The type of data collected now includes the computer's processor, operating system and version, the user's IP address, and any crash reports, fatal error codes and messages generated by their machine. More concerning perhaps is the inclusion of a vague section listing data that must be collected "for legal enforcement, litigation, and authorities' requests (if any)."
The storage of said data is located in servers in the U.S., Russia, and the European Economic Area. For example, IP addresses are stored in an identifiable way for a day before being hashed and then stored in servers for a year, leaving users identifiable via government data requests.
In addition, the new policy prevents people under the age of 13 from using the software, which is a violation of the GPL license that Audacity uses.
Understandably, the policy changes have upset Audacity users, who have taken to Reddit and GitHub to question why an offline desktop app needs to "phone home" at all, and there is already discussion about forking Audacity into a separate open-source project that's free from the Muse Group's ownership and questionable data collection practices.
Top Rated Comments
The age 13 thing? That's them trying to avoid COPPA. They are not allowed to collect even crash reports in that case. They can't actually restrict the age (due to the GPL), so they literally ask (!) people under 13 not to use it.
But the outrage machine churns over the weekend before the company even has a chance to respond. I bet this is a big fat Nothing Burger (but those poor people in the PR department are in for a hell of a few days now). Can we just collectively wait a few days before going on the crusade …
If I had that app installed I would remove it ASAP. If everyone did that than that company can go out of business. And I would not shred a tear.