[ Audacity Becomes Spyware (fwd)
Speaking personally as someone who has used the program for field production, I am rather disappointed. Audacity open source audio editor has become spyware https://www.slashgear.com/audacity-open-source-audio-editor-has-become-spywa... Ewdison Then - Jul 5, 2021, 12:47am CDT One of open source software’s biggest strengths is, naturally, its openness, which brings other benefits like freedom of use, security through scrutiny, flexibility, and more. That is mostly thanks to the open source-friendly licenses these programs use, but, from time to time, someone comes along and tries to make changes that infuriate the community of users and developers. Sometimes, those changes can even be illegal. Such seems to be the fate that has befallen Audacity, one of the open source world’s most popular pieces of software that now comes under a very invasive privacy policy. The brouhaha started just a few months ago when Audacity was bought by the Muse Group, the company behind equally popular music software like MuseScore, which is also open source, and Ultimate Guitar. So far, Audacity remains open source (and can’t really be changed into proprietary software in its current form), but that doesn’t mean that Muse Group can’t do some pretty damaging changes. Those changes come in the form of the new privacy policy that was just updated a few days ago, a policy that now allows it to collect user data. As a desktop application with no core online functionality, Audacity never had any need to “phone home” in the first place. Now the privacy policy says that the new company does collect data and does so in a way that’s both over-arching and vague, most likely by design. For example, it says that it collects data necessary for law enforcement but doesn’t specify what kind of data is collected. There are also questions regarding the storage of data, which is located in servers in the USA, Russia, and the European Economic Area. IP addresses, for example, are stored in an identifiable way for a day before being hashed and then stored in servers for a year. The new policy also disallows people under the age of 13 from using the software, which, as FOSS Post points out, is a violation of the GPL license that Audacity uses. The open source community was understandably irked by these changes. Fortunately, Audacity is open source software, and it will most likely be taken by the community and forked in a different direction, perhaps with a different name. That will leave Muse Group to develop Audacity on its own instead of being able to leverage (and exploit) the open source community’s hard work.
Karen, Well damn. I am using Audacity to record my vinyl LPs into MP3 files to play in my car. Can they detect that? On Mon, 5 Jul 2021 21:54:04 -0400 (EDT) Karen Lewellen via talk <talk@gtalug.org> wrote:
Speaking personally as someone who has used the program for field production, I am rather disappointed.
Audacity open source audio editor has become spyware
https://www.slashgear.com/audacity-open-source-audio-editor-has-become-spywa...
Ewdison Then - Jul 5, 2021, 12:47am CDT
One of open source software’s biggest strengths is, naturally, its openness, which brings other benefits like freedom of use, security through scrutiny, flexibility, and more. That is mostly thanks to the open source-friendly licenses these programs use, but, from time to time, someone comes along and tries to make changes that infuriate the community of users and developers. Sometimes, those changes can even be illegal. Such seems to be the fate that has befallen Audacity, one of the open source world’s most popular pieces of software that now comes under a very invasive privacy policy.
The brouhaha started just a few months ago when Audacity was bought by the Muse Group, the company behind equally popular music software like MuseScore, which is also open source, and Ultimate Guitar. So far, Audacity remains open source (and can’t really be changed into proprietary software in its current form), but that doesn’t mean that Muse Group can’t do some pretty damaging changes. Those changes come in the form of the new privacy policy that was just updated a few days ago, a policy that now allows it to collect user data.
As a desktop application with no core online functionality, Audacity never had any need to “phone home” in the first place. Now the privacy policy says that the new company does collect data and does so in a way that’s both over-arching and vague, most likely by design. For example, it says that it collects data necessary for law enforcement but doesn’t specify what kind of data is collected.
There are also questions regarding the storage of data, which is located in servers in the USA, Russia, and the European Economic Area. IP addresses, for example, are stored in an identifiable way for a day before being hashed and then stored in servers for a year. The new policy also disallows people under the age of 13 from using the software, which, as FOSS Post points out, is a violation of the GPL license that Audacity uses.
The open source community was understandably irked by these changes. Fortunately, Audacity is open source software, and it will most likely be taken by the community and forked in a different direction, perhaps with a different name. That will leave Muse Group to develop Audacity on its own instead of being able to leverage (and exploit) the open source community’s hard work.
