Am I the only one who thinks this is kind of petty? It's not like Audacity is trying to read your email (or even rip off your tracks). The telemetry I'm reading about is literally:
1. error reporting - the user has to click a button to share crash logs. It's basically a macro to help the user create a support ticket.
2. version checking - no PII information being kept, literally just helping the developer get an idea of what versions they need to be supporting--you do want them to support the version you're running, right? Well, if not, you can turn it off.
The former is probably not a big deal if you have to press a button -- nor would it require an eula clause I would expect, you could be informed of the data collection at the time you'd press the button.
The latter though? Somehow the industry got by for decades without intimately knowing what version every single user of the software was running. I think they'll survive without it.
Anyways, how is it "petty" to make a version of the software for which there is clear demand? No one stomped on their birthday cake, they just took an OSS piece of software and modified it, compiled it, and released it. In what world is there any malice in doing the exact thing an open source license exists to allow you to do?
I think the issue is more that the group that bought Audacity had thrown several red flags, of which this is one.
However, Audacity is cool and all, but I wonder if it would be better to create a simplified frontend based on Ardour, the way GarageBand is for Logic.
Telemetry creates a liability for the user for no benefit (and as Windows 10 demonstrates, the amount of telemetry is anti-correlated with software quality).
Even if we assume there is no malicious intent from either the developer nor their infrastructure provider (their initial telemetry attempt was using Google Analytics which is definitely malicious), it can still be coopted by a malicious actor who is able to observe the network traffic or compromise the telemetry infrastructure and put the users at risk.
Muse group, a russian for-profit company that seems to have a shell-headquarters in Cyprus (see https://www.crunchbase.com/organization/muse-group), recently acquired Audacity as part of their expansion into the broader audio-production world.
As a first action, they changed their contributor License Agreement making a future change from a GPL license to a closed-source License possible. (it also allows for dual-licensing a paid version) https://github.com/audacity/audacity/discussions/932
They currently say they're not going to do that, but if they wanted to (and Muse-group is for-profit) they could without the contributor having any recourse. (They have already confirmed a cloud-service for Audacity, which for me already reeks like "we want to have closed-source tools that use our open-source contributors code").
Having a CLA isn't a problem in and off itself, for example, as they correctly state: the FSF requires a CLA because they want to license all their stuff as "GPL 3 or above", which is only possible using some CLA-mechanism. (it's also easier for them to defend GPL related lawsuits if they are the copyright holders)
What MuseGroup forgets to mention, is that they are a for-profit company (https://opencorporates.com/companies/cy/HE411908) while the FSF is a foundation (specifically a 501(c)(3) non-profit organization), which shifts their incentives a lot.
Now, barely a month later, they add the option of collecting data from users and people aren't happy. It is, at the very least, very tone-deaf/stupid from them to add telemetrie only one month after (IMO) showing their hand for what we can expect for the future.
If the maintainer had waited out the initial flurry of attention, they probably could have chosen the name they wanted without much drama at all. Instead, they overreacted, deleted the first thread, and then immediately started editing and deleting user comments in the second. Ouch.
If my interpretation of the term is correct, by using Audacity, you are agreed that it can collect any data the authority request it. The data will be hosted on EU region but shared with Russia and USA too because they have branches on these countries.
That's not what I expect from a software that require no remote server to function.
I couldn't agree more. As someone who has used Audacity for many, many years and finds himself recommending it to people who have little to no prior computer audio experience I couldn't be more happy that there's some momentum towards improving the user interface and stability. It's not a bad program, but elements of the UI feel very dated and in my (admittedly edge-case) use I have to tip-toe to not cause crashes.
Looks like they removed auto-updates or at least automatic checking for updates. I think that's pretty neat. As the in other comments, this is an advantage of open source. Things can be removed. I only wish this was more common amongst other projects. Imagine Firefox forks with all the telemetry and other annoyances removed. With closed source software, good luck getting anything removed.
