Open Source Audio Editor Audacity Has Become 'Spyware' (pcmag.com) 91
Anyone deciding to download the free and open-source audio editor Audacity is being warned that the software may now be classified as spyware due to recent updates to its privacy policy. From a report: Audacity has been around for over 21 years and classes as the world's most popular audio editing software. On April 30, the Muse Group acquired Audacity with the promise that the software would "remain forever free and open source." However, as FOSS Post reports, last week the Audacity privacy policy page was updated and introduced a number of personal data collection clauses. The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)." The personal data collected can be shared with Muse Group employees, auditors, advisors, legal representatives and "similar agents," potential company buyers, and "any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights."
It's open source (Score:5, Insightful)
So you mean it's time for a fork?
Re: (Score:2)
So you mean it's time for a fork?
That's what I'm thinking. Fork it and remove the reporting code. My guess is once it became corporate lawyers decided to CYA so the new agreement clauses.
Re: (Score:2)
I was about to ask where the repository of the fork is. There are probably 3 already.
Re:It's open source (Score:5, Informative)
Sounds like it.
Someone already did a fork, but they haven't renamed it yet:
https://github.com/cookiengine... [github.com]
Re: (Score:3)
Sounds like it.
Someone already did a fork, but they haven't renamed it yet:
https://github.com/cookiengine... [github.com]
And that'll be a problem, because, face it, Open Source projects suck at branding. It'll probably be something like LibreIceWeaselStallmanEditor or something. "Audacity" was punchy, to the point, and both summed up the power and functionality of the app.
Re: (Score:2)
I really liked the name "IceWeasel" for a browser. Always made me laugh, and I think it's quite catchy.
As far as the Audacity fork is concerned, "Soundness" would be a good name for it.
Re: (Score:2)
Soundly?
Re: (Score:2)
Maybe rename it from Audacity to Decency.
Well, not clever. So something like that, but clever :)
Re: (Score:3)
russia bought it, it seems.
so, not fork, but spoon. better for borscht.
(did not know its now russian owned. whatever the previous version was, that will be the last to be installed. its audio sw, probably not many updates needed really)
Re:It's open source (Score:5, Interesting)
Shouldn't be hard, this software reached maturity a decade ago. It does exactly what it needs to do (basically the digital version of a Tascam cassette multitrack) and there's not much else to add.
The only place it could go from here is to a full-fledged DAW that lets you compose with virtual instruments and such. Unless they were planning on pouring millions into development, that's not where they were going with this. This smells more like "cash extraction" to me.
I look forward to the fork.
Re: (Score:1)
Re: (Score:3)
Just run an old 2.x version. Not like it magically stops working.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Except for the pain of managing such a blacklist, and for what? So open-source can play the victim card...again.
One crucial feature missing. (Score:1)
Real time effects.
All other DAWs do this....except Audacity. You have to process your effect before you can hear the result. An absolute non-starter for getting lots of mixing done.
Re: (Score:2)
It's not a DAW, at least not yet. It's an audio editor that happens to have some DAW-like features grafted on. I have used it in a pinch in the absence of one, such as when I had to mix audio in an office setting and they (reasonably) didn't want a DAW and a bunch of DRMed plugins on their machine, but Audacity was sufficiently transparent and unencumbered for them. It was doable, but it was neither my best nor my most efficient work, and it wouldn't have taken much more complexity to make the whole thing n
More than one crucial feature missing ... (Score:3)
It needs to seamlessly integrate VST effects and VSTi virtual instruments, as every freakin' DAW in the world does. And it needs to provide and sync to MIDI clocks and control channels - and to allow you to record and edit MIDI tracks.
As does every freakin' DAW in the world.
I gave up on it years ago, because it lacked - and continues to lack - ALL those things. After considering (and immediately rejecting) rentware applications from various vendors, I settled on Cockos' Reaper [reaper.fm]. And I've never looked back ..
Re: (Score:2)
Do you use Reaper for audio editing chores? I've been a Reaper user (and supporter) for a long time, but I've always kept a copy of Audacity for all the editing.
Should I look more closely at Reaper for audio editing capabilities now? I don't want to have to br
Re: More than one crucial feature missing ... (Score:2)
No, it doesn't. It's an old school destructive audio editor, not a DAW.
It is dissimilar to a DAW in the way a razor is dissimilar to a steak knife. "They both cut stuff" is not enough to make them similar.
Destructive editors are the right tools for some jobs, but people's lust for DAWs seems to have driven most of the good ones out of the market. Audacity (minus the spyware) will do, and big props for FOSS and Linux support, but really, SoundEdit16 was easier and more productive for most of my use cases dec
Re: (Score:2)
That's why it isn't a DAW, it's a digital sound recorder. Analagous to a tape recorder - which is what I said. Tape recorder plus mixing console, really, because it does slightly more than straight recording.
