The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located:

5

Which is basically Russia, USA and the EEA zone:

All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.

Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”:

7

Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity.

Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies.

By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories.

Read more about the Audacity fork, and how you can help in creating it.

Update: The developers behind Audacity shared an announcement that their privacy policy page was “misunderstood” due to poor wording in it, and that they will rewrite it to avoid possible confusion. Error reporting and basic system information collection is opt-in, but automatic update checking (which sends your IP address to them at every usage) is opt-out.



guest

62 Comments
Oldest
Newest
Inline Feedbacks
View all comments
M. Edward (Ed) Borasky

What if I build it from the GitHub source myself? Does it still have this issue?

M.Hanny Sabbagh

There would be no issue, and there is an option to disable telemetry all together.

IllegalStreetReader

The answer is no, I’ll uninstall Audacity and I’ll turn on Reaper.

M. Edward (Ed) Borasky

Is this still going to happen if I build Audacity from the source code repositories?

JM Jenkins

Could I still use if I don’t update to 3.0?

M.Hanny Sabbagh

Yes, you should be fine.

Gigahurts

How about suggesting an alternative until the form happens?

M.Hanny Sabbagh

Oceanradio is a good one: https://www.ocenaudio.com/

mane kamel

the team did roll back on using telemetry : https://github.com/audacity/audacity/discussions/889

M.Hanny Sabbagh

They didn’t. The discussion you linked is 2 months old, while the privacy page which was updated with the problematic information was updated 3 days ago, so whatever they said in the discussion is legally overwritten by the official privacy policy which is more recent.

Tap

That title is fearmongering. There should be an opt out, or maybe a first start question, but generally none of the data being collected constitutes as spyware

Daniel J. Lewis

I think we should be careful throwing around the label of “spyware.”

https://www.merriam-webster.com/dictionary/spyware

Cookie Engineer

For what it’s worth, I forked Audacity yesterday and removed all telemetry that could potentially spy on users from the codebase.

We’re currently deciding on a nice rebranded name (as Audacity is trademarked) and are in the process of founding a GitHub organization afterwards. We’re also looking for maintainers that could help with Windows and MacOS builds 🙂

The repo’s link is (for now):

https://github.com/cookiengineer/audacity

~Cheers

Smurt

Ever heard of this new thing called firewall?

Aaron

There is an opt-out and there is a first-start question.

ChirpyMoth

Read the examples. Lots of those are about chat programs that people wanted and installed but were transmitting personal data. This falls under that and is still spyware

George

Why should we trust them to be telling the truth?

It’s incredibly shady practices, people use FOSS to avoid shady business practices

Todd

i use the old desktop version, not 3.0. i should be alright,

Ben

MuseScore’s privacy page is almost identical, by the way.

Nuno

Hahaha. Nice try.

Jules

It’s really disappointing that after having to walk back after doing something and being caught, they are once again being untrustworthy 🙁

MJ

Can IMac users use Audacity and be okay?

jackie

i am not familiar with open source licenses, but is it an option for someone to offer a precompiled version that ommits any telemetry code?

M.Hanny Sabbagh

It already exists, see the link at the end of the post.

RockoDylon

Using DarkAudacity fork is the best solution for now, people.

JohnC

Perhaps the biggest downfall of this is that the company now takes full responsibility, so any ‘bugs’ or feature requests, or whatever now fall to them; that is a bit of a gamble as they might have to hire a developer or have an existing one that now maintains it. I don’t think I used it much and being open-source it probably did not have many bugs in it already, but of course when greed takes over then you get things like this occurring. We should probably all just make a fork or take a copy of the source and… Read more »

JohnC

Good idea because honestly this was a greed move. What can they hope to accomplish taking a long known open-source and free program and deciding to simply buy it? It might not be paid now but I bet the intent is to make it require licenses later on. An example of a bad greedy move by a company and also now they must consider they must maintain it themselves; I’m sure if you or other people maintain the original one, any fork will end up being ‘better’ still over time being open source than the project maintained by whatever company… Read more »

Stephen

What was the last “safe” version?