In this I use the royal "you", I'm agreeing with the parent (it's early, my words often fall out wonky in the morning)
While I do understand the underlying cause and indeed hate things that violate my privacy as much as the next nerd.. you guys know most software phones home for update checks right?
Hell I'll tell you what. Unplug your router from the WAN side and wait a minute. See that popup there on all of your devices telling you you're offline? There's a connectivity check that's been giving out the exact same information the entire time you've had your OS installed
I really do appreciate the vigilance and don't want to discourage the raw energy on display at all but this one might not be the cause to go all in on
On the other side of my own argument it definitely won't hurt to chuck them a GDPR request in a month or two to see what they are gathering :)
> Am I the only one who thinks this is kind of petty?
Their new changes restricted use by individuals under 13. This is probably because they could run into trouble with GDPR with the personal data they are storing on users, which they have no good reason to store except that they can.
Audacity is used in public schools. Forking to keep the project usable by children learning the craft is not petty, it’s a worthwhile thing to do.
Ruining community trust so you can unnecessarily collect private information on your users, that is petty.
I wish we could add telemetry to the rr debugger without risking this sort of blowback. We have no idea how many people are using rr, and how much, so when we talk to hardware vendors and other groups we depend on, we have no leverage. This is a real problem.
It would be a big boost to free software if some org like Freedesktop had a standard telemetry library, data collection policy, data collection and publication service, and a distro-wide master switch to opt into data collection, and it was socially acceptable to use that framework.
2. Users pretty much never tell maintainers what is going wrong for them: no messages (much less proper bug reports), no contributions in any way!
3. Something invariably goes wrong for users that do the above.
4. Users immediately hit social media and try to tar the entire project, developer/company reputation, whatever. “Zero stars”, doesn’t work in their use case. You have surely seen these “reviews” before, and mindless tweets.
THIS is why I am torn on telemetry to some degree. IF you demand no auto-feedback in the name of privacy, THEN you should help out voluntarily OR not use free software! Yet software maintainers can’t count on this at all. They risk being hanged in the public square for every bug.
You got this part wrong. Users contribute to the project and/or draw contributers to the project. This happens to proprietary projects like twitter as well, where key features were invented by users. https://qz.com/135149/the-first-ever-hashtag-reply-and-retwe...
What if the telemetry data went through an intermediary you trust? I’ve been thinking about this and I am similarly torn on the issue. But if I knew the data was going to pass through some organization I trust , like the eff for example, I’d be much more comfortable opting in. This would be a sort of guarantee that the data I’m giving away is needed to improve the software and is not going to be used for anything else.
You can find plenty of complaints online about software which gathers data from its users too. Putting telemetry in your software doesn’t stop people from complaining about it.
I find this trend against reasonable telemetry in OSS ridiculous and naively idealistic. I could also divine that perhaps 90%+ of Audacity users use a closed source application that uses invasive telemetry.
The way the free software community treats its own is reminiscent of progressives in America: constantly eating your own kind while letting your opponents flourish.
There’s a reasonable amount of telemetry, and without it the free, OSS side can’t compete with closed source products on a level playing field.
I’ll even go further and suggest that light telemetry should be on (and able to be disabled) by default.
An application universally ridiculed for it's inclusion of in-depth telemetry. It's time to challenge your preconceptions: find the roadmap items, features or bugs informed by the gathering of the telemetry data.
Here is what's really happening:
* Migrating the codebase to C#
* Iterating upon the existing app design based on the latest guidelines for Fluent Design and WinUI
That last one is probably going to be obsolete by the time they are finished. What's the value here that telemetry is delivering?
This is the story all over the industry. Fancy dashboards everywhere, but the people shaping products haven't made an evidence-based decision in years.
More people are worried that the new TOS conflicts with the code license, which seems like fair criticism (why does it need to enforce a minimum age? why are we withholding information for law enforcement?). Had they approached this from a more transparent/secure perspective it would have been a lot more understandable, but Open Source has always been about voluntary contribution, which is how it sustains an otherwise suicidal business model. Until recently, there was no incentive to add telemetry, but Audacity has recently undergone a bit of a takeover (maybe "change in management" is more apt), which gives plenty of people reason for concern. I'm certainly going to be sticking to the forks on my machine, but it's ultimately up to the users, and to a greater degree, the volunteers.
