Audacity

[auxien]

https://github.com/audacity/audacity/discussions/1225

Quote

We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying. In the meantime, we would like to clarify what seem to be the major points of concern:

Selling Data & Sharing - We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.

Data Collection - Data we collect is very limited.

IP address - which is pseudonymised and irretrievable after 24 hours.

Basic System Info - OS version and CPU type.

Error Report Data (Optional) - Sent manually by users as part of an Error Report.

Additional Data - We do not collect any additional data beyond the points listed above for any purpose.

and

Quote

We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.

In the meantime, the Privacy Policy doesn't actually come into force until the next release of Audacity (3.0.3). The current version (3.0.2) does not support data collection any data of any kind and has no networking features enabled.

 

[dcom]

Nevertheless, I think any data collecting by an audio editor is too much, especially when the program is FOSS. They will monetize the data eventually, and even if only starts from the next version, it's FUBAR. I'll switch to a non-stalking fork, thank you very much.

Edited July 5, 2021 by dcom

[oscillik]

13 minutes ago, dcom said:

Nevertheless, I think any data collecting by an audio editor is too much, especially when the program is FOSS. They will monetize the data eventually, and even if only starts from the next version, it's FUBAR. I'll switch to a non-stalking fork, thank you very much.

Whilst I agree that it's a shit situation to put users in, you can always stop the application from having internet access with the built-in firewall in your operating system.

Last I knew, there wasn't any legitimate reason for Audacity to connect to anything online, so just block all incoming and outgoing traffic for the application.

The writing was on the wall the moment that the project was taken over by Muse, 

[dcom]

14 minutes ago, oscillik said:

The writing was on the wall the moment that the project was taken over by Muse, 

I haven't been following the project that closely, so this dawned on me at the point I read about it a few days ago. Yeah, I can block the connections with a firewall, but I'd rather not do that at all and use software that doesn't collect any data that's not essential to their functionality - and let's not start a discussion about everything that stalks us, I've worked as a software engineer with leanings towards information security for 25+ years so I'm rather acutely aware of it - I've stalked a lot of stalkers via proxies only to discover that they collect way more and/or sensitive/detailed data than they claim, so I have a lot of trust issues about that.

Edited July 5, 2021 by dcom

[oscillik]

4 minutes ago, dcom said:

I haven't been following the project that closely, so this dawned on me at the point I read about it a few days ago. Yeah, I can block the connections with a firewall, but I'd rather not do that at all and use software that doesn't collect any data that's not essential to their functionality - and let's not start a discussion about everything that stalks us, I've worked as a software engineer with leanings towards information security for 25+ years so I'm rather acutely aware of it - I've stalked a lot of stalkers via proxies only to discover that they collect way more and/or sensitive/detailed data than they claim, so I have a lot of trust issues about that.

Oh, I agree — this shit shouldn't be happening. I also just found out that apparently under 13s are disallowed from using the software too, which is in relation to the data collection (due to GDPR) so it's pretty clear that Muse are intending to do questionable things with whatever data it hoovers up.

At the end of the day, if you absolutely positively got to use Audacity in every project then you will block it in your firewall and carry on as usual. If you're not okay with it, you'll jump ship.

[thawkins]

Using a firewall to block this already assumes that you know enough background to suspect this kind of thing from a no frills audio editor. I don't know how many non-technical people even vaguely think about this at all. In fact I don't know if there is an easy way to do this on all OSes.

Probably the tracking itself is fairly benign and lets be honest, the data is super worthless too - it only has value because the companies hoovering up have magicked some AI and stuff to make it seem valuable somehow. Well, for now at least. I guess it will get more and more invasive silently over time.

IMO what really matters is that in the end Audacity devs have decided to break the trust of their users and push through these changes in the face of huge pushback. I mean if I already suspect foul play in the application, then the only way I could use it is to get the binaries from a trustworthy source, which in this case means that someone will fork Audacity and strip the tracking crap (I hope).

[sheatheman]

What’s the best basic/paid audio editor? AudioShare on iOS is great.

 

[exitonly]

might be overkill but Logic has a nice destructive audio editor built in. 

[oscillik]

Forks have begun

[Petajaja]

Isn't Microsoft / Apple collecting our data all the time anyway?

