosaur: Wavosaur free audio editor with VST and ASIO support
Audiodope: AudioDope Free Audio Editor
Click to expand...
And from the comments:
Another free alternative is DaVinci Resolve (free version). It is a video editor, so it is a lot more than an audio tool. It includes Fairlight, which is a quite serviceable audio recorder and editor. The DaVinci developers have been improving Fairlight as they iterate DaVinci Resolve and it is getting better with each iteration.

DaVinci Resolve 18 – Fairlight | Blackmagic Design

Professional video editing, color correction, visual effects and audio post production all in a single application. Free and paid versions for Mac, Windows and Linux.
www.blackmagicdesign.com
Click to expand...
 
Last edited:
  • Like
  • Wow
  • +Reputation
Reactions: Mercenary, zoran popovic, CyberTech and 6 others
The_King

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
I have a few questions in regard to this software.

1. Is it not possible to still use the software and block it from accessing the internet?
2. Why not use a version of this software that was pre-telemetry / data collection?
3. Which version will be the best one to download before all these changes took place?

I have used this program previously, and it's a great audio editor, I don't think using an old version is going to pose any security risk since
this software does not require network or internet access to function. AFAIK
 
  • Like
  • Applause
Reactions: Behold Eck, zoran popovic, Venustus and 1 other person
SumTingWong

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,714
Opc9 said:
1. Is it not possible to still use the software and block it from accessing the internet?
Click to expand...
Block inbound and outbound connection in Firewall. Don't upgrade at all. I think the latest version has this telemetry.
Opc9 said:
2. Why not use a version of this software that was pre-telemetry / data collection?
Click to expand...
Use older version before 3.02.

3. Which version will be the best one to download before all these changes took place?
Click to expand...
use older version before 3.02



Edit: @Opc9. It seems like v2 is safer than v3.
forums.appleinsider.com

Audacity 3.0 called spyware over data collection changes by new owner - Mac Software Discussions on AppleInsider Forums

Audacity, the well-known open-source audio-editing software, has been called spyware in a report, with privacy policy changes revealing the tool is collecting data on its users and sharing it with other firms, as well as sending the data to Russia.
forums.appleinsider.com
www.makeuseof.com

Why We Don't Recommend Updating or Reinstalling Audacity Past Version 2.4

Users are looking for other free alternatives to Audacity—now that it may be collecting and sharing personal user data.
www.makeuseof.com www.makeuseof.com
Thankfully, if data privacy is important to you, you can still use Audacity without feeling at risk. Some Twitter users have pointed out that as long as you don't update your update Audacity past version 2.4 or reinstall it entirely, these changes will not affect you.
Click to expand...
www.techtimes.com

Audacity 3.0 Revealed to be a Spyware That Collects and Shares Users' Data--Is it Time to Delete This?

Is it now the time to delete open-source software Audacity after it was called spyware? Here are the details about it.
www.techtimes.com www.techtimes.com
 
Last edited:
  • Like
Reactions: CyberTech, Venustus, The_King and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
Clarification of Privacy Policy:
A quick statement to address the concerns around our new Privacy Policy.

We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying. In the meantime, we would like to clarify what seem to be the major points of concern:
  • Selling Data & Sharing - We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.
  • Data Collection- Data we collect is very limited.
    • IP address - which is pseudonymised and irretrievable after 24 hours.
    • Basic System Info - OS version and CPU type.
    • Error Report Data (Optional) - Sent manually by users as part of an Error Report.
  • Additional Data - We do not collect any additional data beyond the points listed above for any purpose.
  • Compliance with Law Enforcement- We will not collect or provide any information other than data described above with with any government entity or law enforcement agency.
    • Compelled by Court - Data is not shared upon an agency request; we will do so only if compelled by a court of law in a jurisdiction that we serve.
    • Limited Window - After 24 hours the IP address being collected is irretrievably lost.
    • Jurisdiction Requirements - We operate in many countries around the world and this is a standard policy requirement for providing services in many jurisdictions, regardless of the depth of data collected or nature of service.
  • Offline Use - The Privacy Policy does not apply to offline use of the application.
We are working with our legal team to revise our privacy policy to more clearly communicate the above points and our intent.

About the term 'Personal Data'

GDPR classifies an IP address as something that potentially counts as 'personal data', which is why we use that term in the Privacy Policy. This is necessary for two features being introduced in the next version of Audacity:
  • Automatic Updates - checking to see if there is a new version available
  • Error Reporting - an opt-in feature for users to send error reports to us
As mentioned in the Compliance with Law Enforcement above, we take steps so that the IP address we collect is non-identifiable after 24 hours.