Shouldn't this have a separate name, to avoid confusion and filesystem/repository clashes? I don't know if there is a trademark involved, but that's a potential legal issue the project will want to keep clear of.
If there isn't a leading suggestion for the new name yet, I offer "Temerity". It's a close synonym for "Audacity", and highlights both the boldness of this new project, and the recklessness of Muse Group's changes. It also cleverly alludes to (avoiding) "Telemetry", which is a distinguishing feature of the fork.
I have no horse in this race, but wouldn't it be better to keep crash reports in there? Of course it should be disabled by default, and it would never be uploaded. That way individuals can raise issues and attach the crashreports if they need to.
As a meta-point, I'm kinda surprised how attitudes among programmers have reversed in the last 20 years, from phoning home being suspicious under any circumstances, to telemetry being indispensable. I suspect the two sides of the argument map pretty closely to age.
Had some troubles, as we (and I personally, and my loved ones) were hit by a 4chan raid. Take the comments in the issues on GitHub with a grain of salt, it's impossible to get ahead of this.
Need to wait for things to cool down to be able to organize everything later.
You know, if I had influence I’d remove all the “features”, release a new version and make a public announcement.
Audacity has been such a great piece of software for so many years and would be a great shame for all of us if it slowly went to pieces and disappeared.
Then again, maybe this must happen for new software and alternatives to be born - there are industrial strength audio libraries available as open source that will be used to create the next iteration of audio editors.
Even browsers are capable of 80% of what most people use Audacity for.
I suppose its a part of life, good things come to an end and then you have to go through the trash to find the next good thing.
The explanation by the Audacity devs seemed pretty reasonable to me. Getting all up in arms and forking seems to be making something out of nothing, are these people just bored?
[+] [-] twodave|4 years ago|reply
1. error reporting - the user has to click a button to share crash logs. It's basically a macro to help the user create a support ticket.
2. version checking - no PII information being kept, literally just helping the developer get an idea of what versions they need to be supporting--you do want them to support the version you're running, right? Well, if not, you can turn it off.
What's the big deal?
[+] [-] stormbrew|4 years ago|reply
The latter though? Somehow the industry got by for decades without intimately knowing what version every single user of the software was running. I think they'll survive without it.
Anyways, how is it "petty" to make a version of the software for which there is clear demand? No one stomped on their birthday cake, they just took an OSS piece of software and modified it, compiled it, and released it. In what world is there any malice in doing the exact thing an open source license exists to allow you to do?
[+] [-] windsurfer|4 years ago|reply
https://www.audacityteam.org/about/desktop-privacy-notice/
[+] [-] SquishyPanda23|4 years ago|reply
However, Audacity is cool and all, but I wonder if it would be better to create a simplified frontend based on Ardour, the way GarageBand is for Logic.
[+] [-] Nextgrid|4 years ago|reply
Even if we assume there is no malicious intent from either the developer nor their infrastructure provider (their initial telemetry attempt was using Google Analytics which is definitely malicious), it can still be coopted by a malicious actor who is able to observe the network traffic or compromise the telemetry infrastructure and put the users at risk.
[+] [-] mattalex|4 years ago|reply
Muse group, a russian for-profit company that seems to have a shell-headquarters in Cyprus (see https://www.crunchbase.com/organization/muse-group), recently acquired Audacity as part of their expansion into the broader audio-production world.
As a first action, they changed their contributor License Agreement making a future change from a GPL license to a closed-source License possible. (it also allows for dual-licensing a paid version) https://github.com/audacity/audacity/discussions/932
They currently say they're not going to do that, but if they wanted to (and Muse-group is for-profit) they could without the contributor having any recourse. (They have already confirmed a cloud-service for Audacity, which for me already reeks like "we want to have closed-source tools that use our open-source contributors code").
