No, Open Source Audacity Audio Editor Is Not 'Spyware'

Over the Fourth of July weekend, a number of news outlets, including Slashdot, ran stories warning that the free and open-source audio editor Audacity may now be classified as spyware due to recent updates to its privacy policy. Ars Technica's Jim Salter looked into these claims and found that that is not the case. An anonymous reader shares an excerpt from his report: FOSS-focused personal technology site SlashGear declares that although Audacity is free and open source, new owner Muse Group can "do some pretty damaging changes" -- specifically meaning its new privacy policy and telemetry features, described as "overarching and vague." FOSSPost goes even further, running the headline "Audacity is now a possible spyware, remove it ASAP." The root of both sites' concern is the privacy policy instigated by new Audacity owner Muse Group, who already published open source music notation tool MuseScore. The privacy policy, which was last updated on July 2, outlines the data which the app may collect [...]. The personal data being collected as outlined in the first five bullet points is not particularly broad -- in fact, it's quite similar to the collected data described in FOSSPost's own privacy policy: IP address, browser user-agent, "some other cookies your browser may provide us with," and (by way of WordPress and Google analytics) "your geographical location, cookies for other websites you visited or any other information your browser can give about you." This leaves the last row -- data necessary for law enforcement, litigation and authorities' requests (if any)." While that's certainly a broad category and not particularly well-defined, it's also a fact of life in 2021. Whether a privacy policy says so or not, the odds are rather good that any given company will comply with legitimate law enforcement requests. If it doesn't, it won't likely be a company for long. The final grain of salt in the wound is a line stating that Audacity is "not intended for individuals below the age of 13" and requesting people under 13 years old "please do not use the App." This is an effort to avoid the added complexity and expense of dealing with laws regulating collection of personal data from children.

The first thing to point out is that neither the privacy policy nor the in-app telemetry in question are actually in effect yet -- both are targeted to an upcoming 3.0.3 release, while the most recent available version is 3.0.2. For now, that means there's absolutely no need for anyone to panic about their currently-installed version of Audacity. [...] Although FOSS-focused media outlets including FOSSPost and Slashgear reported negatively on this issue over the holiday weekend, the contributors and commenters active on the project's Github seem to have been largely satisfied by the May 13 update, which declared that Muse Group would self-host its telemetry sessions rather than using third-party libraries and hosting. The same day the second pull request went live, Github user Megaf said, "Good stuff. As long as the data is not going to [third party tech giants] we should be happy. Collect the data you really need, self-host it, make it private, make it opt-in, and we shall help." It's a small sample, but the sentiment seems broadly supported, with 66 positive and 12 negative reactions. Reaction to Megaf's comment reflects user reaction to the updated pull request itself, which currently has 606 positive and 29 explicitly negative reactions -- a marked improvement over the original pull request's 4,039 explicitly negative reactions and only 300 positive reactions. We believe that the user community got it right -- Muse Group appears to be taking the community's privacy concerns very seriously indeed, and its actual policies as stated appear to be reasonable.

Damn it!

[lsllll]

I already uninstalled it and installed a fork!

Re:

[crolix]

Is it called Audrocity?

No need

[AndyKron]

They don't need to collect any data.

Re:

[Ostracus]

They don't need to bug fix, or improve either.

Whats my web browser have to do with any of this?

[Anonymous Coward]

My location, username, and other browser data isn't required to fix or improve either.

Re:

[Xenx]

It doesn't collect browser data. They were using the privacy policy of FOSSPost's website as an example of how the data they DO collect is pretty standard. They cover what is collected in the /. link or anywhere else you care to look.

Re:

[ThomasMB]

Audacity isn't a web browser and has zero need to collect age of user (how else do you think they'll know who's under 13 and using their software?), IP address or any information needed to send to the authorities. When installed via repository, it doesn't even need to know OS version or type as that's handled by the package maintainers. If I want to use an audio editor to increase the volume, merge audio clips, etc. why should they need to know anything at all except when their application crashes and even

Re:

[Xenx]

That's a different question than what I responded to. But, metrics are a thing companies like to keep track of. Knowing your user base means you know where to expend resources. That isn't to say I think they NEED to be collecting it, but there are legitimate reasons they would.

Re:

[Anonymous Coward]

They don't need to bug fix, or improve either.

None of the data they are collecting is needed to fix bugs or make improvements.