M.Hanny Sabbagh

Anything before 3.x

St. John from Des Moines

So, that was my question too. I noticed that on both my laptop and my desktop (each running Ubuntu Studio 21.04) that Audacity is still at version 2.4.2. If I understand the situation correctly, 2.4.2 is still safe to have installed and still safe to use. But what I don’t understand is the upgrade situation: - will Audacity try to update itself to 3.x at some point? - will running sudo apt update / sudo apt upgrade in Konsole (terminal) someday update it to 3.x for me without my realizing in time to stop it? - is there a way… Read more »

St. John from Des Moines

So, a tangentially related question: what (if anything) is the relationship between the “MusE” DAW / Sequencer program and “MuseGroup”? I tried to do a little hasty research on the matter after reading this today since I have MusE installed on my both my desktop and my laptop (both running Ubuntu Studio 21.04). I’ve never actually ran the program before on either device, but since I have it installed, and had hoped to someday use it, the question becomes very relevant, no? 🙂 Based on what very little I could glean, both “MusE” and “MuseScore” were developed by the same… Read more »

joshuascholar

In a github thread one of them said that they were going to get rid of the bit that says that the reason they collect data is to give it to courts in case they’re required to – but that they may not get rid of the ridiculous and anti-GPL claim that children can’t use the the program.

Be Free - Be Libre

The famous FREE and open source audio manipulation program […]

Have a nice day

Bleeper

What, exactly, would you block with a firewall? All outbound traffic? How would you identify the traffic that Audacity was generating? Do you somehow know all of their IP addresses, or which port and protocol they’re using? It’s likely SSL, so you won’t be able to identify a signature.

William Darlington

The telemtry option is not here yet. I twill be inversion 3.03. The latest full release is 3.02. See:
https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor-is-not-spyware/

M.Hanny Sabbagh

It is very funny watching the same site that has trackers/ads like us try to compare the privacy policy of Audacity to our own privacy policy (Like, you have 33 trackers as well, lol). As I said in previous comment: May 13 update has nothing to do with the new concerns, which resulted from updating the privacy policy page 3-4 days ago only. Whatever they said in the GitHub discussion page in May 13 is not reflected on the official privacy policy, and hence, the issues. The privacy policy in its current form is a base for spying, because it… Read more »

Jay J.

There isn’t an opt-out. The telemetry is disabled by default. It’s opt-in, even on official binaries.

MZPL

It depends if they push it to ubuntu repos. You can simply hold a package to make sure it won’t get updated. Also, don’t use snaps because they auto update and pay attention to packages you’re upgrading.

anarchyisbetter

Telemetry is now spyware? pf… governments are collecting more information about you.

devlopersdevelopers

no, it’s not safe at all! developers can steal your money using cpu model knowledge!

Chuck

https://github.com/Sneeds-Feed-and-Seed/sneedacity is a fork that has gotten quite a bit of development, and none of the drama around “trolls” that other projects have experienced. Plus it has a much more open community, which should help sneed up development

Nick

Note that you don’t need to do anything yet if you installed Audacity from the standard repo of your distro, and never update it except from the standard repos. The version of Audacity in the Debian “testing” repository, for example, is still 2.4.2. If you use Debian “stable” then nothing will change for you until a new version of Debian Stable is released, at the earliest. Audacity does have a menu option you can click to make it update itself, but you should always ignore this anyway. The whole point of running an OS like Debian Stable is that the… Read more »

Alex

MuseScore is MusE’s offspring. That happened in 2002, aeons ago, way before Muse Group came along. There is zero relationship between MusE and Muse Group.

You insistance on calling Audacity spyware suggests that you fell victim to all this fearmongering. Alas, a common case these days.

Alex

Wrong. 3.0.2 doesn’t have networking features.

Anon

Thank you Chuck, very cool.

winstonsmith

I use Tails; everyone should.

