Audacity 3.0 concerns about privacy

[quantum]

If you use Audacity you need look at this before upgrading to Audacity 3.0


https://fosspost.org/audacity-is-now-a-spyware/
https://www.engadget.com/audacity-data-collection-privacy-policy-muse-group-145857557.html
https://mashable.com/article/audacity-spyware-privacy-policy
https://appleinsider.com/articles/21/07/04/open-source-audacity-deemed-spyware-over-data-collection-changes

[ranjit]

Thanks for posting this.

[perfect_pitch]

Damn... that's a real bummer. Does anyone have a link to the latest v2.x version of Audacity (from a trusted site). I use it for Audio recordings, and sometimes you can get old mirrors that allow you to download old copies.

[lostinidlewonder]

Seems like an overreaction. If someone is so concerned about the info going out just install it on a computer that has no internet connection or config your firewall.

[quantum]

Does anyone have a link to the latest v2.x version of Audacity (from a trusted site).

From archive.org
https://archive.org/details/audacity-2.4.2

[quantum]

Seems like an overreaction. If someone is so concerned about the info going out just install it on a computer that has no internet connection.

IMO this is not an overreaction.  Many people will install 3.0 under the guise that things will be mostly the same as previous versions.  The word needs to spread so people can make an educated choice for themselves. 

Audition is also FOSS, and many of these new policies do not sit will with FOSS. As well, there are questions whether the new policies are in accordance with the GPL license.  On the more positive side, part of the beauty of open source is that forks are possible. 

Children under 13 not allowed to used Audacity?  How do you think that will sit with schools that use the software. 

[lostinidlewonder]

I only think it's an overreaction because Windows takes your information every day, tracking cookies on websites too, google, facebook etc etc, it's everywhere. Is Audacity going to keylog your computer or steal banking details? I dont notice what the DANGERS are in this case. When installing programs you are supposed to read the details, from what I read about 3.0 it's nothing "dangerous" unless you can enlighten me.

[quantum]

The Windows licence agreement is very different from that of Audacity.   I don't think we should expect a FOSS program to be doing the level of proposed tracking, as can be found from MS products.  There are people that choose FOSS to get away from software that does tracking. 

[lostinidlewonder]

But what tracking are they doing that is considered dangerous and a real security threat? That is what I am confused about. A lot of programs gather information about how their program runs on other peoples computer, especially if it crashes, it's not that unusual and if you really wanted to you could deny these programs internet access with firewall configs.

I dunno, it just looks like a whole lot of fuss over nothing. If it really worries people and they really want to still use Audacity in its updated form then they just use it on a computer not connected to the net if they fear something really bad will happen (although I can't see what that would be). I guess people are paranoid about any info going out.

[ivorycherry]

But what tracking are they doing that is considered dangerous and a real security threat? That is what I am confused about. A lot of programs gather information about how their program runs on other peoples computer, especially if it crashes, it's not that unusual and if you really wanted to you could deny these programs internet access with firewall configs.

I dunno, it just looks like a whole lot of fuss over nothing. If it really worries people and they really want to still use Audacity in its updated form then they just use it on a computer not connected to the net if they fear something really bad will happen (although I can't see what that would be). I guess people are paranoid about any info going out.

Honestly, I don’t think this is an overreaction. I think it’s best to try to keep as little data and info to be tracked as possible. 

[j_tour]

Yeah, this is an interesting bit of news.

There are several ways one can be a bit concerned.  In most of what follows I'm imagining the point of view of those who are concerned.

The most interesting is simply that it is inherently offensive to put a corporate spin and completely change the terms of the original license and open source nature of the program.

Not only a "corporate spin," but one which explicitly is dedicated to "cooperating" with (read:  abetting) various western law enforcement agencies.  It's hardly paranoid to be suspicious of the intentions of the United States' Department of Homeland Security or Russia's FSB.  And whatever lurks in Belgium.

So, it's no longer an open source program, it's no longer a part of well-understood copyright licensing frameworks, and it aims to please vast law enforcement networks for no good reason.

The analogy is this:  "if you have nothing to hide, then you shouldn't be worried if we search your vehicle or domicile." 

That is true. 

However, the powerful rejoinder is:  "No thanks, Mister Man!  I'll just produce an identical piece of software using the exact same source code, and this time it will adhere to community standards that are long established and have an equally long legal standing."

They'll call it "Freedacity" or something, and I guarantee that's what everyone is going to use.  At least the cool kids.

It's not paranoia, exactly, on the part of those concerned.  But leaving that aside, it's offensive to many people in the way that an ugly painting is.