Re:No need

[ArchieBunker]

At some point all bugs are fixed and functionality has peaked. Why can't programmers ever stop working on something? A hammer has had the same basic shape for centuries now. You don't see new shapes of hammers every year.

Re:

[Known Nutter]

Says the guy who never used a hammer.

https://www.businessinsider.co... [businessinsider.com]

/s

Re:

[serviscope_minor]

Why can't programmers ever stop working on something? A hammer has had the same basic shape for centuries now. You don't see new shapes of hammers every year.

Programmers shouldn't use analogies from engineering.

I've recently purchased a battery powered electro-pneumatic (rotary) hammer. It doesn't look anything like whatever you're thinking of as a hammer, it looks like a drill. Feel free to keep using a drill and a drilling hammer to make holes in concrete, stone and masonry. It's nice to have someone keep

Re:

[subnomine]

Adam Savage's Guide to Workshop Hammers! https://www.youtube.com/watch?... [youtube.com]

Re:

[sonamchauhan]

Faulty logic -- Linux fixes bugs just find without telemetry.

Yes, telemetry makes that easier but it makes a lot of other thing easier too.

Re:No need

[quantaman]

They don't need to collect any data.

No, but knowing the localities their users are in let them know where to focus their localization efforts.

Knowing basic diagnostics like OS and CPU version let them make sure it runs smoothly.

And uploading error reports and crash reports makes it way easier to fix bugs.

And finally, sharing data with legitimate requests from law enforcement is really not an option whether you put it in the privacy policy or not.

Sometimes the Internet freaks out because someone is doing something wrong, and sometimes it freaks out because someone else sees innocent behaviour through a highly distorted lense.

This appears to be a case of the latter.

Re:No need

[Berkyjay]

A simple opt-in for sharing telemetry and other data would be pretty easy.

Re:

[subreality]

A simple opt-in for sharing telemetry and other data would be pretty easy.

It's opt-in. I think people just freaked out that they were adding telemetry at all.

Re:No need

[rtb61]

Do you know why people freaked out because psychopathically greedy tech corporation do exactly this all of the time. First the change the rules and everyone gets pissed off, then they say, see nothing changed in the software is was all our lawyers fault. They after it all changes, they FUCKING CHANGE THE SOFTWARE and put the bloody invasive stuff in, EVERY FUCKING SINGLE TIME.

They change the rules because they fully intend to exploit those rule changes, which is exactly why they fucking changed them. What do they want to data mine, the music itself, publish before you do, the riffs and rhythms. How much is it worth, well over 100 Billion dollars all tied to copyright laws.

Why else buy a FOSS company, either administer systems, custom distribution or mine data. The obvious data to mine, music as it is being created, how much is that worth well over 100 billion per annum, they wont get it all but they could steal hundreds of millions of dollars worth of music.

When creating copyrighted content how much telemetry should be allowed or even written into the software, ZERO. It is like a vault manufacturer demanding access to the vaults it built for the bank, seriously, that bad (as in our vault not yours, you just have a licence to use it, and we can access it at any time).

No corporation should ever be allowed to access the creative content of it's customers, any attempt to gain that should be criminalised, planned theft of copyrighted content, not even written into the software.

Re:

[Anonymous Coward]

Do you know why people freaked out because psychopathically greedy tech corporation do exactly this all of the time.

Well the psychopathically greedy developers are the ones that sold it to the tech corporation in the first place, for a tidy profit, rather than giving it away to the community instead.

Phase 2

[stooo]

>> It's opt-in.
That is phase 1
Phase 2 is opt-out
Phase 3 is no option

Re:No need

[hazem]

And finally, sharing data with legitimate requests from law enforcement is really not an option whether you put it in the privacy policy or not

You can't be compelled to share data you don't collect in the first place. Why are they planning to collect data that might be of interest to law enforcement?

Re:

[F.Ultra]

"Why are they planning to collect data that might be of interest to law enforcement?" - Who says that they are? All they say is that they will share the info that they do have with law enforcement, something that they or any one else have zero say in anyway.

Re:

[isdnip]

MuseScore may have a public address in belgium, but the company isn't using Yandex because they have a thing for matryochka dolls. TheRegister refers to "The Russia-based WSM Group, owner of Audacity".... Which is to say the Russians have a Belgian subsidiary address, but Vlad calls the shots or run a risk of defenestration.

Re:

[dromgodis]

Are you saying that you are not allowed to make a completely offline commercial application in these countries?
That sounds unlikely to me.

