Audacity Developers Apologize, Revise Controversial Privacy Policy
security offer from FOSS Post

20 days ago, FOSS Post was one of the first media outlets to publish about the new privacy policy for Audacity; a popular open source audio editor. In the old privacy policy, broad and unlimited legal contexts were introduced for data-collection, which unleashed a huge backlash from the community.

Later on, angry users and developers went to create different forks for Audacity. The most famous one right now is Tenacity, which aims to be a privacy-focused alternative to Audacity.

However, Audacity developers, just today, revised their privacy policy and removed the troublesome parts from it.

Although a bit late (Like, very late) to the party, the developers say that they are “deeply sorry for the significant lapse in communication caused by the original privacy policy document“.

The summarized changes they did to the document are as follows:

Phrasing has been adjusted to remove ambiguity or aid in transparency, in particular that we do not collect any additional information for law enforcement or any other purpose

We have explained the purpose of the two networking features, error reporting and update checking

We have removed the provision that discourages children under 13 years old from using Audacity

We have taken steps to ensure that we never store a full IP address (we now truncate it before hashing or discard it entirely) and have reflected this change in the privacy policy document

We have made some changes to how we process error reports to ensure that we never store any potentially identifiable information

In addition, the developers clarified that Audacity 3.0.2 and earlier versions do not have any network capabilities (Not even checking for updates). However, Audacity 3.0.3 will by default send your IP address, operating system name and Audacity version to the company’s servers so that they can determine how many users they have in each country and on each platform (Which is, they say, very helpful for development efforts). Your IP address is never stored in a complete form on their servers – they say – and will be instantly anonymized so that no one can identify you.

Other than that, bug and error-reporting capabilities are disabled by default, and it is up to the user whether to enable them or not.

As mentioned in the summary, the 13-years old restriction was removed from the privacy policy, and hence, Audacity can be used now by kids under that age as well (Think of schools teaching their students free software). This removes the past contradiction with the GPL license, which prevents usage restriction based on users demographics of any type.

Finally, the older part in the privacy policy regarding data collection according to the requests of law regulators in Russia, USA or EEA was removed. No personal data other than what’s already mentioned above can be shared with any law enforcement agencies.

Will This Remove the Need for a Fork?

Absolutely No.

This is the 3rd controversy that MuseGroup – the company which bought Audacity – caused in a matter of just 3 months after they purchased the program. Audacity now also requires a CLA if you want to send a pull request to them to contribute in developing the original source code, which gives MuseGroup an unlimited ability to turn the program proprietary whenever they decide.

Additionally, MuseGroup developers have shown themselves to suck in public relations. Aside from the fact that it took them 20 days to revise the privacy policy page and address the angry community, they have been threatening an anti-CCP Chinese software developer over his life with threats such as “deporting you to China” over copyright issues with MuseScore; another open source software owned by MuseGroup, and the forked program this Chinese software developer created for it (See the previously edited version from the GitHub comment).

More details can be found here.

Taking all of these controversies into account, it would seem that a fork for all the open source software owned by this company is an absolute-must in order to maintain the broader user community’s interest with the true spirit of open source and free software, away from the company.

What About The Future of Audacity?

For the time being, you can use Audacity versions up to 3.0.2 guaranteeing that they have no network capabilities. However, as we said earlier, Audacity 3.0.3 will send your IP address and operating system version by default periodically to the company to check for updates.

By the time when version 3.0.3 comes out, you can either:

  • Disable that feature from the settings, and continue to use Audacity.
  • Use one of available forks, such as Tenacity, which strip the entire networking capabilities out.
  • Simply ignore it if you don’t see an issue in the data being sent.

However, after all of these troubles with the parent company, it is unlikely that the community forgets everything that happened and still happening. Audacity’s name and trust is sadly permanently damaged.

security offer from FOSS Post


Enter your email address to subscribe to our newsletter. We only send you an email when we have a couple of new posts or some important updates to share.

Open Source Directory

Join the Force!

For the price of one cup of coffee per month:

  • Support the FOSS Post to produce more content.
  • Get a special account on our website.
  • Remove all the ads you are seeing (including this one!).
  • Get an OPML file containing +70 RSS feeds for various FOSS-related websites and blogs, so that you can import it into your favorite RSS reader and stay updated about the FOSS world!

Comments on this story are now closed.