23 votes

Popular Audacity audio app dubbed ‘spyware’ by users over policy changes from new owner

35 comments

  1. [12]
    hungariantoast
    (edited )
    Link
    First, take any and every article and blog post about Audacity from this point forward with a giant dose of doubt. Every discussion online about Audacity since its acquisition was announced has...
    • Exemplary

    First, take any and every article and blog post about Audacity from this point forward with a giant dose of doubt.

    Every discussion online about Audacity since its acquisition was announced has been one giant outrage fest. You can just look through the profiles posting comments in the discussions and issues on Audacity's GitHub page and see for yourself. Tons of those profiles are brand new, or were never previously active on GitHub, until they started posting hyperbolic, angry comments about whatever the latest controversial change was.

    There is a lot of nuance to this situation and a ton of good criticism on these changes, but most of these people complaining are basically lemmings.

    Second, I don't recommend ever reading open-source news from this website, and the state of this article (one big mess) is a great example why. The article basically just reports that people are mad. As I just said, most of those people are lemmings. The article author is also a lemming.

    Don't be like those lemmings. Be upset about this if you want to, but be upset about it for legitimate and informed reasons, not just because a bunch of redditors and fresh GitHub accounts are acting that way.

    Anyway, here is a clarification of the privacy policy from Muse Group's "head of strategy":

    Overall, the privacy policy seems somewhat reasonable... though there are legitimate issues with it.

    For instance, some people apparently no longer feel comfortable using Audacity in educational environments as a result of this policy change, and that sucks.


    The discussions on GitHub about adding telemetry and a contributor license agreement were also filled with people just being assholes, talking about fork-this and fork-that, or responding to any comments made by developers or Muse Group employees with the most pedantic, worst-possible interpretations of what they said. It's sad, honestly.


    Of course, at the same time, I'm eating the words I wrote on the last topic about Audacity 🤷


    Finally, because it's probably safer to just go ahead and include it, no, I am overall not a fan of the changes since acquisition.

    27 votes
    1. [10]
      AugustusFerdinand
      Link Parent
      Previous public engagement is not a requirement to participate in a discussion. I don't need to have bootleg recordings of the Konrads to be a fan of the Thin White Duke, I needn't read Action...

      Tons of those profiles are brand new, or were never previously active on GitHub [...] lemmings [...] lemming [...] lemmings

      Previous public engagement is not a requirement to participate in a discussion. I don't need to have bootleg recordings of the Konrads to be a fan of the Thin White Duke, I needn't read Action Comics #1 to enjoy the tales of Chaz Donen, and everyone is entitled to speak on the changes to Audacity without needing to be previously active on a comparably niche website that's meant for a specific type of engagement. Such a take reeks of not-a-true-fan gatekeeping.

      That said, most of the comments do seem to just be assholes wanting to bitch about it with their tired, copy/paste takes that they think are insightful and/or will magically change Muse's collective mind the same way that change.org petitions move governments (read: they don't). The privacy policy changes are reasonable and likely necessary for the greatly needed UI refresh, should have been more clear (hindsight 20/20) from the start, and simply be made opt-in for the 3.0.3 release when they become active with a note that they will become opt-out in 3.0.4.

      10 votes
      1. babypuncher
        Link Parent
        I agree, but it is a little suspicious when so much of the discussion about a contentious topic is flooded with people who have never participated before. I was noticing this a lot when Near/Byuu...

        Previous public engagement is not a requirement to participate in a discussion.

        I agree, but it is a little suspicious when so much of the discussion about a contentious topic is flooded with people who have never participated before. I was noticing this a lot when Near/Byuu died last week and assholes were showing up in some of my communities to attack them for being trans and defend the actions of Kiwi Farm under the guise of "Free Speech". None of them had any prior history in these communities and were only showing their faces to stir up shit.

        8 votes
      2. hungariantoast
        (edited )
        Link Parent
        I don't know what else to tell you other than that these people are not on Audacity's issue board to participate in a discussion, they're there to vent because they've been whipped into a rage....

        I don't know what else to tell you other than that these people are not on Audacity's issue board to participate in a discussion, they're there to vent because they've been whipped into a rage.

        There are valid criticisms of the changes made since acquisition, there are real issues with the privacy policy, but the vast majority of the stuff being posted in Audacity's repository right now is noise, not signal.

        Pointing that out is not gatekeeping.

        See this comment which talks more about this phenomenon:

        https://tildes.net/~tech/d1y/temporary_fix_for_the_firefox_extension_bug#comment-35zk

        7 votes
      3. skybrian
        Link Parent
        I agree that arguing about who's a true fan is silly, but it's because no fans have any power. That is, other than those granted in the license agreement, which for open source is pretty good....

        I agree that arguing about who's a true fan is silly, but it's because no fans have any power. That is, other than those granted in the license agreement, which for open source is pretty good.