-- Howard Gibson hgibson@eol.ca jhowardgibson@gmail.com http://home.eol.ca/~hgibson
That was a pre-announcement, which they withdrew. --dave On 2021-07-05 10:10 p.m., Howard Gibson via talk wrote:
Karen,
Well damn.
I am using Audacity to record my vinyl LPs into MP3 files to play in my car. Can they detect that?
On Mon, 5 Jul 2021 21:54:04 -0400 (EDT) Karen Lewellen via talk <talk@gtalug.org> wrote:
Speaking personally as someone who has used the program for field production, I am rather disappointed.
Audacity open source audio editor has become spyware
https://www.slashgear.com/audacity-open-source-audio-editor-has-become-spywa...
Ewdison Then - Jul 5, 2021, 12:47am CDT
One of open source software’s biggest strengths is, naturally, its openness, which brings other benefits like freedom of use, security through scrutiny, flexibility, and more. That is mostly thanks to the open source-friendly licenses these programs use, but, from time to time, someone comes along and tries to make changes that infuriate the community of users and developers. Sometimes, those changes can even be illegal. Such seems to be the fate that has befallen Audacity, one of the open source world’s most popular pieces of software that now comes under a very invasive privacy policy.
The brouhaha started just a few months ago when Audacity was bought by the Muse Group, the company behind equally popular music software like MuseScore, which is also open source, and Ultimate Guitar. So far, Audacity remains open source (and can’t really be changed into proprietary software in its current form), but that doesn’t mean that Muse Group can’t do some pretty damaging changes. Those changes come in the form of the new privacy policy that was just updated a few days ago, a policy that now allows it to collect user data.
As a desktop application with no core online functionality, Audacity never had any need to “phone home” in the first place. Now the privacy policy says that the new company does collect data and does so in a way that’s both over-arching and vague, most likely by design. For example, it says that it collects data necessary for law enforcement but doesn’t specify what kind of data is collected.
There are also questions regarding the storage of data, which is located in servers in the USA, Russia, and the European Economic Area. IP addresses, for example, are stored in an identifiable way for a day before being hashed and then stored in servers for a year. The new policy also disallows people under the age of 13 from using the software, which, as FOSS Post points out, is a violation of the GPL license that Audacity uses.
The open source community was understandably irked by these changes. Fortunately, Audacity is open source software, and it will most likely be taken by the community and forked in a different direction, perhaps with a different name. That will leave Muse Group to develop Audacity on its own instead of being able to leverage (and exploit) the open source community’s hard work.
-- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain
On 2021-07-06 7:10 a.m., David Collier-Brown via talk wrote:
That was a pre-announcement, which they withdrew.
They said they were going to withdraw, but they doubled down: https://www.audacityteam.org/about/desktop-privacy-notice/ Their new terms and conditions includes: * collection of usage data (including OS version, user country (based on IP address; it's not clear if they retain IP address), CPU, non-fatal error codes, crash reports and data necessary for law enforcement, litigation and authorities’ requests) stored and processed in Russia; * no use by those under 13 (since presumably the above data collection has no way to opt out, so can't be in compliance with any minor protection laws) Both are a bit worrying, but I've seen Audacity used by middle school science and music classes. This will likely have to stop and another app found. Audacity is GPL 2. It could be forked. Muse, the new owners (again, something I'm not clear on), have a habit of monetizing the apps they are involved with. MuseScore, while a rather decent music engraving system, has now become a nagware pain since Muse bought it. It does work if you're not "signed in" to Muse, but there are some features that are locked out unless you're logged in, and the best of their scores library (mostly community contributed or public domain) is a payware feature. cheers, Stewart
I wonder if this change will get Audacity dropped from some distros. Naively, I'd think that at least Debain and Fedora would have qualms. | From: Stewart C. Russell via talk <talk@gtalug.org> | Audacity is GPL 2. It could be forked. I guess it should be forked. On github, there are 1.6k forks already. Just in case, I added one: https://github.com/HughR/audacity I have made no changes. In particular, I haven't even searched for undesireable code. I have no idea if creating a fork prevents the tree from being withdrawn. It would be good to figure out which fork to back and where a new community might form. Of course the first job is to come up with a new name. Shorter is good. Auditor? Oh wait, that has a pretty settled meaning. "The Aud"? That was the nickname of the Buffalo Memorial Auditorium (demolished in 2009).
