New to Linux and the open source world? We have compiled a huge list of resources to help you go through Linux and its distributions. Visit the full Linux guide page right now.

.

The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located:

9 July 4, 2021

Which is basically Russia, USA and the EEA zone:

All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.

Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”:

11 July 4, 2021

Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity.

Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies.

By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories.

Read more about the Audacity fork, and how you can help in creating it.

Update: The developers behind Audacity shared an announcement that their privacy policy page was “misunderstood” due to poor wording in it, and that they will rewrite it to avoid possible confusion. Error reporting and basic system information collection is opt-in, but automatic update checking (which sends your IP address to them at every usage) is opt-out.

For the price of one cup of coffee per month:

  • Support the FOSS Post to produce more content.
  • Get a special account on our website.
  • Remove all the ads you are seeing (including this one!).
  • Help us get to our goal of 100 supporters, to start many initiatives.


.
61 Comment
What if I build it from the GitHub source myself? Does it still have this issue?
Is this still going to happen if I build Audacity from the source code repositories?
JM Jenkins July 4, 2021
|
Could I still use if I don't update to 3.0?
Gigahurts July 4, 2021
|
How about suggesting an alternative until the form happens?
mane kamel July 4, 2021
|
the team did roll back on using telemetry : https://github.com/audacity/audacity/discussions/889
Tap July 5, 2021
|
That title is fearmongering. There should be an opt out, or maybe a first start question, but generally none of the data being collected constitutes as spyware
Daniel J. Lewis July 5, 2021
|
I think we should be careful throwing around the label of "spyware." https://www.merriam-webster.com/dictionary/spyware
Cookie Engineer July 5, 2021
|
For what it's worth, I forked Audacity yesterday and removed all telemetry that could potentially spy on users from the codebase. We're currently deciding on a nice rebranded name (as Audacity is trademarked) and are in the process of founding a GitHub organization afterwards. We're also looking for maintainers that could help with Windows and MacOS builds :) The repo's link is (for now): https://github.com/cookiengineer/audacity ~Cheers
Smurt July 5, 2021
|
Ever heard of this new thing called firewall?
Aaron July 5, 2021
|
There is an opt-out and there is a first-start question.
ChirpyMoth July 5, 2021
|
Read the examples. Lots of those are about chat programs that people wanted and installed but were transmitting personal data. This falls under that and is still spyware
George July 5, 2021
|
Why should we trust them to be telling the truth? It's incredibly shady practices, people use FOSS to avoid shady business practices
Todd July 5, 2021
|
i use the old desktop version, not 3.0. i should be alright,
Ben July 5, 2021
|
MuseScore's privacy page is almost identical, by the way.
Nuno July 5, 2021
|
Hahaha. Nice try.
Jules July 5, 2021
|
It's really disappointing that after having to walk back after doing something and being caught, they are once again being untrustworthy :(
MJ July 5, 2021
|
Can IMac users use Audacity and be okay?
jackie July 5, 2021
|
i am not familiar with open source licenses, but is it an option for someone to offer a precompiled version that ommits any telemetry code?
RockoDylon July 5, 2021
|
Using DarkAudacity fork is the best solution for now, people.
JohnC July 5, 2021
|
Perhaps the biggest downfall of this is that the company now takes full responsibility, so any 'bugs' or feature requests, or whatever now fall to them; that is a bit of a gamble as they might have to hire a developer or have an existing one that now maintains it. I don't think I used it much and being open-source it probably did not have many bugs in it already, but of course when greed takes over then you get things like this occurring. We should probably all just make a fork or take a copy of the source and maintain the software which is free/open source just to ensure that if it becomes paid then anyone who uses that can have a free copy of it.
JohnC July 5, 2021
|
Good idea because honestly this was a greed move. What can they hope to accomplish taking a long known open-source and free program and deciding to simply buy it? It might not be paid now but I bet the intent is to make it require licenses later on. An example of a bad greedy move by a company and also now they must consider they must maintain it themselves; I'm sure if you or other people maintain the original one, any fork will end up being 'better' still over time being open source than the project maintained by whatever company this is that bought it.