Re:

[Joviex]

They don't need to collect any data.

No, but knowing the localities their users are in let them know where to focus their localization efforts.

Man, how does it feel to bend over for your corporate shill friends? They dont need any data about anything "local" to make audio software.

You think everyone living where they live are all FROM there? Even if that were true, its obtuse as hell to think you can generalize software while trying to gather specific information. This is info harvesting users, plain and simple, and you must love them corporate parties.

Re:

[F.Ultra]

"They dont need any data about anything "local" to make audio software. " - they need to see if it's worth keeping the translation for language X up to date or to simply drop it to default English. Why is this so hard for some to understand?

Re:

[Joviex]

"They dont need any data about anything "local" to make audio software. " - they need to see if it's worth keeping the translation for language X up to date or to simply drop it to default English. Why is this so hard for some to understand?

No they dont. Its 20 years of wide use. Stop being an obtuse shill.

Re:

[F.Ultra]

It's 20 years of wild use where this new owner have no idea what so ever where "their" software is being used, so they want to add telemetry to be able to figure out where in the world they have their largest user base so that they know which language/region to prioritize when it comes to change and where they need to put more focus on things like marketing. The only thing that makes this different is that they are open about it.

Re:

[Joviex]

So what are you actually worried about here?

Your inability to reason, but, the planet is full of morons, so.

Re:

[Joviex]

yeah yeah, im sure there's still people shouting about how secure boot will be the end of linux on the desktop too. still waiting for any of you nutjobs' conspiracy theories to actually come to fruition. blah blah corporate shill, blah blah everyones a moron.

Considering you are not even brave enough to use your main account, yes, you are a moron. Try to grow some actual skills.

Re:

[swilver]

Tell me, Mr. Audicity, what good is a collecting data when you are unable to network?

This software has no business phoning home. Since I've blocked off the internet for anything that doesn't specifically have permission I've noticed that even the most innocent looking applications will phone home when given the chance. Ask my permission first, then I will decide if your application should be granted access to this resource.

Re: No need

[EirikFinlay]

As someone else said, give me the option to NOT partecipate in your data collection. Will i have bugs that aren't ever going to be fixed because I'm the only user to ever experience them? That's fine, i can live with the consequences of my choices.

> sharing data with legitimate requests from law enforcement is really not an option

You cannot be forced to share data you don't collect. Again, give me the option to opt out, it is easy to implement and it doesn't force you to comply with any request from law

Re:

[WaffleMonster]

No, but knowing the localities their users are in let them know where to focus their localization efforts.

You can get this from Accept-Language header when people visit your website or... drumroll... you could just ask.

Knowing basic diagnostics like OS and CPU version let them make sure it runs smoothly.

If you want data about peoples systems for any reason you could ask first.

And uploading error reports and crash reports makes it way easier to fix bugs.

You could ask first.

And finally, sharing data with legitimate requests from law enforcement is really not an option whether you put it in the privacy policy or not.

Law enforcement can't ask you for data you don't have in the first place. They can't demand that you lace software products with malware.

Sometimes the Internet freaks out because someone is doing something wrong, and sometimes it freaks out because someone else sees innocent behaviour through a highly distorted lense.

Collecting data from people without asking IS WRONG. There is NO reason you can't simply ASK FIRST.

Re:

[Pentium100]

While sharing data with the government is not optional, collecting that data in the first place is completely optional.

This is not an online service, the program should be entirely offline and not need or use the internet connection. Same with operating systems.

Software development existed before the widespread use of telemetry and somehow the developers figured out what to do and, IMO, made better software.

If the software crashes often, I can create a bug report manually. I have done this for zfs multiple

We're not spying on you, we're just spying on you.

[Anonymous Coward]

Some doublespeak right there.

Re:We're not spying on you, we're just spying on y

[Luckyo]

The whole thing is surreal to read. "It's not implemented yet, it's coming in the next version. And it's not going directly to third parties, instead it's going to get aggregated before it's packaged and sold to third parties".

Best part is that such policies "appear to be reasonable" according to arstechnica. I know that arstechnica went full corporate retard a few years ago, but this is a bit too much even for corporate retard level of reporting.

Re:

[cb88]

I got banned for posting links to actual scientific studies that didn't fit their global megacorp hyper politics agenda... I that I didn't really loose anything there though since they were already so biased it was sickening.

Re:

[demonlapin]

I still read it from time to time, but it's a shell of what it was 20 years ago. And the comments are worthless blobs of political shit (one way or another). Of note, the forums have not been completely eaten by idiots.