        What you might have is influence. But as an ordinary anonymous commenter with a username that nobody recognizes, your influence is very limited, and people tend to severely over-estimate it when complaining. You might have more if you build up a track record of being a good person to listen to.

        Maybe that looks like gatekeeping, but I don't see how it could be any other way. Why give rude strangers on the Internet any power over what you do?

        6 votes
      4. [5]
        arp242
        Link Parent
        The problems with these things is that it's a very small group of people who actually do the work, and a mountain of people going to the project's issue tracker complaining on a high horse about...

        The problems with these things is that it's a very small group of people who actually do the work, and a mountain of people going to the project's issue tracker complaining on a high horse about how the people doing the work are all shit and should be doing something else, all the while claiming this vague nebulous concept of "the community" (whatever that even means) as if merely using software somehow gives you the authority to demand people make changes.

        That, in a nutshell, is basically the dynamic and problem here, and is quite different from discussing things on a fan forum or whatnot.

        3 votes
        1. [4]
          AugustusFerdinand
          Link Parent
          It's always a comparably small group of people that actually do the work for any product. If the group of people that did the work outnumbered the people using it then it's a failure. Should the...

          It's always a comparably small group of people that actually do the work for any product. If the group of people that did the work outnumbered the people using it then it's a failure.

          Should the people commenting not be dicks? Absolutely.
          However, giving a prerequisite of public engagement prior to a change that negatively impacts you in order for your statements to be taken into consideration is untenable.

          1 vote
          1. hungariantoast
            Link Parent
            I'm being super pedantic right now, I know, but I just want to say that it would be great if most open-source projects had more people working on them than they had just using them. About the only...

            If the group of people that did the work outnumbered the people using it then it's a failure

            I'm being super pedantic right now, I know, but I just want to say that it would be great if most open-source projects had more people working on them than they had just using them.

            About the only project I can think of that comes close to that idea is Emacs, because the editor basically begs you to hack on it with elisp, and I'd bet the vast majority of its long-term users do. Sure, that's not quite the same as all of those users contributing to the core of Emacs itself, but it does give Emacs an incredible package ecosystem, and a very knowledgeable and helpful community for accomplishing pretty much anything in the editor.

            2 votes
          2. [2]
            arp242
            Link Parent
            None of the people who commented on the CLA were impacted at all as none of them had contributed any code.

            None of the people who commented on the CLA were impacted at all as none of them had contributed any code.

            1 vote
      5. TheJorro
        (edited )
        Link Parent
        I read the reference to them as lemmings as if they are people who are just following along with things they want to believe, but not actual fact. They have no interest in educating themselves to...

        I read the reference to them as lemmings as if they are people who are just following along with things they want to believe, but not actual fact. They have no interest in educating themselves to develop an informed opinion, choosing instead to chase after their own emotions. I don't think the OP was saying that only true contributors can weigh in on it (i.e. the "don't be a lemming, find real reasons to be upset about it" bit). New accounts is one of the most common ways to find out how many of the furor is essentially manufactured outrage.

        1 vote
    2. arp242
      (edited )
      Link Parent
      It's not that bad realy; the privacy policy is a bit "enterprise-y" but nothing really out of the ordinary, the telemetry was always explicitly opt-in and there was a mountain of FUD about it, and...

      I am overall not a fan of the changes since acquisition.

      It's not that bad realy; the privacy policy is a bit "enterprise-y" but nothing really out of the ordinary, the telemetry was always explicitly opt-in and there was a mountain of FUD about it, and the CLA is pretty standard, their motivations for doing it seem okay, and that they've been making GPL software for quite some time should give them some benefit of the doubt. Plus, all of the people who actually did the work actually signed the CLA: it was just random people from the internet who had never contributing threatening "I will not contribute code!" What you on about? You're not contributing code now either and never have?

      5 votes
  2. [5]
    Bullmaestro
    Link
    Data necessary for law enforcement? What nefarious things can you even do with a primitive digital audio workstation?

    Data necessary for law enforcement? What nefarious things can you even do with a primitive digital audio workstation?

    11 votes
    1. lionirdeadman
      Link Parent
      I think it's legal boilerplate simply to state that they will share information they have if they're complied by law enforcement. Even Tildes' Privacy Policy includes something similar :

      I think it's legal boilerplate simply to state that they will share information they have if they're complied by law enforcement.

      Even Tildes' Privacy Policy includes something similar :

      Your information is not willingly shared with third parties, but we may disclose your information if we believe it is necessary to comply with a valid legal process or to prevent imminent harm (such as suicide).

      10 votes
    2. [3]
      mrbig
      Link Parent
      I suppose you could use it to edit a white supremacist podcast advocating for violence against non-whites? That would be pretty nefarious.