Stephen July 5, 2021
|
What was the last "safe" version?
So, that was my question too. I noticed that on both my laptop and my desktop (each running Ubuntu Studio 21.04) that Audacity is still at version 2.4.2. If I understand the situation correctly, 2.4.2 is still safe to have installed and still safe to use. But what I don't understand is the upgrade situation: - will Audacity try to update itself to 3.x at some point? - will running sudo apt update / sudo apt upgrade in Konsole (terminal) someday update it to 3.x for me without my realizing in time to stop it? - is there a way to actively ensure that I will be able to perpetually keep Audacity at 2.4.2? Though the majority of my podcast production work is done in Ardour 6, a significant, and important minority of that work is done in Audacity. Most of what I do in Audacity -could- be done in Ardour instead if necessary. But other parts, I am not sure I could do. So, it is my strong preference to be able to keep Audacity and to keep using it. But I don't know that I feel safe using 3.x. If anyone could please help me out with better understanding the upgrade situation, that'd be wonderful! :-) Thanks so much!
So, a tangentially related question: what (if anything) is the relationship between the "MusE" DAW / Sequencer program and "MuseGroup"? I tried to do a little hasty research on the matter after reading this today since I have MusE installed on my both my desktop and my laptop (both running Ubuntu Studio 21.04). I've never actually ran the program before on either device, but since I have it installed, and had hoped to someday use it, the question becomes very relevant, no? :-) Based on what very little I could glean, both "MusE" and "MuseScore" were developed by the same developer, one Werner Schweer in 2002 or so, and that once upon a time, the two appear to have been integrated, presumably meaning that what we now know of as "MuseScore" was not originally a stand-alone program, but rather, a function within MusE. But at some point, the two appear to have been separated into separate programs. Eventually, the group we now know of as "MuseGroup" buys "MuseScore" and it is presumably as much a spyware program as Audacity 3.x. Though I have never actually used MuseScore, I did find it installed on my laptop, and so I promptly removed it in Discover (and will probably run a purge in Konsole as well). It does not appear to have ever been installed on my desktop, though. Anyway, I find no mention of MuseGroup having ever purchased MusE, and MusE does not seem to appear on the MuseGroup website. I downloaded MusE about six or seven months ago after reading an article about the program - and it sounds AWESOME! I'd rather keep it if it is safe to do so. But before I assumed it was safe, I wanted to ensure that it is not involved in any of this mess, and I couldn't find anything anywhere that came right out and explicitly said yes or no to that. So, anyway, if anyone knows whether MusE remains safe, or if it is also spyware, I would very much love to know. Again, I'd much prefer to keep it, but I'm willing to ditch it if it's not safe. :-) In case it matters, the version I have installed is 3.1.1-1 on both machines. Thanks so much! Sorry if this was all a little long-winded. :-) Cheers!
joshuascholar July 6, 2021
|
In a github thread one of them said that they were going to get rid of the bit that says that the reason they collect data is to give it to courts in case they're required to - but that they may not get rid of the ridiculous and anti-GPL claim that children can't use the the program.
Be Free - Be Libre July 6, 2021
|
The famous FREE and open source audio manipulation program [...] Have a nice day
Bleeper July 6, 2021
|
What, exactly, would you block with a firewall? All outbound traffic? How would you identify the traffic that Audacity was generating? Do you somehow know all of their IP addresses, or which port and protocol they’re using? It’s likely SSL, so you won’t be able to identify a signature.
William Darlington July 6, 2021
|
The telemtry option is not here yet. I twill be inversion 3.03. The latest full release is 3.02. See: https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor-is-not-spyware/
Jay J. July 7, 2021
|
There isn't an opt-out. The telemetry is disabled by default. It's opt-in, even on official binaries.
MZPL July 7, 2021
|
It depends if they push it to ubuntu repos. You can simply hold a package to make sure it won't get updated. Also, don't use snaps because they auto update and pay attention to packages you're upgrading.
anarchyisbetter July 7, 2021
|
