New to Linux and the open source world? We have compiled a huge list of resources to help you go through Linux and its distributions. Visit the full Linux guide page right now.

.

The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located:

9 July 4, 2021

Which is basically Russia, USA and the EEA zone:

All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.

Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”:

11 July 4, 2021

Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity.

Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies.

By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories.

Read more about the Audacity fork, and how you can help in creating it.

Update: The developers behind Audacity shared an announcement that their privacy policy page was “misunderstood” due to poor wording in it, and that they will rewrite it to avoid possible confusion. Error reporting and basic system information collection is opt-in, but automatic update checking (which sends your IP address to them at every usage) is opt-out.



.

56 Comments

  1. M. Edward (Ed) Borasky

    July 4, 2021 at 10:52 pm

    What if I build it from the GitHub source myself? Does it still have this issue?

    Reply

    • M.Hanny Sabbagh

      July 5, 2021 at 6:41 am

      There would be no issue, and there is an option to disable telemetry all together.

      Reply

  2. M. Edward (Ed) Borasky

    July 4, 2021 at 11:02 pm

    Is this still going to happen if I build Audacity from the source code repositories?

    Reply

  3. JM Jenkins

    July 5, 2021 at 12:24 am

    Could I still use if I don’t update to 3.0?

    Reply

    • M.Hanny Sabbagh

      July 5, 2021 at 6:41 am

      Yes, you should be fine.

      Reply

  4. Gigahurts

    July 5, 2021 at 1:50 am

    How about suggesting an alternative until the form happens?

    Reply

  5. mane kamel

    July 5, 2021 at 2:06 am

    the team did roll back on using telemetry : https://github.com/audacity/audacity/discussions/889

    Reply

    • M.Hanny Sabbagh

      July 5, 2021 at 6:43 am

      They didn’t. The discussion you linked is 2 months old, while the privacy page which was updated with the problematic information was updated 3 days ago, so whatever they said in the discussion is legally overwritten by the official privacy policy which is more recent.

      Reply

  6. Tap

    July 5, 2021 at 3:37 am

    That title is fearmongering. There should be an opt out, or maybe a first start question, but generally none of the data being collected constitutes as spyware

    Reply

  7. Daniel J. Lewis

    July 5, 2021 at 3:59 am

    I think we should be careful throwing around the label of “spyware.”

    https://www.merriam-webster.com/dictionary/spyware

    Reply

  8. Cookie Engineer

    July 5, 2021 at 8:07 am

    For what it’s worth, I forked Audacity yesterday and removed all telemetry that could potentially spy on users from the codebase.

    We’re currently deciding on a nice rebranded name (as Audacity is trademarked) and are in the process of founding a GitHub organization afterwards. We’re also looking for maintainers that could help with Windows and MacOS builds ๐Ÿ™‚

    The repo’s link is (for now):

    https://github.com/cookiengineer/audacity

    ~Cheers

    Reply

  9. Smurt

    July 5, 2021 at 11:47 am

    Ever heard of this new thing called firewall?

    Reply

  10. Aaron

    July 5, 2021 at 12:05 pm

    There is an opt-out and there is a first-start question.

    Reply

  11. ChirpyMoth

    July 5, 2021 at 12:16 pm

    Read the examples. Lots of those are about chat programs that people wanted and installed but were transmitting personal data. This falls under that and is still spyware

    Reply

  12. George

    July 5, 2021 at 12:48 pm

    Why should we trust them to be telling the truth?

    It’s incredibly shady practices, people use FOSS to avoid shady business practices

    Reply

  13. Todd

    July 5, 2021 at 4:58 pm

    i use the old desktop version, not 3.0. i should be alright,

    Reply

  14. Ben

    July 5, 2021 at 5:10 pm

    MuseScore’s privacy page is almost identical, by the way.

    Reply

  15. Nuno

    July 5, 2021 at 5:22 pm

    Hahaha. Nice try.

    Reply

  16. Jules

    July 5, 2021 at 7:23 pm

    It’s really disappointing that after having to walk back after doing something and being caught, they are once again being untrustworthy ๐Ÿ™

    Reply

  17. MJ

    July 5, 2021 at 8:13 pm

    Can IMac users use Audacity and be okay?