      I suppose you could use it to edit a white supremacist podcast advocating for violence against non-whites? That would be pretty nefarious.

      1. [2]
        Bullmaestro
        Link Parent
        You could literally do that with any kind of audio recording software though. I'm also pretty sure that Audacity isn't cloud-based and I don't see any other legitimate reason why any FOSS...

        You could literally do that with any kind of audio recording software though. I'm also pretty sure that Audacity isn't cloud-based and I don't see any other legitimate reason why any FOSS developer would or even should be collecting data on what others have been doing with their apps?

        4 votes
        1. mrbig
          Link Parent
          Well, sure, those are valid considerations. I was just answering the question what nefarious things can you even do with a primitive digital audio workstation?

          Well, sure, those are valid considerations. I was just answering the question what nefarious things can you even do with a primitive digital audio workstation?

          1 vote
  3. [4]
    drannex
    Link
    They outlined their reasoning for data retrieval in the original acquisition, made sense (they want to know what tools people are actually using, in an attempt to streamline and make the UI far...

    They outlined their reasoning for data retrieval in the original acquisition, made sense (they want to know what tools people are actually using, in an attempt to streamline and make the UI far better - which we can all agree is a bit of a monster to deal with).

    The problem is this:

    They list the personal data they collect as, “Data necessary for law enforcement, litigation and authorities’ requests (if any)” without any limitations. That’s a significant change to Audacity after over 20 years of development.

    It's an interesting choice to include it, but I can understand it from a legal perspective as trying to cover all their bases. I don't know what sort of information would be 'necessary' for law enforcement or litigation, and that makes me a bit worried, but overall the rest of the new terms are understandable.

    9 votes
    1. [2]
      lionirdeadman
      Link Parent
      I mean, even Tildes has that type of statement saying that Deimos will share information to comply with legal processes. I guess Tildes might make more sense because of direct messages which could...

      I mean, even Tildes has that type of statement saying that Deimos will share information to comply with legal processes. I guess Tildes might make more sense because of direct messages which could include writing contracts (even if it's a terrible place to do it).

      6 votes
      1. babypuncher
        Link Parent
        It doesn't really matter if it makes sense in the present, the point is to cover your ass if police ever come knocking with a warrant. You never know what bizarre scenario could pop up. This is...

        It doesn't really matter if it makes sense in the present, the point is to cover your ass if police ever come knocking with a warrant. You never know what bizarre scenario could pop up. This is why lawyers write these agreements rather than lay people.

        8 votes
    2. TheJorro
      Link Parent
      I don't know where they got the idea of "without limitations" from in this capacity. While the Privacy Policy isn't written clearly enough to suggest that the Law Enforcement section was only able...

      I don't know where they got the idea of "without limitations" from in this capacity. While the Privacy Policy isn't written clearly enough to suggest that the Law Enforcement section was only able to draw from the data in the App Analytics section, it seems like the "(if any)" bit got glossed over entirely in the article's interpretation in favour of their own addition of "without limitations", which isn't actually true. Based on this Privacy Policy's other sections, and the update posted on their GitHub, it doesn't seem like there will be any data for law enforcement to use.

      They will receive the request, and they will process the request, but it doesn't seem like they expect to provide anything helpful to law enforcement.

      1 vote
  4. [3]
    vord
    (edited )
    Link
    I don't see how it could be seen otherwise. Spyware was, as the distinguishing difference from malware or adware, software that collected personal details. I feel most analytics thse days fit that...

    I don't see how it could be seen otherwise. Spyware was, as the distinguishing difference from malware or adware, software that collected personal details.

    I feel most analytics thse days fit that bill, but explicity collecting information to submit for legal requests seems odd at best and nefarious at worst.

    8 votes
    1. babypuncher
      Link Parent
      I can. It is opt-in. It is only happening to users who explicitly agree to it. It is also not targeting sensitive data (at least not intentionally). If we applied your definition of spyware to all...

      I can.

      It is opt-in. It is only happening to users who explicitly agree to it. It is also not targeting sensitive data (at least not intentionally).

      If we applied your definition of spyware to all software then Firefox would qualify. At that point I would argue that the term has become useless.

      8 votes
    2. TheJorro
      (edited )
      Link Parent
      I thought spyware also had to do that without your knowledge, and collect sensitive personal data that it was never authorized to like passwords or credit card information. If it's just any...

      I thought spyware also had to do that without your knowledge, and collect sensitive personal data that it was never authorized to like passwords or credit card information. If it's just any software that openly collects information like IP addresses and basic system info, then it's just a scary sounding term that doesn't really mean anything. Almost every commercial piece of software, including video games, would be spyware.

      Legal request info is boilerplate now on pretty much all commercial software. There are many jurisdictions that require it even if there's no real info to use (which seems to be the case here).

