vacancies advertise contact news tip The Vault
facebook rss twitter

Audacity's user data collection causing consternation

by Mark Tyson on 6 July 2021, 13:11

Quick Link: HEXUS.net/qaeqtb

Add to My Vault: x

The Audacity audio editor has been a staple of many a user's multimedia toolkits for over 20 years and has had over 100 million downloads. It is described as a free, open source, cross-platform audio software package with availability across Windows, MacOS, GNU/Linux and more. That sounds like a great utility to have access to, and indeed over the years, on various PCs and laptops I have owned, I have downloaded and used Audacity for audio cutting, compressing, and conversion tasks.

Unfortunately, it looks like a multinational company (Muse Group) recently bought up Audacity and has been busy implementing a "data-collection mechanism in the software". FossPost brought this story to light and asserts that the new owners of Audacity updated the program's privacy policy to allow for "a wide range of data collection mechanisms," including data about your computer hardware, software, and even data for "law enforcement, litigation, and authority requests".

The above might be enough to cause ire among privacy campaigners, but it gets worse. Audacity's updated privacy policy pages go on to say that Muse Group will occasionally share user data with its main office in Russia, and its external counsel in the USA. User data might be shared with anyone Muse Group classifies as a "third-party", "advisors" or "potential buyers". Moreover, Audacity servers will keep users IP addresses unhashed on its servers for 24 hours, so users are practically identifiable by parties with whom Muse Group shares its data.

As an offline desktop utility it seems out of kilter to request / need such information, thus the FossPost website, and many GitHub and Reddit users, are describing the version 3+ Audacity application as "spyware".

So, what if you feel the need for a tool like Audacity and want to avoid the potential privacy pitfalls? I just went through and installed the latest version (3.0.2) and didn't see any of the privacy policy changes highlighted in the various dialogues that popped up, neither was I presented with any options to opt-in or out of the data collection mechanisms.

To avoid being spied upon, the recommended cause of action for those who would like to use Audacity is to stick with a version before v3, put Audacity behind your Firewall, or check out the new fork of the Audacity project which removes 'Sentry Telemetry and Crash Reporting'. Alternatively, you could try a 2019 branch called DarkAudacity (Windows app download link available, UI pictured above).



HEXUS Forums :: 16 Comments

Login with Forum Account

Don't have an account? Register today!
Shame.
Tragic - highlights the plight of a lot of free / open-source projects that grow popular. Eventually something has to give, as the developers need to earn something for all the time they've invested, however noble their original aims.

Lets hope the various forks of Audacity live on and continue evolving in good ways.
Muse head of strategy Daniel Ray told BBC News that his company has no intention of mining user information for profit. Mostly the app's online comms with the company is intended to be used to notify “users about updates they might miss,” indicated Ray.

We shall have to wait and see the updated privacy policy.
Here it seem people have just discovered location logging, after a newspaper buy a batch of info on random Danes from a English data broker.
One guy had his location logged every few seconds for several days having installed some weather APP.

People on millitary and intelligence locations was also in the data set.

These are things EU should come down on much much harder.
mtyson
Muse head of strategy Daniel Ray told BBC News that his company has no intention of mining user information for profit. Mostly the app's online comms with the company is intended to be used to notify “users about updates they might miss,” indicated Ray.

We shall have to wait and see the updated privacy policy.

That doesn't necessarily mean that they won't change their stated intent in the future though, and for many this could be enough of a warning that people jump to the forks to prevent being affected by it.

There's much too long of a history of companies saying one thing then doing another later, and it's certainly not something you want to happen when it involves an open source project, so it's unsurprising that such changes are viewed with a healthy dose of suspicion.

Which is of course why the open source aspect of it is a good thing, as forks can progress how the community want them to instead if there are any disagreements between parties.

EDIT: Saracen makes some good points below.