    Reply

  18. jackie

    July 5, 2021 at 8:43 pm

    i am not familiar with open source licenses, but is it an option for someone to offer a precompiled version that ommits any telemetry code?

    Reply

    • M.Hanny Sabbagh

      July 5, 2021 at 8:47 pm

      It already exists, see the link at the end of the post.

      Reply

  19. RockoDylon

    July 5, 2021 at 9:39 pm

    Using DarkAudacity fork is the best solution for now, people.

    Reply

  20. JohnC

    July 5, 2021 at 9:41 pm

    Perhaps the biggest downfall of this is that the company now takes full responsibility, so any ‘bugs’ or feature requests, or whatever now fall to them; that is a bit of a gamble as they might have to hire a developer or have an existing one that now maintains it. I don’t think I used it much and being open-source it probably did not have many bugs in it already, but of course when greed takes over then you get things like this occurring. We should probably all just make a fork or take a copy of the source and maintain the software which is free/open source just to ensure that if it becomes paid then anyone who uses that can have a free copy of it.

    Reply

  21. JohnC

    July 5, 2021 at 9:45 pm

    Good idea because honestly this was a greed move. What can they hope to accomplish taking a long known open-source and free program and deciding to simply buy it? It might not be paid now but I bet the intent is to make it require licenses later on. An example of a bad greedy move by a company and also now they must consider they must maintain it themselves; I’m sure if you or other people maintain the original one, any fork will end up being ‘better’ still over time being open source than the project maintained by whatever company this is that bought it.

    Reply

  22. Stephen

    July 5, 2021 at 11:44 pm

    What was the last “safe” version?

    Reply

    • M.Hanny Sabbagh

      July 6, 2021 at 12:02 am

      Anything before 3.x

      Reply

  23. St. John from Des Moines

    July 6, 2021 at 1:05 am

    So, that was my question too. I noticed that on both my laptop and my desktop (each running Ubuntu Studio 21.04) that Audacity is still at version 2.4.2.

    If I understand the situation correctly, 2.4.2 is still safe to have installed and still safe to use. But what I don’t understand is the upgrade situation:

    - will Audacity try to update itself to 3.x at some point?
    - will running sudo apt update / sudo apt upgrade in Konsole (terminal) someday update it to 3.x for me without my realizing
    in time to stop it?
    - is there a way to actively ensure that I will be able to perpetually keep Audacity at 2.4.2?

    Though the majority of my podcast production work is done in Ardour 6, a significant, and important minority of that work is done in Audacity. Most of what I do in Audacity -could- be done in Ardour instead if necessary. But other parts, I am not sure I could do. So, it is my strong preference to be able to keep Audacity and to keep using it. But I don’t know that I feel safe using 3.x.

    If anyone could please help me out with better understanding the upgrade situation, that’d be wonderful! ๐Ÿ™‚

    Thanks so much!

    Reply

  24. St. John from Des Moines

    July 6, 2021 at 1:25 am

    So, a tangentially related question: what (if anything) is the relationship between the “MusE” DAW / Sequencer program and “MuseGroup”?

    I tried to do a little hasty research on the matter after reading this today since I have MusE installed on my both my desktop and my laptop (both running Ubuntu Studio 21.04). I’ve never actually ran the program before on either device, but since I have it installed, and had hoped to someday use it, the question becomes very relevant, no? ๐Ÿ™‚

    Based on what very little I could glean, both “MusE” and “MuseScore” were developed by the same developer, one Werner Schweer in 2002 or so, and that once upon a time, the two appear to have been integrated, presumably meaning that what we now know of as “MuseScore” was not originally a stand-alone program, but rather, a function within MusE. But at some point, the two appear to have been separated into separate programs. Eventually, the group we now know of as “MuseGroup” buys “MuseScore” and it is presumably as much a spyware program as Audacity 3.x. Though I have never actually used MuseScore, I did find it installed on my laptop, and so I promptly removed it in Discover (and will probably run a purge in Konsole as well). It does not appear to have ever been installed on my desktop, though.