Re:

[cb88]

Well basically a mod practically cursed me out.... so yeah whatever I'm done with them I even added them to adblock as I sometimes go there by muscle memory and it's annoying when I can't post.

Re:

[MrL0G1C]

Posting there seems kind of pointless, the stupid site won't give a notification of when your post is replied to, it just tells you that more posts have been made, which is obvious and so redundant. I'm surprised that people bother with the comment system there.

Re:

[correct0r]

arstechnica seem to be required by contract to post monthly out-of-place ICE car reviews, made-up-sexism whines and out-of-date rocket news, but in between that dross are always sprinkled a few interesting items ( that will appear on Slashdot 10 days later ).

Re:

[HiThere]

Since it's promised for the next version, not the current one, there's no way yet to be sure what they'll collect. What's been announced is what they're claiming the right to collect. And that's sufficiently encompassing that one should avoid the product.

Re:

[exomondo]

The reason there's no way to be sure what it will collect is because it doesn't exist. When it does exist you will be able to see what data it attempts to collect and because it is Free Software you can change it if you want to.

I would understand the outrage if this were proprietary software but it's not, it's Free Software so you can fork it, change it, distribute you own version of it, whatever you like. That's the advantage of Free Software: you can see what it does and if it does something you don't lik

Re:

[HiThere]

OK. You can look at the git master to see what is currently being proposed if you care to. Reports from earlier in the thread aren't encouraging. Buy that doesn't prove that it will all be implemented in the release, or that *only* that will be implemented in the release. And that's just for the immediately next version. The subsequent ones aren't even available for criticism.

You can trust them if you choose to, but it may well be time to prefer a fork. The folks in charge of the name don't seem trust

Re:

[exomondo]

Buy that doesn't prove that it will all be implemented in the release, or that *only* that will be implemented in the release.

Right, because it doesn't exist yet.

And that's just for the immediately next version. The subsequent ones aren't even available for criticism.

Of course they aren't available for criticism, they don't exist yet.

You can trust them if you choose to, but it may well be time to prefer a fork.

You don't have to trust them, that's the point of Free Software, you can see all the changes. Certainly you can prefer a fork, that, again is part of the value of Free Software.

It's a desktop audio recorder and editor

[Mononymous]

Audacity doesn't need any privacy policy, because it doesn't need any kind of network accesss. They have no reason to have any user's IP address, let alone other data.

Re:It's a desktop audio recorder and editor

[sleepghost]

Indeed, this software should be checked, any network access implies some spyware code has been inserted.

Re:

[Ostracus]

I suspect Microsoft put the fear of Gates in them so they see the enemy everywhere...even in vaccines.

Re:

[hey00]

Or people just aren't as naive as you. muse is a for profit company with one simple and unique objective: to make money. If muse invested a lot of money in audacity, that's because they plan to make that money back. And most of time, the way money is made back is not user friendly.

muse doesn't have the benefit of the doubt, especially after the move they already pulled or tried to pull. It's on them to prove that the way they plan to monetize Audacity will be user friendly. Until they do, assuming ill inten

Re:

[BitterOak]

Yeah it's not like any updates have ever been delivered over a network. We all know software is exclusively shipped out on CDs.

Seriously is it moron day on Slashdot today?

Updating software and running software are (or at least should be) two very different things!

Re:

[thegarbz]

Updating software and running software are (or at least should be) two very different things!

Ahh yes, you're in favour of the Google approach, of a hidden system service handling the updates rather than the application doing it itself?

Re:

[hey00]

The fact that windows is decades behind when it comes to software distribution, which led to developers implementing update checking on their software, doesn't justify doing the same bullshit on linux.

Re:

[thegarbz]

The fact that windows is decades behind when it comes to software distribution, which led to developers implementing update checking on their software, doesn't justify doing the same bullshit on linux.

Huh? Linux? *Me hits windows button and clicks on Audacity with a confused and bemused look on his face*.

Re: It's a desktop audio recorder and editor

[hey00]

Well, if you use a half assed OS that doesn't provide basic functionality while already shooting on you, I understand why you don't mind a bit more "telemetry".

The rest of us do mind.

Re:

[HiThere]

Personally, I never let programs choose to update themselves. They always run as a user without write permission to the system partition, or any folders within it. I make some exceptions for specific system routines, like "apt" and "synaptic".