Liking the look of this new update, I find Audacity really useful for a select few things (especially sample editing)

[oscillik]

Apparently it's all a big load of old bollocks anyway

[thawkins]

1 hour ago, oscillik said:

Apparently it's all a big load of old bollocks anyway

I would say both yes and no. Sure, it's not doing anything bad right now and everyone who is raising alarm are easily painted to be like overreacting.

That said, industry direction IMO is quite clear - for free products, often times the only way to monetization is some kind of data collection. Why would a large company invest in developing a tool that is given away for free? An answer could be that they want to gain access to the userbase in order to sell some paid products to them. Analytics is one way to do that, or at least a step in that direction.

Big company takes over development of free open source tool and wants to add analytics almost immediately. Well that step is not inspiring trust in anyone.

Also worth mentioning is a thought from security minded folks: if the main point of the application is not about communication and sending data back to a server, then that functionality (i.e. telemetry, analytics) has no place in that software.

If they want statistics on what operating systems are using it - they can keep tabs on who downloads their stuff from the website and I am sure Linux repositories can give some insight too.

[cern]

Audacity team is like:

"Well we did not hear any criticism about this nice Spyware at all (Before we sneaked it into the license agreement) so we will not remove it, peace!" 

 

[TubularCorporation]

15 hours ago, Petajaja said:

Isn't Microsoft / Apple collecting our data all the time anyway?

Liking the look of this new update, I find Audacity really useful for a select few things (especially sample editing)

https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/

 

That  was 20 years ago.  Just assume that nothing you've done in the past decade is private.

 

EDIT: that's not even the same AT&T/NSA thing I was thinking of, I just assumed it was talking abotu the itme back itn 2002 or 3 when a whistleblower revealed that the NSA was cloning literally all of the traffic going through one of the main hubs in San Francisco (so something like 30% of all US internet traffic). 

Edited July 10, 2021 by TubularCorporation

[thawkins]

Yeah and on top of this dragnet ISP level surveillance, there was a case recently with the Facebook SDK that mobile developers use for some features and integration with Facebook platform, possibly so that your users can log in with their FB account instead of having to maintain your own user database which is a load of work and a security risk.

What happened/happens is that the Facebook SDK - their code - keeps its own analytics/tracking which phones home whether or not your app itself does any sort of analytics. I only learned about this because a bunch of smartphone apps were full on broken due to some error in Facebook code and it was not phoning home to correct servers or something.

So now it's not really about the developer of Audacity, but also the developer of whatever tracking libraries they use, and whether that bunch can be trusted not to silently turn on some "advanced features".

In the end it all comes down to trust. Even though it is really nice for software developers to have automatic feedback on how their stuff is used and how it breaks, the track record with regard to privacy and not selling the data is a pretty solid turd.

[TubularCorporation]

Of course there's also stuff like this, too

 

https://www.datacenterdynamics.com/en/news/years-later-bloomberg-doubles-down-disputed-supermicro-supply-chain-hack-story/

[Rubin Farr]

3 minutes ago, TubularCorporation said:

Of course there's also stuff like this, too

 

https://www.datacenterdynamics.com/en/news/years-later-bloomberg-doubles-down-disputed-supermicro-supply-chain-hack-story/

https://www.techdirt.com/articles/20190702/15140742515/chinese-border-agents-now-installing-malware-foreigners-cellphones.shtml

[thawkins]

4 hours ago, Rubin Farr said:

https://www.techdirt.com/articles/20190702/15140742515/chinese-border-agents-now-installing-malware-foreigners-cellphones.shtml

Just to balance things out, now you have to submit social media usernames to US border patrol to be cleared for entry, right?

Luckily there are definitely no law enforcement backdoors on those platforms, so it's all cool.

[TubularCorporation]

On 7/11/2021 at 4:51 PM, thawkins said:

Just to balance things out, now you have to submit social media usernames to US border patrol to be cleared for entry, right?

Luckily there are definitely no law enforcement backdoors on those platforms, so it's all cool.

Yeah, I was going to say in the US we also install malware on Android phones to spy on users, it's called Android.

Edited July 13, 2021 by TubularCorporation

[Rubin Farr]

https://github.com/audacity/audacity/discussions/1353