      5 votes
  5. [5]
    suspended
    (edited )
    Link
    If anyone here is looking for an alternative, then consider ocenaudio. EDIT: Also consider Ardour.

    If anyone here is looking for an alternative, then consider ocenaudio.

    EDIT: Also consider Ardour.

    4 votes
    1. [4]
      Pistos
      Link Parent
      Note, though, that ocenaudio does not appear to be FLOSS. In contrast, see https://alternativeto.net/software/audacity/?license=opensource I haven't really found anything that could be a worthy...

      Note, though, that ocenaudio does not appear to be FLOSS.

      In contrast, see https://alternativeto.net/software/audacity/?license=opensource

      I haven't really found anything that could be a worthy FLOSS alternative to Audacity. I tried KWave recently, but was dismayed to find that it explicitly doesn't support 48khz. Gnome Wave Cleaner looks like it isn't getting updated any more, and is also hosted on Sourceforge (a yellow flag).

      I use ardour regularly, but it feels like overkill when I just want to open a single file and look at the waves of a file and click around to play fragments.

      3 votes
      1. [3]
        nukeman
        Link Parent
        I’ve mentioned this previously, but if it isn’t easy to use (or is overly complicated) for normies (i.e., non-comp people like myself), the software in question will remain niche and only used by...

        I’ve mentioned this previously, but if it isn’t easy to use (or is overly complicated) for normies (i.e., non-comp people like myself), the software in question will remain niche and only used by die-hard FLOSSers.

        2 votes
        1. [2]
          stu2b50
          Link Parent
          I think Ardour is in a bit of different space altogether. It's more a logic pro, or adobe auditions competitor (although, I would argue that it's UI is much worse than logic pro) - it's definitely...

          I think Ardour is in a bit of different space altogether. It's more a logic pro, or adobe auditions competitor (although, I would argue that it's UI is much worse than logic pro) - it's definitely aimed squarely at actual audio professionals, with that set of UI considerations.

          Ardour will never be an easily accessible, wide spread audio editing tool - not just because it's FLOSS with no paid UI designers, but also because it needs to tradeoff ease of use for power that its target audience needs.

          3 votes
          1. babypuncher
            Link Parent
            I kind of get what you're saying, but you also pointed out that it's UI is much worse than one of it's commercial competitors which means there is clearly room for improvement without sacrificing...

            I kind of get what you're saying, but you also pointed out that it's UI is much worse than one of it's commercial competitors which means there is clearly room for improvement without sacrificing the utility that its users rely on.

            Blender used to be in this situation, until game developers started flooding the project with cash seeing it as an alternative to commercial products that could be more easily customized to work well with their engines.

            3 votes
  6. [2]
    mrbig
    Link
    Honest question: can't the privacy-minded user easily block Audacity using something like the GUFW firewall? Even the built-in Windows Firewall is pretty good, I used it a lot back in the day when...

    Honest question: can't the privacy-minded user easily block Audacity using something like the GUFW firewall? Even the built-in Windows Firewall is pretty good, I used it a lot back in the day when I had a bunch of "alternatively licensed" software installed.

    3 votes
    1. skybrian
      Link Parent
      Yes, but it doesn’t sound like you need to. If you don’t turn update checks on and don’t send error reports, nothing is sent.

      Yes, but it doesn’t sound like you need to. If you don’t turn update checks on and don’t send error reports, nothing is sent.

      3 votes
  7. [3]
    knocklessmonster
    Link
    I guess it's the same company that runs MuseScore and Ultimate Guitar, which I just learned a couple days ago, that bought Audacity. I'd say Ardour would be the way to go until an Audacity fork is...

    I guess it's the same company that runs MuseScore and Ultimate Guitar, which I just learned a couple days ago, that bought Audacity.

    I'd say Ardour would be the way to go until an Audacity fork is established, but you'll need to pay something to get Windows binaries. I'd love to see a way to distribute binaries for Windows users for free that wouldn't undercut the Ardour company trying to make money fairly off of their software.

    I've never actually liked working in Audacity, oddly enough, because I can never get its effects right. I use proprietary daws that, unfortunately, work better, but even Ardour provides much of the functionality with real-time previews, even if you have to pay.

    2 votes
    1. [2]
      Pistos
      Link Parent
      I use ardour and really like it, but, as I mentioned in another comment, I still want to have at hand a more quick & dirty audio editing tool than ardour, for those times when I just want to fire...

      I use ardour and really like it, but, as I mentioned in another comment, I still want to have at hand a more quick & dirty audio editing tool than ardour, for those times when I just want to fire up a tool quickly, do a small little task on a single audio file, and exit. Audacity fit the bill nicely, so I'm on the lookout for an equivalent.

      1. knocklessmonster
        Link Parent
        You're right, and I'll really support any fork that gets traction.

        You're right, and I'll really support any fork that gets traction.