With approximately 100 million users, Audacity is and has been for some time, one of the most used, trusted, and loved open-source applications amongst music-makers.
Recently, that reputation has taken a hit, but it’s hard to know to what extent with so many contrasting opinions. The loss of trust came when the word spyware started to appear in related articles; most notably a report from Foss Post that suggested users “Remove it ASAP.”
See also: Audio Editing Software (Best Free Audio Editor)When rumors are flying around the internet, it’s important to focus on the fundamental changes that have occurred before getting caught up in speculation.
So, here’s what we can list as fact:
- Muse Group (Ultimate Guitar, MuseScore) acquired Audacity earlier this year;
- The Muse Group updated the Contributor License Agreement (CLA) by changing to a GPLv3 license;
- A little later, an updated privacy policy appeared that referenced various forms of data collection;
- Audacity is no longer to be used by anyone under the age of thirteen.
We should be clear that these changes come with the currently unreleased version 3.03 and do not apply to the current version 3.02.
Is Audacity Spyware?
OK, if we go through one step at a time, we can make a little more sense of it.
I’ve seen a lot of people online question why Muse Group (or anyone) would purchase open-source software like Audacity.
In fact, it’s far from unusual, and one of the largest acquisitions in tech history came when IBM bought Red Hat for $34 billion. Microsoft also bought GitHub for $7.5 billion, while many super-brands and institutions use and release open-source software.
Buying open-source software is not cause for suspicion; it’s becoming more common every year.
The updated CLA has many people discussing a potential breach of or move away from the GPL. In reality, the previous GPLv2 (introduced 1991) has restrictions that the new GPLv3 (introduced 2007) doesn’t.
These restrictions make it impossible to release software on certain platforms, most notably Apple’s App Store. If we take Muse Group at their word, Audacity will remain 100% free and open-source with no paid tiers. The reason for the update to GPLv3 is to multi-license, reaching more users through other platforms and distribution channels, in addition to (not instead of) the current GPL experience we have.
It also brings Audacity in line with MuseScore, making it possible to share code between the two.
Audacity’s New Privacy Policy
The privacy policy, which is still in draft form, is likely the biggest concern for users. It states that Audacity will now collect your IP address (stored for 24 hours), basic system info, and optional error reports.
The data collected can potentially be shared with the Muse Group’s main office (Russia), external counsel in the U.S, necessary 3rd parties, including potential buyers, and appropriate Law Enforcement and Government agents.
First things first, the data being collected is in no way excessive or unusual. Any website warning you about this data collection was likely collecting the same or very similar data from you. That includes the most vocal detractor, Foss Post, which has a very similar privacy policy.
I read a headline from a major newspaper that says, “Audacity will now collect and send your personal data to Russia.” Immediately, we are moving from music to politics. I can’t speak for anyone, but I doubt they would have even covered the story if the main office wasn’t in Russia.
The use of “personal data” is also misleading in reference to your IP, which is considered personal data under GDRP guidelines, but it is not anything more than your IP.
As far as Government agents, let’s be clear that no company in any region that collects such data is exempt from sharing with law enforcement/government agents when legally subpoenaed to do so.
Muse Group has explained that collecting data is for two primary reasons; checking for automatic updates and error reporting to improve the experience.
I have various plugins and applications from large trusted developers that do the same thing for the same reasons. I understand the emotion is different from an open-source perspective, but it doesn’t make the intentions different.
Opinion on error reporting seems to be divided, with many people happy to send reports that help make improvements, while some want all such telemetry removed.
Muse Group also said this (source): “We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.”
Lastly, the issue with users under 13 appears to be in response to newer child-protection laws relating to collecting data from minors. I can’t tell you it’s the best solution because I don’t know, but I do know that many people think the laws aren’t as clear or competent as they could be, which causes confusion.
Audacity Needs To Communicate Better With Its Users
My take is that Muse Group is guilty of miscommunication and sometimes a lack of communication. They made changes and didn’t provide suitable reasoning until after the fact, some of which still need to be re-worded.
I don’t think Audacity is spyware; that’s my opinion. I do believe the use and highlighting of words like “spyware,” “suspicious activities,” “unworthy of the trust,” and “abandoned” is premature, misleading, and intentional.
I have no prior knowledge of Muse Group outside of Ultimate Guitar and MuseScore. I can’t comment on them from an ethical or moral standpoint. I can only base my opinion on not seeing any negative fundamental changes in user experience and not seeing anything we haven’t seen from others.
A decentralized life sounds great, and I’m against needlessly intrusive services, but it isn’t easy to exist without our behaviors and interests being tracked; smartphones, smart TVs, websites, games consoles, etc. Apple makes it possible for us to control which apps monitor us, but are they protecting our privacy or pushing competition aside?
Big Data is big business, whether financial or political, but I don’t think that’s what this story is.
More info: Audacity
More articles:
27 Comments
Thomas M
onThanks for this article. I have been working in software development related tasks for a long time and therefore I can understand the need for telemetry for application with a large user base. How else can you find out which features are being used, get information about crashes, etc.
And I also agree that the communication needs to be improved regarding what and why they are doing it.
Furthermore I think that it is always the same loud minority in the Open Source environment who seem to prefer that Audacity would be in an abandoned state with no development instead of a company taking care. Even if they release e.g. an iOS app where you need to buy sth, I don’t see the problem – someone needs to pay the bills.
Other than that I still think Audacity sucks and use it only for special cases where it is well fit.