Having a CLA isn't a problem in and off itself, for example, as they correctly state: the FSF requires a CLA because they want to license all their stuff as "GPL 3 or above", which is only possible using some CLA-mechanism. (it's also easier for them to defend GPL related lawsuits if they are the copyright holders)
What MuseGroup forgets to mention, is that they are a for-profit company (https://opencorporates.com/companies/cy/HE411908) while the FSF is a foundation (specifically a 501(c)(3) non-profit organization), which shifts their incentives a lot.
Now, barely a month later, they add the option of collecting data from users and people aren't happy. It is, at the very least, very tone-deaf/stupid from them to add telemetrie only one month after (IMO) showing their hand for what we can expect for the future.
[+] [-] IgorPartola|4 years ago|reply
[+] [-] chambers|4 years ago|reply
If the maintainer had waited out the initial flurry of attention, they probably could have chosen the name they wanted without much drama at all. Instead, they overreacted, deleted the first thread, and then immediately started editing and deleting user comments in the second. Ouch.
[+] [-] ezoe|4 years ago|reply
That's not what I expect from a software that require no remote server to function.
[+] [-] jbluepolarbear|4 years ago|reply
2. No, off by default or ask on first boot.
3. What data are they collecting that would be shareable to law enforcement? The feds need to know I’m on an outdated version?
I will not use or recommend Audacity anymore. It’s a shame, I really like Audacity and I’ve been using it since high school.
[+] [-] Exmoor|4 years ago|reply
[+] [-] o8r3oFTZPE|4 years ago|reply
[+] [-] corobo|4 years ago|reply
While I do understand the underlying cause and indeed hate things that violate my privacy as much as the next nerd.. you guys know most software phones home for update checks right?
Hell I'll tell you what. Unplug your router from the WAN side and wait a minute. See that popup there on all of your devices telling you you're offline? There's a connectivity check that's been giving out the exact same information the entire time you've had your OS installed
I really do appreciate the vigilance and don't want to discourage the raw energy on display at all but this one might not be the cause to go all in on
On the other side of my own argument it definitely won't hurt to chuck them a GDPR request in a month or two to see what they are gathering :)
[+] [-] boublepop|4 years ago|reply
Their new changes restricted use by individuals under 13. This is probably because they could run into trouble with GDPR with the personal data they are storing on users, which they have no good reason to store except that they can.
Audacity is used in public schools. Forking to keep the project usable by children learning the craft is not petty, it’s a worthwhile thing to do.
Ruining community trust so you can unnecessarily collect private information on your users, that is petty.
[+] [-] roca|4 years ago|reply
It would be a big boost to free software if some org like Freedesktop had a standard telemetry library, data collection policy, data collection and publication service, and a distro-wide master switch to opt into data collection, and it was socially acceptable to use that framework.
[+] [-] makecheck|4 years ago|reply
1. Users enjoy product for free.
2. Users pretty much never tell maintainers what is going wrong for them: no messages (much less proper bug reports), no contributions in any way!
3. Something invariably goes wrong for users that do the above.
4. Users immediately hit social media and try to tar the entire project, developer/company reputation, whatever. “Zero stars”, doesn’t work in their use case. You have surely seen these “reviews” before, and mindless tweets.
THIS is why I am torn on telemetry to some degree. IF you demand no auto-feedback in the name of privacy, THEN you should help out voluntarily OR not use free software! Yet software maintainers can’t count on this at all. They risk being hanged in the public square for every bug.
[+] [-] benatkin|4 years ago|reply
You got this part wrong. Users contribute to the project and/or draw contributers to the project. This happens to proprietary projects like twitter as well, where key features were invented by users. https://qz.com/135149/the-first-ever-hashtag-reply-and-retwe...
[+] [-] phowat|4 years ago|reply
[+] [-] Nextgrid|4 years ago|reply
Does something have to go wrong and do maintainers have to know about it?
I mean, if users are using the software, even if it's not perfect, what's the big deal - is that not good enough?
> IF you demand no auto-feedback in the name of privacy, THEN you should help out voluntarily OR not use free software!