We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.

In the meantime, the Privacy Policy doesn't actually come into force until the next release of Audacity (3.0.3). The current version (3.0.2) does not support data collection any data of any kind and has no networking features enabled.
Click to expand...
github.com

Clarification of Privacy Policy · Discussion #1225 · audacity/audacity

A quick statement to address the concerns around our new Privacy Policy. We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying...
github.com github.com
 
  • Like
  • Thanks
  • +Reputation
Reactions: upnorth, Nevi, Andrew999 and 5 others
SumTingWong

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,714
  • Like
Reactions: Nevi, brambedkar59, Andrew999 and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567

Audacity publishes updated Privacy Policy and an Apology​

MuseGroup, the owner of the open source audio editor Audacity, published an updated privacy policy and an apology today. The company became the owner of the Audacity repository back in May 2021 and has stumbled from one PR catastrophe to the next since then.

It started with the plan to introduce Telemetry in the open source editor. Audacity is an offline program for various platforms, and Muse Group suggested that Telemtry, which would be opt-in, would help focus development.

The plans to introduce Telemetry were dropped after Muse Group was criticized for the plan. Audacity would still contain an option to provide error reports, but users would be in command of the sending.

A Privacy Notice published in the beginning of July started the next controversy. It listed information that Audacity might collect, e.g. when the built-in automatic updating functionality is used.

Muse Group tried to clarify the newly published privacy policy and admitted back then that some phrases were unclear.

Today, Muse Group published an update to the privacy policy and an apology on the official Audacity GitHub repository. The updated privacy policy of Audacity is available on the official site.

The update addresses the main points of criticism leveled against the previous version of the privacy policy.

In particular, the following points are changed:
  • The provision that discourages users that are younger than 13 years to use Audacity has been removed.
  • The purpose of the error reporting and update checking functionality is explained.
  • The full IP address is never stored (either truncated before hashed, or discarded).
  • The "collecting personal data for law enforcement" paragraph makes it clear that no additional data is collected.
Closing Words

It remains to be seen if the revised Privacy Policy and apology will result in a calming down of the entire situation. A potential next issue, concerning a Muse Group employee, is currently being discussed on Twitter and elsewhere.
Click to expand...
www.ghacks.net

Audacity publishes updated Privacy Policy and an Apology - gHacks Tech News

MuseGroup, the owner of the open source audio editor Audacity, published an updated privacy policy and an apology today.
www.ghacks.net
 
  • Wow
  • Like
Reactions: Andrew999, Venustus, CyberTech and 5 others
Mountainking

Mountainking

Level 3
Verified
Well-known
Jan 10, 2018
116
Why are people getting upset from their move? Its free stuff. Just move away....There should be alternatives to it.
Like utorrent to qbittorent. Just give them the F and move on. Why complain and be entitled. They picked their sides, pick yours.
 
  • Like
Reactions: Venustus, CyberTech and Gandalf_The_Grey
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,875
Mountainking said:
Why are people getting upset from their move? Its free stuff. Just move away....There should be alternatives to it.
Like utorrent to qbittorent. Just give them the F and move on. Why complain and be entitled. They picked their sides, pick yours.
Click to expand...
It's more of a trust issue, which is kinda big deal in open source. It really backfired on MUSE after introducing new Contributor License Agreement (CLA).
Unfortunately, signing the CLA is a necessary requirement if you want to contribute to the Audacity project.
Click to expand...
Read the comments below.
github.com

Information About Our New Contributor License Agreement · audacity/audacity · Discussion #932

Following multiple discussions across various threads in Audacity GitHub repo, we are creating this topic to keep all relevant conversations focused in a single location. For those not yet aware, w...
github.com github.com
 
  • Like
Reactions: Venustus and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

Ink
    • Wow
    • Sad
    • HaHa
X will now collect your Biometric data
Replies
0
Views
853
News Archive
Ink
Ink
enaph
    • Like
    • +Reputation
    • Thanks
Privacy News Concerns raised over UK Data Protection Bill’s impact on EU’s GDPR
Replies
1
Views
1,604
Security News
MuzzMelbourne
MuzzMelbourne
Lymphocyte
    • +Reputation
    • Like
    • Applause
Security News LockBit ransomware disrupted by global police operation
Replies
8
Views
2,662
Security News
Lymphocyte
Lymphocyte

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top