    Anyway, I find no mention of MuseGroup having ever purchased MusE, and MusE does not seem to appear on the MuseGroup website. I downloaded MusE about six or seven months ago after reading an article about the program – and it sounds AWESOME! I’d rather keep it if it is safe to do so. But before I assumed it was safe, I wanted to ensure that it is not involved in any of this mess, and I couldn’t find anything anywhere that came right out and explicitly said yes or no to that.

    So, anyway, if anyone knows whether MusE remains safe, or if it is also spyware, I would very much love to know. Again, I’d much prefer to keep it, but I’m willing to ditch it if it’s not safe. ๐Ÿ™‚

    In case it matters, the version I have installed is 3.1.1-1 on both machines.

    Thanks so much! Sorry if this was all a little long-winded. ๐Ÿ™‚

    Cheers!

    Reply

  25. joshuascholar

    July 6, 2021 at 10:55 am

    In a github thread one of them said that they were going to get rid of the bit that says that the reason they collect data is to give it to courts in case they’re required to – but that they may not get rid of the ridiculous and anti-GPL claim that children can’t use the the program.

    Reply

  26. Be Free - Be Libre

    July 6, 2021 at 1:58 pm

    The famous FREE and open source audio manipulation program […]

    Have a nice day

    Reply

  27. Bleeper

    July 6, 2021 at 4:23 pm

    What, exactly, would you block with a firewall? All outbound traffic? How would you identify the traffic that Audacity was generating? Do you somehow know all of their IP addresses, or which port and protocol theyโ€™re using? Itโ€™s likely SSL, so you wonโ€™t be able to identify a signature.

    Reply

  28. William Darlington

    July 6, 2021 at 9:25 pm

    The telemtry option is not here yet. I twill be inversion 3.03. The latest full release is 3.02. See:
    https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor-is-not-spyware/

    Reply

    • M.Hanny Sabbagh

      July 6, 2021 at 9:41 pm

      It is very funny watching the same site that has trackers/ads like us try to compare the privacy policy of Audacity to our own privacy policy (Like, you have 33 trackers as well, lol). As I said in previous comment: May 13 update has nothing to do with the new concerns, which resulted from updating the privacy policy page 3-4 days ago only. Whatever they said in the GitHub discussion page in May 13 is not reflected on the official privacy policy, and hence, the issues.

      The privacy policy in its current form is a base for spying, because it gives ambiguous, unclear and unlimited interpretations for what can actually be done with user data.

      It is also very funny to read sentences like: “the contributors and commenters active on the project’s Github seem to have been largely satisfied by the May 13 update”, yea, absolutely positive reactions ignoring literally everything else in these issues: https://github.com/audacity/audacity/issues/1213

      They sound so happy, very happy, to the level that the new Audacity fork has 2300 stars in less than 48 hours: https://github.com/temporary-audacity/audacity

      Additionally, they say: “The new privacy policy was first submitted as a pull request on May 4.” which is absolutely wrong. The new privacy policy has nothing to do with the May 4th commit nor reflects anything mentioned on GitHub. It doesn’t specify whether anything is opt-in or opt-out, it doesn’t clarify what data may be collected upon law requests in Russia, USA or EU, and it contains absolutely different content than anything posted on GitHub (Read the privacy policy page and read the link they have put).

      I am wondering whether they are outsourcing writing at ArsTechnica to some Indian call center.

      Reply

  29. Jay J.

    July 7, 2021 at 6:22 am

    There isn’t an opt-out. The telemetry is disabled by default. It’s opt-in, even on official binaries.

    Reply

  30. MZPL

    July 7, 2021 at 1:49 pm

    It depends if they push it to ubuntu repos. You can simply hold a package to make sure it won’t get updated. Also, don’t use snaps because they auto update and pay attention to packages you’re upgrading.

    Reply

  31. anarchyisbetter

    July 7, 2021 at 2:02 pm

    Telemetry is now spyware? pf… governments are collecting more information about you.

    Reply

  32. devlopersdevelopers

    July 7, 2021 at 2:09 pm

    no, it’s not safe at all! developers can steal your money using cpu model knowledge!