OTOH, I do tend to trust the Debian repository, even after that business with systemd...though I have been examining my options. I really dislike systemd, and feel it has definitely degraded my system. (But I can't point to anything definite, so that may just be pr

Re:

[thegarbz]

Personally, I never let programs choose to update themselves.

Still an update check is quite a valuable thing to have regardless of whether you chose to execute that update or not and this notion that "it runs on my computer so has no business looking online" is just silly for most software.

and feel it has definitely degraded my system. (But I can't point to anything definite, so that may just be prejudice.)

I can point to many definite issues with systemd but they are more to the way they handle development in a non-API stable fashion. I've had plenty of problems with it but they are mostly summed up as "a change was made between versions which broke xxxx" or "software yyyy was shippe

Re:

[HiThere]

I checked out Devuan recently, but it was a severe regression from the prior Debian version. I'm not sure just why. I suspect they don't put much effort into the GUI interface...but possibly there have been lots of breaking changes.

FWIW, I can understand that if I administered several machines I might think highly of systemd, but that's far from my use case, as a developer on one machine which a few extra partitions. One reason I gave up on Red Hat was because it wanted to control access to the partition

Re:

[Mononymous]

this notion that "it runs on my computer so has no business looking online" is just silly for most software

Why? You don't explain yourself at all.
Audacity runs locally. It doesn't need any access to any online information. It's not looking up anything for the user.
Many many programs are like that. Why is it silly that I don't want such a program to phone home? In the age of software makers profiting from their users' data, I'd like to be able to trust open source.

Re:

[F.Ultra]

Hey, think of the children! Shit, I meant the Windows users.

It's a bit of a dog's breakfast, actually

[davecb]

Their privacy notice at https://www.audacityteam.org/a... [audacityteam.org] sets out in detail all the things they plan to collect in the next release... and reads like it was written by a failing first-year law-student.

As an example, they say "The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App." In fact, Audacity is used by by middle school science and music classes in Canada, and by interested students of music worldwide. Since there is no way for a minor to opt out of this collection, it explicitly breaches Canadian, European and US laws prohibiting Muse from collecting the information of minors.

Oh, and just in case they don't know, the GDPR sets a general age of consent at 16, not 13. If the minor is younger than 16, Muse must seek permission from their parents or guardians.

I could blather on, but I think you get the gist by now.

My suggestion to them? Seek legal advice

Re:

[Rhipf]

As an example, they say "The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App." In fact, Audacity is used by by middle school science and music classes in Canada, and by interested students of music worldwide. Since there is no way for a minor to opt out of this collection, it explicitly breaches Canadian, European and US laws prohibiting Muse from collecting the information of minors.

There is a very simple way for minors to opt out of the collection of this data and it is stated in the section I quoted.
"The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App."
All the minor has to do to opt out of the data collection is to not use the program. Just because it is currently used in school programs in Canada doesn't mean that it can't become against the EULA to do so when this new update is released.

Re:

[Mononymous]

Yes, it does. Audacity is GPL-licensed. Unless the people writing this "EULA" hold copyright to 100% of the code, they can't take away Freeom 0.

Re:

[tlhIngan]

There is a very simple way for minors to opt out of the collection of this data and it is stated in the section I quoted.
"The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App."
All the minor has to do to opt out of the data collection is to not use the program. Just because it is currently used in school programs in Canada doesn't mean that it can't become against the EULA to do so when this new update is released.

Sorry, but that's a

Re:

[Mononymous]

Yes, in the age of always-on Internet connections, literally any app can be made into spyware. That doesn't make it OK to do.

orly?

[slashmydots]

It's all good guys. It's not spyware because the spyware makers said it's not spyware. I already added it to my firewall rules to block all internet connections because why the hell would an audio editor need the internet anyway? Done.

Re:

[Rockoon]

sigh

youve decided that you can no longer trust their binary, the evidence of which is that you created firewall rules specifically for it...

..but you still intend to run their binary? really?

*cough*

[Orrin Bloquy]

Tell me your lawyers told you to post this without telling me your lawyers told you to post this

Re:

[smchris]

Why do I have "Excellent Karma" from the 90s and I can't score this up?

Re:

[thegarbz]

Why would Slashdot's lawyers care? All they did was post a story from someone else. They aren't located in India and didn't upset a politician.

