Audacity open source audio editor has become spyware

Ewdison Then - Jul 5, 2021, 12:47am CDT
Audacity open source audio editor has become spyware

One of open source software’s biggest strengths is, naturally, its openness, which brings other benefits like freedom of use, security through scrutiny, flexibility, and more. That is mostly thanks to the open source-friendly licenses these programs use, but, from time to time, someone comes along and tries to make changes that infuriate the community of users and developers. Sometimes, those changes can even be illegal. Such seems to be the fate that has befallen Audacity, one of the open source world’s most popular pieces of software that now comes under a very invasive privacy policy.

The brouhaha started just a few months ago when Audacity was bought by the Muse Group, the company behind equally popular music software like MuseScore, which is also open source, and Ultimate Guitar. So far, Audacity remains open source (and can’t really be changed into proprietary software in its current form), but that doesn’t mean that Muse Group can’t do some pretty damaging changes. Those changes come in the form of the new privacy policy that was just updated a few days ago, a policy that now allows it to collect user data.

As a desktop application with no core online functionality, Audacity never had any need to “phone home” in the first place. Now the privacy policy says that the new company does collect data and does so in a way that’s both over-arching and vague, most likely by design. For example, it says that it collects data necessary for law enforcement but doesn’t specify what kind of data is collected.

There are also questions regarding the storage of data, which is located in servers in the USA, Russia, and the European Economic Area. IP addresses, for example, are stored in an identifiable way for a day before being hashed and then stored in servers for a year. The new policy also disallows people under the age of 13 from using the software, which, as FOSS Post points out, is a violation of the GPL license that Audacity uses.

The open source community was understandably irked by these changes. Fortunately, Audacity is open source software, and it will most likely be taken by the community and forked in a different direction, perhaps with a different name. That will leave Muse Group to develop Audacity on its own instead of being able to leverage (and exploit) the open source community’s hard work.

Update: Muse Group has responded to the criticism, blaming poor wording of the new privacy policy for what it says is confusion around Audacity’s future.


Must Read Bits & Bytes