Telemetry is now spyware? pf... governments are collecting more information about you.
devlopersdevelopers July 7, 2021
|
no, it's not safe at all! developers can steal your money using cpu model knowledge!
Chuck July 7, 2021
|
https://github.com/Sneeds-Feed-and-Seed/sneedacity is a fork that has gotten quite a bit of development, and none of the drama around "trolls" that other projects have experienced. Plus it has a much more open community, which should help sneed up development
Nick July 8, 2021
|
Note that you don't need to do anything yet if you installed Audacity from the standard repo of your distro, and never update it except from the standard repos. The version of Audacity in the Debian "testing" repository, for example, is still 2.4.2. If you use Debian "stable" then nothing will change for you until a new version of Debian Stable is released, at the earliest. Audacity does have a menu option you can click to make it update itself, but you should always ignore this anyway. The whole point of running an OS like Debian Stable is that the Debian maintainers and testers check that all the software in the distro plays nicely with all the other software, and doesn't cause instability or crashes. You should install updates only from the repository to get the benefit of Debian's legendary stability.
Alex July 9, 2021
|
MuseScore is MusE's offspring. That happened in 2002, aeons ago, way before Muse Group came along. There is zero relationship between MusE and Muse Group. You insistance on calling Audacity spyware suggests that you fell victim to all this fearmongering. Alas, a common case these days.
Alex July 9, 2021
|
Wrong. 3.0.2 doesn't have networking features.
Anon July 10, 2021
|
Thank you Chuck, very cool.
winstonsmith July 10, 2021
|
I use Tails; everyone should.
Jeff July 10, 2021
|
misunderstood by Musegroup after has acquired Audacity since I've uninstalled directly? What's any alternatives because I no longer use Audacity on my computer.
stevetf July 10, 2021
|
Networking is (entirely) disabled by default when you build from source (See: CMakeLists.txt in the root directory of the source code)
stevetf July 10, 2021
|
There is no networking in Audacity versions up to and including Audacity 3.0.2.
stevetf July 10, 2021
|
There is an opt out for auto-updates in "Preferences > Application". Crash reporting is "opt-in only" - you are asked if you want to send the crash report or not. The crash report is only sent if you explicitly say so.
Scuzzlebutt July 11, 2021
|
R.I.P. --> Audacity 😥
anonymousAlpha July 13, 2021
|
In or out, freedom shouldn't be an option. Damage has been done, and will certainly be. It's too late. Goodbye Audacity.
Capt Obvious July 15, 2021
|
This option doesn't appear in v.3.0.2 on Win 10. Did Musegroup already remove the ability to opt out of their new data collection?
FubberNuckin July 30, 2021
|
They are intending to transmit information about the user's computer activities over the internet without the user's knowledge, only posting a vague notice designed to keep them out of legal trouble. Honestly fits the definition of spyware better than I thought.
Michael August 1, 2021
|
What does "two months ago" or "2 days ago" mean if the internet is forever, if the internet never forgets, if copypasta is commonplace? Which version of Audacity was first affected by the home-phoning? The author of the piece needs to remove their head from that particular body cavity where it's currently lodged. The copy editor(s) would do well to do the same.
stf August 1, 2021
|
When building from source, update checking, crash reporting, and networking are disabled by default. If you want those features you have to enable them in the cmake options.
stf August 1, 2021
|
That's not how repositories work. Software developers develop software. Distribution maintainers choose what software they want to include in their distro and they "pull" the software, build the package to fit with their distro, and then add their build to their repository. When Debian get round to updating Audacity to version 3.0.3, it will be the Debian maintainers (NOT the Audacity developers) that build the official Debian package. It is extremely unlikely that the Debian maintainers will enable Audacity's update checking as Debian already has Apt for updating packages.
Jorge August 25, 2021
|
Look Y'all just go here https://www.microsoft.com/en-us/p/audiotonic-pro-audio-editor-recorder-based-on-audacity-with-ffmpeg/9p0qlwt4nqkm#activetab=pivot:overviewtab Get this one its the same just with out the spyware, I was using Audacity but my system to a big hit on performance and after i uninstalled it and got Audiotonic everything is working well again. Also Stop asking "what if I go here or get from there" come on get real. Its Thar same Thing! use your heads!