Damage

[hebertrich]

Much damage has been done by running a story without collecting all the facts and throwing a flamebait/clickbait title like what was done on this site.
Really , i did say so earlier , there's no way past or present releases can be characterised " spyware "

I hope Slashdot moderates and checks facts before damaging further Audacity and this great audio tool needlessly.

Damage is done.

Re:

[franzrogar]

Your reading skills are quite poor, franly.

The ONLY "fact" that wasn't recollected is this: "ALL THIS PRIVACY ISSUES will be ON the next release 3.0.3".

So, sorry if you deem better to let users be eaten alive and then scream wolf.

Re:

[thegarbz]

Don't be dumb, there are no privacy issues about something entirely opt-in. Be less moron and more clever person.

Re:

[franzrogar]

Don't YOU be dumb, there ARE privacy issues that will SHOVE DOWN YOUR THROAT SOONER OR LATER.

I can point you thousands of companies that have done that before and NONE that hasn't.

Last example is from Facebook (condemned for illegally selling private information of its users) who first, tried to shovel down the throat of EU WhatsApp users their new rules. Because of the outcry, they said "they would allow users to op-in" BUT, if you wanted to keep using the tool to contact any company, YOU HAD TO ACCEPT THO

Re:

[fermion]

What concerns me and why dont think this is flamebait is the explicit statement that they will comply with all law enforcement requests. Compare this to Ring now require a legally binding request, instead of just freely making all videos available. Consider this in light that in the US any bus company can for a police. Once they do that, a yahoo that owns two vehicles can just wander into the audacity office and request all your data, with no probable cause or warrant.

Re:

[Ostracus]

Well it's open source so any entity under the thumb of a totalitarian government can be easily relocated.

Re:

[thegarbz]

I hope Slashdot moderates and checks facts before damaging further Audacity and this great audio tool needlessly.

One of the good things about Slashdot is that the discourse in the comment sections generally quickly set the record straight, as happened with the story yesterday. The bigger problem is "media" which claims to be speaking somewhat authoritatively and yet has no comments or discourse on their articles.

Re:

[Cafe Alpha]

The previous story was wrong in that the program hadn't been turned into spyware (though that might be only because the battle had already been fought over telemetry) but that there was a new, insultingly broad corporate privacy policy full of unnecessary insulting clauses (like that the purpose of storing your IP address is to give it to courts) and unacceptable GPL breaking license limitations.

And since the company refuses to get rid of the latter, preferring legal mumbo-jumbo the project looks like it's

Re:

[thegarbz]

The previous story was wrong

Something which was immediately obvious to anyone with a 1080p monitor who would see the incorrect story and the first modded up comment pointing out how wrong it was.

That's my point. Yes the story was wrong, but the page including comments set the record straight.

Re:

[Cafe Alpha]

The damage was done by Muse and they're not even addressing one of the main issues, use by children.

I think the result is that people are moving to a fork.

Re:

[KiloByte]

Really , i did say so earlier , there's no way past or present releases can be characterised " spyware "

Technically true, but only because 3.03 hasn't been released yet. But git master is spyware, and it doesn't appear like Muse Evilcorp is going to remove it.

Oh of course not.

[Gravis Zero]

It's not spyware, it's just software that happens to spy on you. See, totally different. Glad we got that cleared up. -_-

This is not what it looks like at Github at all

[Cafe Alpha]

There hasn't been a single word from the company about taking out the children can't use it clause and their contributors or defenders dance around legal interpretations of the GPL instead of admitting violation. Nor dealing with the fact that if they really thought merely the updater was a problem for children to use in just a few countries, they could have warned about using the updater in those countries - or made the updater a separate project.

They have satisfied NO ONE on this issue and it looks like an angry mob is just giving up and moving to another fork - partially because this isn't the first thing that alarmed people and the fork was there before this issue even existed.

Look, it's even gotten a new name, Tenacity.

https://github.com/tenacitytea... [github.com]

Re:

[Waccoon]

This is the irony of telemetry. They need the data to improve their product and better serve the community. However, they never seem to talk to their communities about how telemetry should be implemented, because everyone has an unreasonable sense of entitlement and basic communication is totally worthless!

Re:

[stinkbomb]

Uh, Tenacity is a fork of Audacity designed to address the exact issues that everyone's complaining about.

So, did Muse Group just threaten to sue?

[Maelwryth]

Because the reporting was pretty over the top.

That being said, the ability of a company to come and essentially take over an open source project is fairly disturbing. Just the name alone is worth a lot and any fork will have an uphill battle to gain that name recognition.

