Jump to content

Audacity is now a Possible Spyware, Remove it ASAP

securitybreach

By securitybreach
in Bruno's All Things Linux

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted
Quote


"The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software).

Ever since, Audacity has been a heated topic.

 

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located:

 

Which is basically Russia, USA and the EEA zone:

 

All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.

 

Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”:

 

Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

 

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

 

Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.

 

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

 

One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity.

 

Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies.

 

By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories. "

 

 

https://fosspost.org/audacity-is-now-a-spyware/

 

There is a fork of the original project available as well.

Link to comment
Share on other sites
saturnian

saturnian

Posted
Posted

Continuing to use an older version should be okay for now, right? I've been following this but didn't think that there's a fork yet. I rarely use Audacity but this is big news.

Link to comment
Share on other sites
sunrat

sunrat

Posted
Posted

I've been watching this saga for a couple of months since Muse Group took over the original Audacity. Lots of heated discussion at Linux Musicians and at the original Github project. It seems the new owners are intent on including telemetry and data harvesting despite originally saying it would be opt-in. They come across as being somewhat disingenuous and perhaps not even respecting the GPL licence. A fork was inevitable.

AFAIK the older 2.x versions are still free of the offending "features".

  • Like 1
  • Agree 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted
5 minutes ago, sunrat said:

hey come across as being somewhat disingenuous and perhaps not even respecting the GPL licence.

 

They are asking that children under 13 not use the software which is also against the GPL as restrictions are not allowed.

Link to comment
Share on other sites
Hedon James

Hedon James

Posted
Posted
11 hours ago, securitybreach said:

 

They are asking that children under 13 not use the software which is also against the GPL as restrictions are not allowed.

Even IF allowed, that's a weird and seemingly arbitrary cutoff age.  If it was "under 18" I would probably chalk it up to "a legal adult"; or if it was "under 16" I'd think "licensed drivers of vehicles"; etc...  But why "under 13"?  I can't even venture a guess on that one...

  • Agree 1
Link to comment
Share on other sites
sunrat

sunrat

Posted
Posted
2 hours ago, Hedon James said:

But why "under 13"?  I can't even venture a guess on that one...

The EU GDPR disallows collecting data from people under 13. Even games like Pokemon Go and Ingress are not supposed to be available to under 13s.

Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

From the article:

 

Quote


Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software:

The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.

Link to comment
Share on other sites
wa4chq

wa4chq

Posted
Posted

Audacity is one of those things I have to install (if it's not already included) but find I hardly ever use it....  Kinda like ytree....  I always had to have it cuz it looked cool but didn't use it much...lol   Right now I'm using MX and don't think I've installed ytree !! 

UPDATE:  ytree has been installed!  Have a great day all.

  • Agree 1
Link to comment
Share on other sites
securitybreach

securitybreach

Posted
  • Author
Posted

Yeah but having any restrictions or rules is against the GPL license. I still consider collecting any data besides debugging and improving the app to be a violation of the GPL and privacy in general. While the original title may not correctly describe what they are doing, I still have a problem with the data collection aspect.

 

 

Link to comment
Share on other sites
saturnian

saturnian

Posted
Posted
Quote

The first thing to point out is that neither the privacy policy nor the in-app telemetry in question are actually in effect yet—both are targeted to an upcoming 3.0.3 release, while the most recent available version is 3.0.2. For now, that means there's absolutely no need for anyone to panic about their currently-installed version of Audacity.

 

I am not gonna remove it right now. I have it installed in Debian Testing, and I think in Kubuntu LTS and maybe in Arch as well. But all of those are older versions of the package. I don't know what will happen with Audacity in Arch, but I see that it's flagged "out-of-date" since late June.

 

I use Audacity very rarely here, and most likely I wouldn't have used it at all for the rest of 2021 in any case. So, no big deal for me; I'll just wait and see how things play out.

 

  • Like 1
Link to comment
Share on other sites
crp

crp

Posted
Posted (edited)

How is collecting data against the terms of GPL2.0 ? And they are not restricting by age, they merely ask. I don't see anywhere where they say it would be a violation of use.

 

I think there has been an overreaction to the situation, users need to cool down and muse needs to drop its defensive posture.

 

Then we can find out what is really going on.

 

Edited by crp
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...