The point of free software is that I can use and modify it as I want. I do not "owe" feedback (or anything else for that matter) to the developer.
[+] [-] panic|4 years ago|reply
[+] [-] theHIDninja|4 years ago|reply
[+] [-] mikecoles|4 years ago|reply
If users 'tar' a product, it likely deserves it.
[+] [-] bsder|4 years ago|reply
Now we can send all of the privacy seeking developers over to the new project where they can demonstrate their productivity.
I see this fork as a wonderful thing as the Audacity people can finally kick the excessively whiny to the curb--I mean the new forked project.
[+] [-] SirensOfTitan|4 years ago|reply
The way the free software community treats its own is reminiscent of progressives in America: constantly eating your own kind while letting your opponents flourish.
There’s a reasonable amount of telemetry, and without it the free, OSS side can’t compete with closed source products on a level playing field.
I’ll even go further and suggest that light telemetry should be on (and able to be disabled) by default.
[+] [-] stefan_|4 years ago|reply
https://github.com/microsoft/calculator
An application universally ridiculed for it's inclusion of in-depth telemetry. It's time to challenge your preconceptions: find the roadmap items, features or bugs informed by the gathering of the telemetry data.
Here is what's really happening:
* Migrating the codebase to C#
* Iterating upon the existing app design based on the latest guidelines for Fluent Design and WinUI
That last one is probably going to be obsolete by the time they are finished. What's the value here that telemetry is delivering?
This is the story all over the industry. Fancy dashboards everywhere, but the people shaping products haven't made an evidence-based decision in years.
[+] [-] pmlnr|4 years ago|reply
[+] [-] zeeZ|4 years ago|reply
[+] [-] blendergeek|4 years ago|reply
[+] [-] ddtaylor|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] smoldesu|4 years ago|reply
[+] [-] dang|4 years ago|reply
Audacity: Clarification of Privacy Policy - https://news.ycombinator.com/item?id=27739596 - July 2021 (80 comments)
Audacity 3.0 called spyware over data collection changes by new owner - https://news.ycombinator.com/item?id=27736151 - July 2021 (70 comments)
Audacity may collect “Data necessary for law enforcement, litigation” and more - https://news.ycombinator.com/item?id=27727150 - July 2021 (254 comments)
New [July 2, 2021] Audacity Data Collection Policy - https://news.ycombinator.com/item?id=27724389 - July 2021 (34 comments)
[+] [-] dane-pgp|4 years ago|reply
If there isn't a leading suggestion for the new name yet, I offer "Temerity". It's a close synonym for "Audacity", and highlights both the boldness of this new project, and the recklessness of Muse Group's changes. It also cleverly alludes to (avoiding) "Telemetry", which is a distinguishing feature of the fork.
[+] [-] ushakov|4 years ago|reply
[+] [-] sp332|4 years ago|reply
Edit: non-dead link https://github.com/temporary-audacity/audacity/issues/33
[+] [-] gizdan|4 years ago|reply
[+] [-] throwaaskjdfh|4 years ago|reply
[+] [-] ghoward|4 years ago|reply
[+] [-] _bmeo|4 years ago|reply
Had some troubles, as we (and I personally, and my loved ones) were hit by a 4chan raid. Take the comments in the issues on GitHub with a grain of salt, it's impossible to get ahead of this.
Need to wait for things to cool down to be able to organize everything later.
Anyways, AMA or something :)
[+] [-] AbuAssar|4 years ago|reply
Yet no one is complaining.
So what makes audacity special?
[+] [-] technojunkie|4 years ago|reply
https://vscodium.com/
VSCodium is not a fork but it also strips out the telemetry that VSCode integrates.
[+] [-] PieUser|4 years ago|reply
[+] [-] Donckele|4 years ago|reply
[+] [-] malkia|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] shmerl|4 years ago|reply
[+] [-] pigbearpig|4 years ago|reply
[+] [-] em3rgent0rdr|4 years ago|reply
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] blt|4 years ago|reply