securitybreach Posted July 5, 2021 Share Posted July 5, 2021 Quote "The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software). Ever since, Audacity has been a heated topic. The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines. The updated privacy policy page (which was uploaded 2 days ago) for Audacity includes a wide range of data collection mechanisms. It states for example that it can hand any user data to state regulators where it is located: Which is basically Russia, USA and the EEA zone: All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA. Additionally, they state that they might share the data with anyone they classify as a “third-party”, “advisors” or “potential buyers”: Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software: The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App. Real IP addresses of users remain for 1 day on Audacity’s servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor. Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code. One would not expect an offline desktop application to be collecting such data, phoning-home and then handing that data to governments around the world whenever they see fit. If you want to stay away from such things, then stay away from Audacity. Various angry reactions were spotted in the open source community. Users on GitHub and Reddit are calling to fork Audacity, which will probably happen soon after all of these controversies. By doing these suspicious activities, the people behind Audacity and Muse Group have shown their selves to be unworthy of the trust of the open source community, and hence, the software should be abandoned and disposed from Linux distributions’ repositories. " https://fosspost.org/audacity-is-now-a-spyware/ There is a fork of the original project available as well. Quote Link to comment Share on other sites More sharing options...
saturnian Posted July 5, 2021 Share Posted July 5, 2021 Continuing to use an older version should be okay for now, right? I've been following this but didn't think that there's a fork yet. I rarely use Audacity but this is big news. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 5, 2021 Author Share Posted July 5, 2021 Yeah, you should be fine for now. Fork info: https://github.com/cookiengineer/audacity Quote Link to comment Share on other sites More sharing options...
sunrat Posted July 6, 2021 Share Posted July 6, 2021 I've been watching this saga for a couple of months since Muse Group took over the original Audacity. Lots of heated discussion at Linux Musicians and at the original Github project. It seems the new owners are intent on including telemetry and data harvesting despite originally saying it would be opt-in. They come across as being somewhat disingenuous and perhaps not even respecting the GPL licence. A fork was inevitable. AFAIK the older 2.x versions are still free of the offending "features". 1 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 6, 2021 Author Share Posted July 6, 2021 5 minutes ago, sunrat said: hey come across as being somewhat disingenuous and perhaps not even respecting the GPL licence. They are asking that children under 13 not use the software which is also against the GPL as restrictions are not allowed. Quote Link to comment Share on other sites More sharing options...
Hedon James Posted July 6, 2021 Share Posted July 6, 2021 11 hours ago, securitybreach said: They are asking that children under 13 not use the software which is also against the GPL as restrictions are not allowed. Even IF allowed, that's a weird and seemingly arbitrary cutoff age. If it was "under 18" I would probably chalk it up to "a legal adult"; or if it was "under 16" I'd think "licensed drivers of vehicles"; etc... But why "under 13"? I can't even venture a guess on that one... 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 6, 2021 Author Share Posted July 6, 2021 Well any restriction is against the GPL license. Quote Link to comment Share on other sites More sharing options...
sunrat Posted July 6, 2021 Share Posted July 6, 2021 2 hours ago, Hedon James said: But why "under 13"? I can't even venture a guess on that one... The EU GDPR disallows collecting data from people under 13. Even games like Pokemon Go and Ingress are not supposed to be available to under 13s. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 6, 2021 Author Share Posted July 6, 2021 53 minutes ago, sunrat said: The EU GDPR disallows collecting data from people under 13. Even games like Pokemon Go and Ingress are not supposed to be available to under 13s. Yeah but the GPL does not allow any restrictions at all http://www.gnu.org/licenses/gpl-3.0.en.html Quote Link to comment Share on other sites More sharing options...
Bookmem Posted July 6, 2021 Share Posted July 6, 2021 57 minutes ago, securitybreach said: Yeah but the GPL does not allow any restrictions at all http://www.gnu.org/licenses/gpl-3.0.en.html I'll admit to being totally out of the loop when it comes to what's proprietary and what's GPL, but is it possible that the latest version is now proprietary? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 6, 2021 Author Share Posted July 6, 2021 Nah, its still using the GPLv2 license Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 6, 2021 Author Share Posted July 6, 2021 From the article: Quote Moreover, the same page contains a shallow attempt to prevent kids under age of 13 from using the application, which is a violation of the GPL license (The license under which Audacity is released) because GPL prevents any restrictions on the usage of software: The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App. Quote Link to comment Share on other sites More sharing options...
wa4chq Posted July 7, 2021 Share Posted July 7, 2021 Audacity is one of those things I have to install (if it's not already included) but find I hardly ever use it.... Kinda like ytree.... I always had to have it cuz it looked cool but didn't use it much...lol Right now I'm using MX and don't think I've installed ytree !! UPDATE: ytree has been installed! Have a great day all. 1 Quote Link to comment Share on other sites More sharing options...
zlim Posted July 11, 2021 Share Posted July 11, 2021 Perhaps read this https://arstechnica.com/gadgets/2021/07/no-open-source-audacity-audio-editor-is-not-spyware/ before you remove it from your system. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 11, 2021 Author Share Posted July 11, 2021 Yeah but having any restrictions or rules is against the GPL license. I still consider collecting any data besides debugging and improving the app to be a violation of the GPL and privacy in general. While the original title may not correctly describe what they are doing, I still have a problem with the data collection aspect. Quote Link to comment Share on other sites More sharing options...
saturnian Posted July 11, 2021 Share Posted July 11, 2021 Quote The first thing to point out is that neither the privacy policy nor the in-app telemetry in question are actually in effect yet—both are targeted to an upcoming 3.0.3 release, while the most recent available version is 3.0.2. For now, that means there's absolutely no need for anyone to panic about their currently-installed version of Audacity. I am not gonna remove it right now. I have it installed in Debian Testing, and I think in Kubuntu LTS and maybe in Arch as well. But all of those are older versions of the package. I don't know what will happen with Audacity in Arch, but I see that it's flagged "out-of-date" since late June. I use Audacity very rarely here, and most likely I wouldn't have used it at all for the rest of 2021 in any case. So, no big deal for me; I'll just wait and see how things play out. 1 Quote Link to comment Share on other sites More sharing options...
wa4chq Posted July 11, 2021 Share Posted July 11, 2021 Kinda a good reason not to update. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 13, 2021 Author Share Posted July 13, 2021 A new article about it posted today https://hackaday.com/2021/07/13/muse-group-continues-tone-deaf-handling-of-audacity/ 1 Quote Link to comment Share on other sites More sharing options...
crp Posted July 20, 2021 Share Posted July 20, 2021 (edited) How is collecting data against the terms of GPL2.0 ? And they are not restricting by age, they merely ask. I don't see anywhere where they say it would be a violation of use. I think there has been an overreaction to the situation, users need to cool down and muse needs to drop its defensive posture. Then we can find out what is really going on. Edited July 20, 2021 by crp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.