Popular open-source audio editing software Audacity is facing "spyware" allegations from users for recent privacy policy changes that suggest the desktop app is collecting user data and sharing it with third parties, including state regulators where applicable.
Two months ago, Audacity was acquired by Muse Group, which owns other audio-related projects including the Ultimate Guitar website and the MuseScore app. According to Fosspost, changes to the privacy policy section on the Audacity website indicate that several personal data collection mechanisms have since been added by the parent company.
The type of data collected now includes the computer's processor, operating system and version, the user's IP address, and any crash reports, fatal error codes and messages generated by their machine. More concerning perhaps is the inclusion of a vague section listing data that must be collected "for legal enforcement, litigation, and authorities' requests (if any)."
The storage of said data is located in servers in the U.S., Russia, and the European Economic Area. For example, IP addresses are stored in an identifiable way for a day before being hashed and then stored in servers for a year, leaving users identifiable via government data requests.
In addition, the new policy prevents people under the age of 13 from using the software, which is a violation of the GPL license that Audacity uses.
Understandably, the policy changes have upset Audacity users, who have taken to Reddit and GitHub to question why an offline desktop app needs to "phone home" at all, and there is already discussion about forking Audacity into a separate open-source project that's free from the Muse Group's ownership and questionable data collection practices.
Top Rated Comments
The age 13 thing? That's them trying to avoid COPPA. They are not allowed to collect even crash reports in that case. They can't actually restrict the age (due to the GPL), so they literally ask (!) people under 13 not to use it.
But the outrage machine churns over the weekend before the company even has a chance to respond. I bet this is a big fat Nothing Burger (but those poor people in the PR department are in for a hell of a few days now). Can we just collectively wait a few days before going on the crusade …
If I had that app installed I would remove it ASAP. If everyone did that than that company can go out of business. And I would not shred a tear.