Most people even seem to use it in cases where they would be much better off with a real DAW, especially regarding non desctructive editing.
Tomislav Zlatic
onI wouldn’t say it sucks but the workflow never really worked for me. Wavosaur is my go-to freeware audio editor still. Either way, thanks for sharing your thoughts! Interesting to hear a software developer’s point of view.
Fabian
onOcenaudio here
Tomislav Zlatic
onWavosaur here! :)
Brenny C
on+1
Ocenaudio is a fantastic piece of software.
Numanoid
onWaveshop could be a simple option, it is portable
waveshop.sourceforge.net/index.html
MRG
onWhatever the data collected is (and yes, there’s a lot to say about it) it should always be opt-in and not opt-out. Besides how stupid it is to make it so kids under 13 can’t use it. An open source project with a user restriction? C’mon.
It HAS to be optional, period.
Brenny C
on“…I doubt they would have even covered the story if the main office wasn’t in Russia.”
There’s a valid reason for that distrust though.
Numanoid
onDoes this also affect Audacity Portable, that is hosted by Portable Apps ?
https://portableapps.com/apps/music_video/audacity_portable
MRG
onGiven that current version is 3.0.2 there, no.
It MIGHT be relevant to v3.0.3 or later, if they decide to stick with their …audacity?
Alex
onRelax guys!!! 99% it`s “russian question” no more!)
MRG
onOh, don’t worry. It’s an open source project, and it would fork if a problem was seen as major. Now, I wouldn’t want that for a stupid reason. That’s why, to me, any decision who would reduce the userbase is seen as extremely dumb, and then a fork would make sense anyway. But having such a backer as Muse Group could be beneficial too. At worst it could simply turn out as a OpenOffice.org vs. LibreOffice thing and both projects feed each other at some point or another. We’ll see, I guess.
Or Wavosaur crushes ’em all in a glorious bloodbath!! MWAHAHAHAHAAHA! o_O;
Brenny C
onThat’s exactly why it’s sketchy.
Rafael
onWell, if an application has strictly offline usage, I don’t want any of my data being sent anywhere, and if it HAS online functionality, let it send only what’s strcictly necessary for these features to work. Simple. If there’s a good reason to use that data that only involves improving the software, let it be opt-in, or very explicit.
Now, I don’t think Audacity is spyware either, but come on: private company buys software, then within a year it phones home and includes telemetry? There’s good reason to be upset. Even if it’s not spyware, “potential spyware” does not fare much better.
Finally, restricting software for users over 13 years appears to violate the GPL.
JetFly
onAudacity now knows your OS version. Cool, I don’t have to tell them that “I use Arch btw”
Really, everyone took it too seriously. A dozen of apps on your computer send the same info, yet nobody seems to care.
It’s depersonalized, non-sensitive information, which aids in the development of Audacity.
Info for law enforcement? Do you have a criminal past/present? No? You’re fine. Yes? They’re gonna get your persona in court anyway.
Yes, it’s not ideal that they made sending this info mandatory, but, to be honest, you really just can make a firewall rule to block Audacity from the Internet and forget about it forever, if you, for some reason, care about it sending what CPU you have or what country you live in. Windows 10 does it.
JM
onIt’s pretty shocking that the privacy policy did not already have the under 13 prohibition, which is in virtually every policy that came with the assistance of a lawyer. There is federal legislation in the US directly addressing this.
And I bet that’s a lot of the explanation here. You have a free, open-source product that probably did not have a large legal budget. It gets bought, and the buyer’s lawyers during die diligence are like “The privacy policy is non-compliant. What the hell? If you buy it, you gotta fix it ASAP.”
Jay D Swartzfeger
onA balanced breakdown James… thanks for the thoughtful analysis.
James N
onThank you, Jay
Cheers.
Kirill R.
onNever knew that their main office is here in Russia, lol.
The good thing is that maybe they’ll update Audacity and make it more user-friendly then it is now. MuseScore is pretty good in that regard.
Pacapaca
onThere is already a move to remove and fork Audacity’s intelligence gathering element.
In that respect this is a big problem and no one is optimistic.
It doesn’t matter if Audacity is spyware. It has been accused of disrespecting users.
MRG
on“It has been accused of disrespecting users” It being Muse Group, and yes. Muse -forked- up. It’s not too late, tho.
antti maatteri
onIt’s hilarious. people are braindead. And the so-called “discussions” around it are all the same way, building up a suspicion, putting some WOOHOOOHOOO scary I’m s******* my pants. I bet 99% of these upfront bozos using smartphones and tablets not giving a s*** about what these units collect on a daily basis. this is more a case of generation thin-skinned n touchy than it is one of fighting against the real s***.
Jamie M.
onoh no, Audacity now knows that I, using a MacBook Pro (13-inch, Mid 2012) with a 2.5 GHz Intel Core i5 and an Intel HD Graphics 4000 card on MacOS 10.14.6.
i understand the integrity that comes with open source, but jeez people are going way too crazy over this
MRG
onOne does not simply violates the GPL.
K.S.S
onI’m cool with all the changes, but considering I’m using audacity since I was 11 makes it hard. It was a beautiful piece of software for newbies back then, and it won’t be for other young people trying out audio editing today, which is sad.
Fotis
onThere are already two altered forks of Audacity on Github: Tenacity and Sneedacity. The latter also has a Windows 64-bit version, unlike the actual Audacity. I’ve tried it and it’s pretty good!
MRG
onApparently one of them was MADE for 13 yo and under… LOL