Would you expect a tape machine to come with a built-in piano?
Re: One crucial feature missing. (Score:5, Informative)
Re: It's open source (Score:1)
You mean Ardour?
That's free and open source too, by the way. with a quite good business model.
Re: (Score:3)
I use Ardour when I need a full-fledged DAW, but there's a lot to be said for a quick tool like Audacity when I need to do something simple and quick.
Re: (Score:2)
Taking in to account, modern developments and the entire music industry, that data mining, smells of planned theft of music. Telemetry from your machine sounds good, record and publish it before you do. It really does sound like they bought it to steal original music and publish it before you can. It's music editing software, that is what you get from it, that is the telemetry it delivers and what you can data mine off that, only one thing, original music creations.
Pretty typical of modern tech companies,
Re:It's open source (Score:4, Informative)
FWIW here are some useful links to the last non-spyware versions: https://blog.fosshub.com/audac... [fosshub.com]
And call the fork Chutzpah. (Score:2)
Chutzpah [wikipedia.org] now has the connotation of brash and audacious, but originally carried the connotation that someone has overstepped the bounds of society. Seems like an appropriate rebuke to the new owners.
Re: (Score:2)
I'm sure forks are coming, but they seem unwarranted.
Whoever used the "Spyware" label to describe Audacity should go to jail. JMHO. It seems like a malicious mischaracterization of the software's use of the senttry.io API to send crash reports.
Re: (Score:1)
Yeah ... (Score:2)
So you mean it's time for a fork?
Yeah. Fork 'em.
Re: It's open source (Score:1)
YES!
Re: (Score:2)
No. The opt-in telemetry idea has been dropped (according to their git discussion).
Fixed in Linux (Score:5, Informative)
Ardour did something somewhat similar. In Gentoo Linux, you just:
USE="-phonehome" emerge media-sound/ardour
And it's fixed. You can turn off all the telemetry stuff for KDE and Gnome the same way. I think it's off by default. I'm guessing Audacity will get the same treatment.
Someone had to say it (Score:2)
Audacious move. Good luck with that.
Re: Someone had to say it (Score:2)
Re: (Score:3)
Audacious [audacious-...player.org] is not affected by this in any way, stop trying to confuse me!
Not baked in yet (Score:4, Insightful)
This concern is overblown. For one thing, these terms are proposed, not part of the current version (3.02). For another thing, the info proposed to be collected is no more than the average website, including Slashdot, collects.
If you're really worried about this, just download the current version now. It's really an excellent program for basic audio recording and editing, with plenty of features for all but the most advanced of users.
Re: (Score:3)
At first blush I thought the same thing. Unless you're browsing with a VPN or other protection this is pretty basic stuff to be collecting. The information on error/crash reports is pretty common too.
What I thought was a orange/red flag was this:
Data necessary for law enforcement, litigation and authorities' requests (if any).
No idea what that is supposed to mean.
I did get a chuckle out of this part though
any competent law enforcement body, regulatory, government agency, court or other third party...
How are they supposed to tell?
Re:Not baked in yet (Score:4, Funny)
any competent law enforcement body, regulatory, government agency, court or other third party...
How are they supposed to tell?
They don't have to, because no such thing exists.
Re: Not baked in yet (Score:1)
Depends on what you expect them to be cmpetent at.
They're certainly skilled professionals at having power over you and making sure they and their buddies are well-off.
Funnily enough, getting you to assume they are just incompetent (at serving you [lol, are you serious?]) is one of the pillars of that skill.
Re:Not baked in yet (Score:5, Insightful)
Probably RIAA.
If you try to incorporate or edit some copyrighted music, Audacity can send your info with the offending clips to the authorities.
Re: (Score:2)
Data necessary for law enforcement, litigation and authorities' requests (if any).
No idea what that is supposed to mean.
it means that if you use copyrighted sounds and samples they will not hide that fact from any authority that wants to know, so use at your own risk. yeah the risk is pretty low, but they are covering their butts just in case.
any competent law enforcement body, regulatory, government agency, court or other third party...
How are they supposed to tell?
competent:
(of a court or other body) accepted as having legal authority to deal with a particular matter.
Re: (Score:2)
competent: (of a court or other body) accepted as having legal authority to deal with a particular matter.
TIL...
Re: (Score:2)
How are they supposed to tell?
If you get a judge to sign a piece of paper you've competently done your job as law enforcement. If you come up saying pretty please then time to go back to law enforcement school.