And even I wonder:  what's in it for the Muse Group?  Why are they so happy to be Dudley Dooright, charging, John Wayne style, ahead in the interests of law and order?  What the hell do they care, anyway.

And what's that bizarre thing about an age restriction?

That's just strange.

It's like watching a dog chasing a truck, or a bear riding a tricycle:  what is it doing?  One can make guesses, but the sight of such a spectacle is, on the first glance, simply deviant and aberrant.

/* edit

As well, there are questions whether the new policies are in accordance with the GPL license.

I don't see that there's any question that the new mandates violate the GPL.  The age restriction alone means that the new release is no longer a part of the GPL.

And, in fact, they can be sued for this, and will certainly lose.  It depends on the jurisdiction and who cares enough to pursue them in whichever court for a clear-cut copyright licensing violation.

It's no longer FOSS, even if it may be open source of a particular sort:  all contributions to the code, including extensions, of which there are many, are gifted to the new owners and their own FrankenLicense.

That's a philosophical, rather than a legal issue, but it does rankle people who contributed to the base code, not to mention all of the add-on modules available.  Understandably so.

It's no problem.  In the blink of an eye, instead of Audacity there is an identical fork.  It's not immediate, and as it's entirely volunteer work, nor can it be reasonably done by one person, it requires organization, but it will happen, and soon.

This isn't dissimilar to the way Red Hat has recently brought much anger to users in industry production who have relied upon its official upstream equivalent CentOS.

Most people I know of just dumped CentOS in industry and moved immediately to one of its forks (there are two of them:  risky, immature at the moment, but promising) or to another server distro altogether like Debian.  If the companies who have used and relied on CentOS in the past weren't going to pay for the RHEL branding, they aren't about to now.  And the RHEL code itself is corrupted by depriving itself of innovations in the upstream CentOS. 

*/

/**

And, for the record, I personally don't care.  I know I have Audacity on a few boxes at home, but I wouldn't know what version, and I don't care. 

It's pretty useful software, and it's pretty capable for a primitive audio editing bit of gear, but I haven't been transcribing much lately, so I hardly use it.  (And it doesn't affect any serious recording engineers either, since they are (i) using proprietary software (ii) using air-gapped computers for anything mission-critical.  Even a rank amateur like me still has a Win10 box some updates, but I build the updates by hand, if I think think they are useful, but this is after having removed all telemetry and networking, also by hand, from the OS, which is one of my favorite things to do after installing Win10:  not just "hide" things like Cortana and such, but actual rip them out of the OS completely.  Plus, in case of forgetfulness, I never give Win10 access to any network.  And, FWIW, I'm one of the few people, especially among linux users, who actually likes Microsoft:  I see nothing wrong with the company, I just prefer to not use their stuff except when necessary.)

No, I don't really care that Russia or the US knows ZOMG my IP address at such-and-such a time — I assume that's a given, already, knowing how much crap there is out there anyway.

But, people do care about this stuff, and for some good reasons.

The aesthetics or in the cryptojournalism speak of the day, "the optics," are not that great, so I disapprove because it's ugly, stupid, and wrong!

It's not going to change my use of the software, but it does change my opinion about the Muse Group, not that it matters.

**/

[j_tour]

OK

Here's the latest deal.

Latest release from Muse Group.  See the comment section.  No, these aren't like YouTube comments:  GitHub is the legitimate site for developers and users of code, including forks.

https://github.com/audacity/audacity/discussions/1225

I won't make any claims or apologies for slashdot dot org (it's kind of a cesspool of nerdery, but it's good for seeing what makes the "news"), but you can do a search and find lengthy discussions like the following:

https://news.slashdot.org/story/21/07/06/1945217/no-open-source-audacity-audio-editor-is-not-spyware#comments

I think the general sentiment is (i) bewilderment at the audacity of the Muse Group (ii) fool me once, shame on you, etc.

It is just nerd rage on the internet, but some of these people, especially on GitHub, are the actual makers of the software, so, to abuse a phrase, go straight to the source.

Here's a pretty succinct précis from user SkaveRat from GitHub 1225 discussion:

and I'm not even kidding. I know not having telemetry data about usage and crashes will suuuuck, but you basically crashed into an old community and it feels like you're going all coorporate on the "little FOSS project".

Take some steps back and think about how every action you do is perceived. right now every little change you do is scutinized to the max. Some trust-building is in order here.

Like I suggested above, it's really about optics and aesthetics:  tampering in god's domain, for no discernible purpose.  It's a fish playing a piano while riding a unicycle.  Not right, looks strange, smells bad.