As for Muse Groups intentions, they seem pretty suspect to me. A suspicion that is not helped by BeauHD comparing it to the IP address collection of a web server because a server needs the IP to serve the page, Audacity does not. Or by

Re:

[Cafe Alpha]

I don't feel like they ever made the PROGRAM do anything wrong, but they've got this attitude like "our corporate law team is always right, shut up!"

And it's kind of offensive that they have a law team to go after dumb things like people using their name and serving a copy of their software. Oh and they slander people who do that as spreading malware. They even lie about it. They called one site a malware site, but someone downloaded a copy and did a byte by byte compare and the software is unchanged.

And

Re:

[HiThere]

It's currently said that their release version hasn't done anything wrong yet. But that the git master already has the spyware embedded in it. So, it's not spyware *yet* as long as you use the release version.

This is based on information from prior posts by various people, but it sounds plausible to me. I sure wouldn't trust them.

Slashdot. Shitter than you can imagine.

[correct0r]

This software is spywar ! Errm spiwar, erm spiware ! Erm, no it's not yet spiware ! Allthough it's T&C's mean it culd be. But it's not. Plis dunt su us. Signed, The shittest editors in the world.

"the data you really need"

[Cley Faye]

Sure, collect the data you really need.
For an offline audio editor? That's nothing. Boom, problem solved.

It's opt-in

[peppepz]

The data collection is opt-in, and they dropped the use of third-party Google and Yandex cookies, so in my opinion the behaviour of Audacity is OK now. They really seem to be in good faith.

However, I have some issues with Ars Technica "nothing to see here, move along" article. It feels like gaslighting to me. I'm talking in general, let's leave aside the fact that we were talking about Audacity who, I'll say it again, are in good faith.

If an open source application collects:
(1) the real-life location of

Companies collect & trade our data

[VeryFluffyBunny]

It doesn't matter if our data isn't going directly to big tech giants. Muse can still secretly sell the data it collects on to 3rd parties without declaring so to anyone. That they're concerned about not contravening child data protection laws (COPPA) is also telling.

Paid for correction?

[devslash0]

Does anyone else also think that this whole article appears to be just a poor, double-speak-loaded attempt at manipulating the public opinion? "Oh, no no no. You did not understand us at all. This is what you should think...". I wouldn't be surprised if someone paid Slashdot to "correct" the state of affairs.

Just as someone said in another comment, Audacity should have no need to connect to the Internet at all. Let alone collect any data.

Re:

[Cafe Alpha]

Yes.jpg

Maybe this is all a precursor to the owner turning the Windows version commercial or closed source (making a tiny bit of money off metadata).

Face it, people would still use his version even if everyone in the open sourced community stopped.

Yes, it's spyware, just like everything else

[Waccoon]

If it collects date, then it's spyware. Full stop. The only question is what data is being collected, and for what purpose.

"data necessary for law enforcement, litigation and authorities' requests (if any)"

Yeah... fuck off.

This is an effort to avoid the added complexity and expense of dealing with laws regulating collection of personal data from children.

IF user.age < 13 THEN cfg.telemetryenabled = FALSE

See? Even BASIC code monkeys can figure out a solution!

Re:

[flirek]

i cannot see reason why GPL-ed sound editing desktop application must know 'user.age' in any way/shape/form in first place ?!?

Re:

[Striek]

And just how do they know user.age if they collect no data?

self-host it? make it private?

[fustakrakich]

A quick subpoena will take care of that..

If they're even thinking about it, they're gonna do it. Best to just move to the forks if they do and forget about them

Telemetry?

[PickleNickle]

The number one problem with telemetry: once the cat is out of the bag, there is no retrieving the data regardless of who holds the data. There are other proven ways to help with bug fixes, shortcomings, etc. ('bugzilla' and 'github reporting' come to mind) Adding telemetry to Audacity - if you owned the rights to audacity, would you add telemetry if it suited your needs? Would you make telemetry an opt-in or opt-out option? One should put one's self in the shoes of the people who make these sort of decisio

ArsTechnica

[LenKagetsu]

I would sooner get my tech news from the fucking Onion.

Re:

[Cafe Alpha]

Due to GPL and the fact that the MUSE group added a license requirement that contributions be available for a non-free project, the fork of Audacity can use all of the additions that Audacity gets, but Audacity can't use any of the code that the fork gets.

So the fork will eventually have more than the original, though it might not always get them as quickly.