Re: (Score:2)
I agree it's a bit open ended. My guess is some lawyer said "what if the authorities want this data, we should put it in the agreement", not meaning for it to give open slather to collect data, but to make plain in the agreement that a legal request for data could sent it to the authorities. Hopefully they'll wake up and tone this bit down.
Re: Not baked in yet (Score:2)
But this is valid for any software located in the US, EU, UK, and many other countries. If the party is in that legal jurisdiction due to organization registration, or physical location of data retention or admins of such, or even copyright protection.... they are obligated to follow any court ruling within.
Most companies don't say this outright because it's fairly obvious and assumed.
Re: (Score:2)
Except that was incorrect too. That article had an Agenda with a capital A.
The data they were going to be collecting was:
1) opt-in
2) basic telemetry
3) only through pre-compiled versions (if you downloaded source and compiled yourself, it wouldn't be in unless you used specific compiler options)
Here's the listing [github.com] of what they were planning to obtain.
And here's [github.com] them saying "You know what, people are fucking crazy, let's put this hot potato down for now."
Storm in a teacup, and everyone cites this one "news" pa
Re: (Score:2)
I did get a chuckle out of this part though
any competent law enforcement body, regulatory, government agency, court or other third party...
How are they supposed to tell?
In this context "competent" is a synonym for "having the legal authority". Whether the competent authority can actually wield it's authority with competence, well, that's another question.
Re:Not baked in yet (Score:4, Informative)
Whitney Merrill has been attempting to address this on Twitter, sadly it seems to be a thankless job.
https://twitter.com/wbm312/sta... [twitter.com]
For those who are not aware, she is someone who has been working in the interest of privacy for quite some time.
Re: Not baked in yet (Score:1)
Re: (Score:2)
None of the information they're collecting seems to be personally identifiable information, nor would the use of a particular feature of audacity be particularly revealing of your predilections. To me what they disclose seems generally benign, the only pieces that would really need clarification as a non-user are whether error messages contain filenames/identifiers, and whether the dumps contain user content from files.
Generally most projects would find it useful to understand how people are using the produ
Re: (Score:2)
It's better to do the fork now, when the fork is small. Any moves like these are a sign of bad faith by the new owners of the name, and it's important that it remains that - just a name.
Re: (Score:2)
There's no problem w/ what they're collecting NOW. (Score:2)
The problem is that the privacy policy that you will have to agree is written as if they're taking real information, which they're not.
And because of that it doesn't allow children to use the program, which is dumb and against the GPL.
So it isn't that the program is spyware, it's that it has a spyware privacy policy.
They need to delete that policy.
Imagine if they start taking enough data to make that policy necessary in the future.
It still is open source (Score:2)
the promise that the software would "remain forever free and open source." However...
"Forever" is a long time but they didn't break their promise (yet?).
The source code is available here https://github.com/audacity/au... [github.com]
It is still being maintained
Don't like the spyware or anything Muse Group does with it, fork it. It is GPL, and for the current version of Audacity, it will not change until it becomes public domain (that means never)
Re: (Score:2)
"Unfortunately, some platforms have policies or technical processes that make it difficult or impossible for Audacity to exist on them while it is licensed solely under the GPL (v2 or v3). Apple's App Store on iOS and macOS is one example of this, which is the reason that VLC Media Player w
Re: (Score:3)
What are we going to call the new fork? (Score:2)
Re: What are we going to call the new fork? (Score:2)
* Temerity
* Daring
* Audacious
* Courage
* Fearlessness
Re: (Score:2)
Audacious is already taken. [audacious-...player.org] But considering the balls of brass on exhibit here, maybe Chutzpah would be a good name for a fork.
Re: (Score:2)
Veracity or Vericity, like VSCodium. (Score:2)
Re: (Score:2)
I already made a post with a name suggestion, but here it is again: Soundness
If that name doesn't instil confidence in the fork, nothing will.
Re: (Score:2)
LibreAudio? LibreSound? Erm... someone here's gotta have better ideas than me!
You could start with "Audacity" because what they are doing here is completely irrelevant. But good work fueling the outrage media.
It's that part about "law enforcement" (Score:1)
Re: (Score:3)
Yes.
No it fucking hasn't (Score:5, Informative)
Re: (Score:1)
Re: (Score:2)
It's kind of a mean-spirited post, but the underlying argument seems solid. Collecting even the most basic of telemetry data means you need a legally-compliant privacy policy, and that's exactly what has (or rather, will be) happening.
Their policy is totally out of control (Score:2)
The policy says that children under the age of 13 can't be allowed to use their software while it's online - yet the software doesn't CURRENTLY transmit any data that could get them in trouble with child privacy laws. Also this is incompatible with the GPL.