On 2021-07-06 10:38 a.m., D. Hugh Redelmeier via talk wrote:
I wonder if this change will get Audacity dropped from some distros. Naively, I'd think that at least Debian and Fedora would have qualms.
Debian has no problem about removing tracking code from packages. But what sort of timeline that will happen in, I don't know.
Of course the first job is to come up with a new name. Shorter is good.
I've got a soft spot for Chutzpah, but that's really what Muse should call theirs. I'm trying to remember the sound editor I used to used before Audacity (even pre-1.0). I seem to remember it being adequate, but it suffered from UX so crude that even the first clunky versions of Audacity seemed like a lot more fun. cheers, Stewart
On Tue, Jul 06, 2021 at 11:14:51AM -0400, Stewart C. Russell via talk wrote:
On 2021-07-06 10:38 a.m., D. Hugh Redelmeier via talk wrote:
I wonder if this change will get Audacity dropped from some distros. Naively, I'd think that at least Debian and Fedora would have qualms.
Debian has no problem about removing tracking code from packages. But what sort of timeline that will happen in, I don't know.
Of course the first job is to come up with a new name. Shorter is good.
My long standing appreciation for the curatorial work distro developers and maintainers do has tempered my distress at Muse's move here: On the desktop and laptop, if there's a reasonably functioning version available in their repos, that's what I'm going to use. For most things, the time constant of their process helps filter things like this out. I'll use the version that's already there for now (for what little use of it I might make, which historically has been not a lot) and we'll see how it goes. But yes, that said, the name seems like it would be the biggest issue since this legalistic turn Muse has taken includes being explicit about having a trademark on the name and a policy against variants using it. -- D. Joe
On 2021-07-06 8:10 a.m., Stewart C. Russell via talk wrote:
Their new terms and conditions includes:
* collection of usage data (including OS version, user country (based on IP address; it's not clear if they retain IP address), CPU, non-fatal error codes, crash reports and data necessary for law enforcement, litigation and authorities’ requests) stored and processed in Russia;
* no use by those under 13 (since presumably the above data collection has no way to opt out, so can't be in compliance with any minor protection laws)
Wow. An Open Source project and they are putting an age restriction on it? It seems likely they won't be in compliance with the GDPR. I wonder what they would do if someone asked them to delete all their data. It seems very likely Audacity will be forked (if it wasn't already). I seem to think I had heard of a fork of it being made. -- Cheers! Kevin. http://www.ve3syb.ca/ | "Nerds make the shiny things that https://www.patreon.com/KevinCozens | distract the mouth-breathers, and | that's why we're powerful" Owner of Elecraft K2 #2172 | #include <disclaimer/favourite> | --Chris Hardwick
On Mon, Jul 05, 2021 at 09:54:04PM -0400, Karen Lewellen via talk wrote:
Speaking personally as someone who has used the program for field production, I am rather disappointed.
Audacity open source audio editor has become spyware
https://www.slashgear.com/audacity-open-source-audio-editor-has-become-spywa...
Don't personally know much about Audacity. Just thought I would pass this along. https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor... -- Znoteer znoteer@mailbox.org
On 2021-07-06 5:07 p.m., Znoteer via talk wrote:
Don't personally know much about Audacity. Just thought I would pass this along.
https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor...
Except your IP address *is* considered to be personally identifying information under GDPR, so Muse will have to jump through hoops for collection, deletion and reporting. In other news, the maintainer of an Audacity fork apparently got *stabbed* over this: https://github.com/tenacityteam/tenacity/issues/99 (CW: somehow members of the odious 4chan board managed to scrape together enough neurons to operate github accounts, so it goes without saying: Don't follow the deeper links!) Stewart
participants (8)
-
D. Hugh Redelmeier -
D. Joe -
David Collier-Brown -
Howard Gibson -
Karen Lewellen -
Kevin Cozens -
Stewart C. Russell -
Znoteer