Audacity Open Source Audio Editor Called Out As Spyware Following Ownership Transfer
For the past two decades, Audacity has built and maintained a following as a capable and free audio editing program. Being a no-cost solution is a big draw, and so are a coupe of other attributes—it's an open source program, and available on multiple platforms (Windows, macOS, GNU/Linux). Some users are starting to sour on it, however, accusing the new owner of turning it into a spyware vehicle of sorts.
Audacity changed hands in April when it was acquired by Muse Group for an undisclosed sum. At the time, Martin Keary, head of design at MuseScore, an open source notation program owned by Muse Group as well, offered up some encouraging comments about the deal. Keary is the one who is now managing Audacity.
"Just like we’re doing at MuseScore, we’re planning on significantly improving the feature set and ease-of-use of Audacity, providing dedicated designers and developers to give it the attention it deserves, while keeping it free and open-source," Keary said.
Keary goes on to say that he spoke with a few key members of the Audacity team to "understand how and why they built it," as part of this effort to improve upon the program's goals and capabilities. However, some users have labeled Audacity as spyware with the changes Muse Group has put in place.
The program's updated privacy policy makes it clear that Audacity collects personal data, albeit this is supposed to be "very limited" in scope. This includes details like the person's platform (OS and CPU), but also a person's IP address.
"All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA," Audacity's updated privacy policy indicates.
The information collected can be shared with "any competent law enforcement body, regulatory, government agency, court, or other third-party" at Muse Group's discretion, as well as to a "potential buyer (and its agents and advisers" related to a proposed sale or merger of any part of the organization's business.
"The IP address will be stored in an identifiable way only for a calendar day. IP addresses are stored as a hash, the salt for which is changed daily. The salt is not stored on any database and cannot be retrieved after it has been changed. We store the hash for one year, after which, it is deleted," the privacy policy sates.
Users on Reddit have called Muse Group out over the updated privacy policies.
"So they collect any data the authorities requests. It's stored in EU region but share it with Russia and USA too... For a software that runs locally? I would call it a spyware by definition," a user wrote. "Oh the sheer Audacity," another user wrote (see what they did there?).
There is also outrage on GitHub, where users are calling for a fork. "They are digging their own grave," a user wrote. "Fork. Fork. Fork. Fork. Fork.," another user stated.
Whether or not that happens remains to be seen. As things stand, however, Muse Group is undoing around 21 years of goodwill in short order, for a program that has notched over 100 million downloads since its inception.