The policy says that they will comply with any court orders to turn your data over to law enforcement - yet the software doesn't CURRENTLY transmit any data to turn over - less than the average web page.
The arguments they give for why this is necessary a
Re: (Score:2)
Currently they don't collect any kind of telemetry. That is going to change. And I don't begrudge them for it given how useful even the most basic information is.
Past that, everything else is establishing a privacy policy for how to handle that information. Saying they'll comply with court orders is hardly scandalous. Otherwise the 13 year old thing is a bit more unusual since the COPPA only applies to personally identifiable info. But dealing with the COPPA in general is a giant pain in the butt, so I don'
Re: (Score:2)
This is what it comes down to among nerds - assume everyone says what they mean and mean what they say. So if they don't outright say "we're going to do evil things/incite insurrections", then assume there is no problem. If you're a fauxtistic nerd who has trouble understanding how human communication works, all the implicit things said or not said, maybe leave it to those of us who do.
Does Audacity
Re: (Score:2)
Further info at these two git discussions:
What they were planning to obtain. [github.com] (purely as opt-in and only with specific compiled options set)
And here is them deciding to drop this hot potato because one "news" site wanted a bunch more clicks this week. [github.com]
I wonder ... (Score:2)
Data necessary for law enforcement, litigation and authorities' requests (if any).
Pressure from the copyright crowd, perhaps? But doesn't LE and their masters understand the meaning of 'open source'? And realize that they will have to chase forks of this app around the 'Net until the end of time?
And what happens if a user (of Audacity or a forked product) doesn't provide the application with a network connection? AFAIK, Audacity (previous versions) didn't need this. So even if I'm playing nice with copyrights, I'm going to be pissed if this th
Re: (Score:2)
Yeah, this is one of two unnecessary and unacceptable things in the privacy policy.
They have no need for a privacy policy with what they're doing NOW, but if they get people accept the policy then they have permission to take any data from you later.
Re: (Score:2)
That would be to cover their arse because governments (like the US government) can demand data with things like the "National Security Letter" that requires them to hand over any data they hold. As for what that data would be:
What they were planning to obtain. [github.com] (purely as opt-in and only with specific compiled options set)
And here is them deciding to drop this hot potato because one "news" site wanted a bunch more clicks this week. [github.com]
The AUDACITY of it! (Score:1)
Not to make too light of this, but seriously, perhaps the name breeds the behaviour :-)
It's not spyware, it's an overzealous privacy (Score:2)
document.
I've been arguing over on Github and I finally came to the conclusion that the problem is entirely that they have an inappropriate privacy document.
They're not doing anything wrong (other than the fact that the privacy document restricts the use which is against GPL).
They're paranoid that if they even keep your IP address for a while, then they could get in trouble for violating the privacy of children (they can't). So they said that children aren't allowed to use the program while they're online.
The only part they need to fork is the privacy doc (Score:2)
Currently, AFAIK, the program isn't spyware, it just has a privacy document that you have to agree to that was either written by a paranoid lawyer or by a company planning on tracking more information in the future.
So they can fork the program, leave it entirely the same and just change the privacy document.
The Audacity Team will love that!
Re: (Score:2)
No need to fork it. Heck, no need to even compile from source. They have dropped their idea of gathering basic telemetry data. There really wasn't much they would be gathering, but were being honest about the law enforcement bit because yes, the US gov (or any other) could issue them a National Security Letter to give up all their telemetry data at any point in time—they were just being honest about it.
What they were planning to obtain. [github.com] (purely as opt-in and only with specific compiled options set)
And [github.com]
Re: (Score:2)
They got rid of the telemetry BEFORE adding this "privacy policy," so that's a separate issue.
They're ?gaslighting? that it's still necessary.
Latest I heard is that they're going to take out the "giving your information to the authorities" part but maybe not the "minors can't use this program."
It still seems like they're trying to get everyone to agree to an agreement that would let them turn it into any kind of spyware they want, even if they're doing nothing like that yet.
And because this isn't the first
Re: (Score:2)
Meanwhile a rational person then wonders what this not-needed privacy document is all about.
Fork them!!! (Score:1)
Re: (Score:2)
Yeah! Definitely take this one news site at face value! It's not like you need to bother clicking any deeper to find out the actual story! Hell, who even needs to RTFA?!
Re: (Score:2)
There's already a popular fork (Score:2)
https://github.com/temporary-a... [github.com]
While I think the title of this is a bit clickbait - the program is not spyware, it just has a new license AS IF it were spyware, this is the third time this new owner has alarmed and harmed the user base. Fourth if you count buying the project as if it were an asset.
So there's already a fork going strong.