With approximately 100 million users, Audacity is and has been for some time, one of the most used, trusted, and loved open-source applications amongst music-makers.
Recently, that reputation has taken a hit, but it’s hard to know to what extent with so many contrasting opinions. The loss of trust came when the word spyware started to appear in related articles; most notably a report from Foss Post that suggested users “Remove it ASAP.”
When rumors are flying around the internet, it’s important to focus on the fundamental changes that have occurred before getting caught up in speculation.
So, here’s what we can list as fact:
- Muse Group (Ultimate Guitar, MuseScore) acquired Audacity earlier this year;
- The Muse Group updated the Contributor License Agreement (CLA) by changing to a GPLv3 license;
- Audacity is no longer to be used by anyone under the age of thirteen.
We should be clear that these changes come with the currently unreleased version 3.03 and do not apply to the current version 3.02.
Is Audacity Spyware?
OK, if we go through one step at a time, we can make a little more sense of it.
I’ve seen a lot of people online question why Muse Group (or anyone) would purchase open-source software like Audacity.
In fact, it’s far from unusual, and one of the largest acquisitions in tech history came when IBM bought Red Hat for $34 billion. Microsoft also bought GitHub for $7.5 billion, while many super-brands and institutions use and release open-source software.
Buying open-source software is not cause for suspicion; it’s becoming more common every year.
The updated CLA has many people discussing a potential breach of or move away from the GPL. In reality, the previous GPLv2 (introduced 1991) has restrictions that the new GPLv3 (introduced 2007) doesn’t.
These restrictions make it impossible to release software on certain platforms, most notably Apple’s App Store. If we take Muse Group at their word, Audacity will remain 100% free and open-source with no paid tiers. The reason for the update to GPLv3 is to multi-license, reaching more users through other platforms and distribution channels, in addition to (not instead of) the current GPL experience we have.
It also brings Audacity in line with MuseScore, making it possible to share code between the two.
The data collected can potentially be shared with the Muse Group’s main office (Russia), external counsel in the U.S, necessary 3rd parties, including potential buyers, and appropriate Law Enforcement and Government agents.
I read a headline from a major newspaper that says, “Audacity will now collect and send your personal data to Russia.” Immediately, we are moving from music to politics. I can’t speak for anyone, but I doubt they would have even covered the story if the main office wasn’t in Russia.
The use of “personal data” is also misleading in reference to your IP, which is considered personal data under GDRP guidelines, but it is not anything more than your IP.
As far as Government agents, let’s be clear that no company in any region that collects such data is exempt from sharing with law enforcement/government agents when legally subpoenaed to do so.
Muse Group has explained that collecting data is for two primary reasons; checking for automatic updates and error reporting to improve the experience.
I have various plugins and applications from large trusted developers that do the same thing for the same reasons. I understand the emotion is different from an open-source perspective, but it doesn’t make the intentions different.
Opinion on error reporting seems to be divided, with many people happy to send reports that help make improvements, while some want all such telemetry removed.
Muse Group also said this (source): “We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.”
Lastly, the issue with users under 13 appears to be in response to newer child-protection laws relating to collecting data from minors. I can’t tell you it’s the best solution because I don’t know, but I do know that many people think the laws aren’t as clear or competent as they could be, which causes confusion.
Audacity Needs To Communicate Better With Its Users
My take is that Muse Group is guilty of miscommunication and sometimes a lack of communication. They made changes and didn’t provide suitable reasoning until after the fact, some of which still need to be re-worded.
I don’t think Audacity is spyware; that’s my opinion. I do believe the use and highlighting of words like “spyware,” “suspicious activities,” “unworthy of the trust,” and “abandoned” is premature, misleading, and intentional.
I have no prior knowledge of Muse Group outside of Ultimate Guitar and MuseScore. I can’t comment on them from an ethical or moral standpoint. I can only base my opinion on not seeing any negative fundamental changes in user experience and not seeing anything we haven’t seen from others.
A decentralized life sounds great, and I’m against needlessly intrusive services, but it isn’t easy to exist without our behaviors and interests being tracked; smartphones, smart TVs, websites, games consoles, etc. Apple makes it possible for us to control which apps monitor us, but are they protecting our privacy or pushing competition aside?
Big Data is big business, whether financial or political, but I don’t think that’s what this story is.
More info: Audacity