security offer from FOSS Post

The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located:

5

Which is basically Russia, USA and the EEA zone:

All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.

Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”:

7

Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity.

Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies.

By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories.

Read more about the Audacity fork, and how you can help in creating it.

Update: The developers behind Audacity shared an announcement that their privacy policy page was “misunderstood” due to poor wording in it, and that they will rewrite it to avoid possible confusion. Error reporting and basic system information collection is opt-in, but automatic update checking (which sends your IP address to them at every usage) is opt-out.

security offer from FOSS Post
Subscribe
Notify of
guest

65 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Newsletter

Enter your email address to subscribe to our newsletter. We only send you an email when we have a couple of new posts or some important updates to share.

Recent Comments

Open Source Directory

Join the Force!

For the price of one cup of coffee per month:

  • Support the FOSS Post to produce more content.
  • Get a special account on our website.
  • Remove all the ads you are seeing (including this one!).
  • Get an OPML file containing +70 RSS feeds for various FOSS-related websites and blogs, so that you can import it into your favorite RSS reader and stay updated about the FOSS world!