Jeff

misunderstood by Musegroup after has acquired Audacity since I’ve uninstalled directly?

What’s any alternatives because I no longer use Audacity on my computer.

stevetf

Networking is (entirely) disabled by default when you build from source (See:
CMakeLists.txt in the root directory of the source code)

stevetf

There is no networking in Audacity versions up to and including Audacity 3.0.2.

stevetf

There is an opt out for auto-updates in “Preferences > Application”.
Crash reporting is “opt-in only” – you are asked if you want to send the crash report or not. The crash report is only sent if you explicitly say so.

Scuzzlebutt

R.I.P. –> Audacity 😥

anonymousAlpha

In or out, freedom shouldn’t be an option.
Damage has been done, and will certainly be.
It’s too late.
Goodbye Audacity.

Capt Obvious

This option doesn’t appear in v.3.0.2 on Win 10. Did Musegroup already remove the ability to opt out of their new data collection?

stevetf

No, Audacity 3.0.2 does not have any networking ability. It can’t check for updates and it can’t submit crash reports.

Capt Obvious

Audacity 3.0.2 very much has the ability to check for updates. On macOS, at least, it can submit crash reports.

stevetf

Audacity 3.0.2 has a “Check for Updates” menu item, but that’s just a link that open in your default web browser. Audacity 3.0.2 cannot itself connect to the Internet.

Audacity 3.0.2 can generate a crash report, but it cannot send it anywhere, because it cannot connect to the Internet. If you want to send that crash report anywhere, you would have to email it or upload it somewhere.

FubberNuckin

They are intending to transmit information about the user’s computer activities over the internet without the user’s knowledge, only posting a vague notice designed to keep them out of legal trouble. Honestly fits the definition of spyware better than I thought.

Michael

What does “two months ago” or “2 days ago” mean if the internet is forever, if the internet never forgets, if copypasta is commonplace? Which version of Audacity was first affected by the home-phoning?

The author of the piece needs to remove their head from that particular body cavity where it’s currently lodged. The copy editor(s) would do well to do the same.

stf

When building from source, update checking, crash reporting, and networking are disabled by default. If you want those features you have to enable them in the cmake options.

stf

That’s not how repositories work.
Software developers develop software. Distribution maintainers choose what software they want to include in their distro and they “pull” the software, build the package to fit with their distro, and then add their build to their repository.

When Debian get round to updating Audacity to version 3.0.3, it will be the Debian maintainers (NOT the Audacity developers) that build the official Debian package. It is extremely unlikely that the Debian maintainers will enable Audacity’s update checking as Debian already has Apt for updating packages.

Jorge

Look Y’all just go here https://www.microsoft.com/en-us/p/audiotonic-pro-audio-editor-recorder-based-on-audacity-with-ffmpeg/9p0qlwt4nqkm#activetab=pivot:overviewtab

Get this one its the same just with out the spyware, I was using Audacity but my system to a big hit on performance and after i uninstalled it and got Audiotonic everything is working well again.

Also Stop asking “what if I go here or get from there” come on get real. Its Thar same Thing! use your heads!

stevetf

Do you know in what ways Blusky Software Inc.‬ have modified Audacity? The GPL license insists that the source code is freely available – Where is the source code for “Audiotonic Pro”? (I don’t mean the “Audacity” source code, I mean the source code of their “derived work” called “Audiotonic Pro”.) If you think that you can’t trust Audacity, what makes you think that you can trust a company that distributes unauthorized, modified copies, with unknown modifications, and no readily available source code (as required by the license terms)? If you really want an old version of Audacity, you can… Read more »

Newsletter

.

Become a Supporter

For the price of one cup of coffee per month:

  • Support the FOSS Post to produce more content.
  • Get a special account on our website.
  • Remove all the ads you are seeing (including this one!).
  • Help us get to our goal of 100 supporters, to start many initiatives.

Opinions Column

Recent Comments

Tools We Use