    Reply

  33. Chuck

    July 7, 2021 at 7:58 pm

    https://github.com/Sneeds-Feed-and-Seed/sneedacity is a fork that has gotten quite a bit of development, and none of the drama around “trolls” that other projects have experienced. Plus it has a much more open community, which should help sneed up development

    Reply

  34. Nick

    July 8, 2021 at 11:04 am

    Note that you don’t need to do anything yet if you installed Audacity from the standard repo of your distro, and never update it except from the standard repos. The version of Audacity in the Debian “testing” repository, for example, is still 2.4.2. If you use Debian “stable” then nothing will change for you until a new version of Debian Stable is released, at the earliest.

    Audacity does have a menu option you can click to make it update itself, but you should always ignore this anyway. The whole point of running an OS like Debian Stable is that the Debian maintainers and testers check that all the software in the distro plays nicely with all the other software, and doesn’t cause instability or crashes. You should install updates only from the repository to get the benefit of Debian’s legendary stability.

    Reply

  35. Alex

    July 9, 2021 at 7:05 pm

    MuseScore is MusE’s offspring. That happened in 2002, aeons ago, way before Muse Group came along. There is zero relationship between MusE and Muse Group.

    You insistance on calling Audacity spyware suggests that you fell victim to all this fearmongering. Alas, a common case these days.

    Reply

  36. Alex

    July 9, 2021 at 7:06 pm

    Wrong. 3.0.2 doesn’t have networking features.

    Reply

  37. Anon

    July 10, 2021 at 4:03 pm

    Thank you Chuck, very cool.

    Reply

  38. winstonsmith

    July 10, 2021 at 5:46 pm

    I use Tails; everyone should.

    Reply

  39. Jeff

    July 10, 2021 at 7:03 pm

    misunderstood by Musegroup after has acquired Audacity since I’ve uninstalled directly?

    What’s any alternatives because I no longer use Audacity on my computer.

    Reply

  40. stevetf

    July 10, 2021 at 11:34 pm

    Networking is (entirely) disabled by default when you build from source (See:
    CMakeLists.txt in the root directory of the source code)

    Reply

  41. stevetf

    July 10, 2021 at 11:35 pm

    There is no networking in Audacity versions up to and including Audacity 3.0.2.

    Reply

  42. stevetf

    July 10, 2021 at 11:39 pm

    There is an opt out for auto-updates in “Preferences > Application”.
    Crash reporting is “opt-in only” – you are asked if you want to send the crash report or not. The crash report is only sent if you explicitly say so.

    Reply

  43. Scuzzlebutt

    July 11, 2021 at 1:56 pm

    R.I.P. –> Audacity ๐Ÿ˜ฅ

    Reply

  44. anonymousAlpha

    July 13, 2021 at 12:14 pm

    In or out, freedom shouldn’t be an option.
    Damage has been done, and will certainly be.
    It’s too late.
    Goodbye Audacity.

    Reply

  45. Capt Obvious

    July 15, 2021 at 7:54 pm

    This option doesn’t appear in v.3.0.2 on Win 10. Did Musegroup already remove the ability to opt out of their new data collection?

    Reply

    • stevetf

      July 15, 2021 at 10:25 pm

      No, Audacity 3.0.2 does not have any networking ability. It can’t check for updates and it can’t submit crash reports.

      Reply

      • Capt Obvious

        July 16, 2021 at 1:03 am

        Audacity 3.0.2 very much has the ability to check for updates. On macOS, at least, it can submit crash reports.

        Reply

        • stevetf

          July 16, 2021 at 11:44 am

          Audacity 3.0.2 has a “Check for Updates” menu item, but that’s just a link that open in your default web browser. Audacity 3.0.2 cannot itself connect to the Internet.

          Audacity 3.0.2 can generate a crash report, but it cannot send it anywhere, because it cannot connect to the Internet. If you want to send that crash report anywhere, you would have to email it or upload it somewhere.

          Reply

  46. FubberNuckin

    July 31, 2021 at 1:33 am

    They are intending to transmit information about the user’s computer activities over the internet without the user’s knowledge, only posting a vague notice designed to keep them out of legal trouble. Honestly fits the definition of spyware better than I thought.

    Reply

Leave a Reply