/////////////////

OK, Audacium is a fork.  The link is to the GitHub page with instructions for building from source.  I've tried it on a boring old Ubuntu LTS.  I need to remake it, by fiddling with the libraries a bit, but they claim to have a package already for Arch, and I think they have binaries for Win10 and Mac.

It looks good, the GUI at least, and seems to have all of the features.  I just have a problem with it recognizing my audio interface, and am likely to not try it on my Arch machine, nor on Win10.

So, there you go.  Problem solved.

[ranjit]

Open source software following the GPL license has its own charm. You can trust what it purports to do. Since I use Windows, there is telemetry, but Google, Facebook etc can be blocked to a decent extent using extensions. Of course, you should still trust Audacity 3.0 over Facebook, but it's important to know that it now collects an unspecified amount of data about you, and you just have to take their developers' word on how much data they are collecting and how they will use the information. If they are doing something fishy, tough luck, as it is still not illegal most of the time so they won't face any repercussions. You also have to keep in mind the possiblity of a data breach, which seems very likely to happen at some point in the future. After a data breach, the company usually does not have culpability, and basically gets away scot-free most of the time. So, even if the company doesn't mess things up, it's still not enough as long as the data they store isn't perfectly secure, and it pretty much never is.

Is it an overreaction? For someone who is extremely careful about their internet presence, no. If not, it's still something you should be aware of. After all, if the old Audacity works well for you, what's the point in upgrading? I'm pretty sure I won't.

[j_tour]

-----------------------------^

Yes.  ranjit, you put it together very nicely.  One of the issues is that, at least in the first deviations from the GPL, the Muse Group relied on Google Analytics to help triage and parse telemetry data.

An odd choice, and it seems to have rightfully upset people on general principle.

A red herring, it seems to me, that is brought up again and again in discussions elsewhere is the storing of IP addresses of each "communicant" to the parent company.  There seems to be some in-fighting among those who are against this on whether the system logs need to be stored for 24 hours for in-house forensics in case of a DOS attack (note, not a DDOS), and local storing of hashed IP addresses and resalting the hash function after 24 hours, but that's just an example of the kind of scrutiny radical changes to TOS and legal protections get. 

Say what you want about nerds:  I don't much care for them myself, but they do their homework. 

Now, I say it's a bit of a red herring in that there is some value, from a security point of view, in stopping a broadcast flood of "notifications" en masse, as an attack upon the servers of the Muse Group, which I would guess are leased from some entity (I have no idea the size or import of the company).  They surely don't maintain their own server farm.  Probably AWS or similar.  Maybe Azure.  Probably AWS.  Which is Amazon, you know:  that's their biggest product.  I work for Amazon, but while I don't have any inside information, anybody can tell the profit margins between AMZNL and AWS (those aren't stock ticker abbreviations, but abbreviations for logistics [i.e., delivery] and their immense hosting and server solutions.  But the principle is sound.

It gets similarly mired in further distinctions. 

Where it seems to have stabilized now is that Muse Group has backpedaled on many of their initial (outrageous) changes, but no one believes them now.  And, why should anyone, really?

But for the end user, you, ranjit present the situation very succinctly:  some people do care, and a large block of them are heavily invested personally in contributing to FOSS projects, and some may not really care too much, so long as the software continues to deliver, but knowing the issue instead of being "subtly" pushed sidelong into a radically different legal framework is not at all a bad thing.

After all, it's a matter of contract law, which affects the end user, and the authors of the base code, so it's not a trivial change, although the end user might not notice in simply using the software.  Does one want to be, say, twelve years old and already guilty of violating licensing TOSes?  And so forth?  Perhaps remote, but there are legal, real world consequences to these changes. 

One should make one's own choices, either way, with at least a broad overview of the situation.

[lostinidlewonder]

BUT WHAT INFO ARE THEY TAKING WHICH IS CONSIDERED DANGEROUS FOR THE USER??

Firewall config or computer with no internet and problem solved. Program is totally free so some cost must come somewhere, honestly don't know why people complain about a free product. There are of course much better programs than audacity out there, so if people are REALLY concerned there are other options rather than getting knickers in a twists lol.

Honestly who is interested in your info? No one really unless you are someone very rich or a large corporation etc. Most internet users don't have valuable info but there is a large amount of fear that any info that goes out must be bad for you. Audacity 3 I don't see dangers unless people are highly paranoid and don't want a handful of bytes to go over their networks now and then.

[j_tour]

Honestly who is interested in your info? No one really unless you are someone very rich or a large corporation etc. Most internet users don't have valuable info but there is a large amount of fear that any info that goes out must be bad for you. Audacity 3 I don't see dangers unless people are highly paranoid and don't want a handful of bytes to go over their networks now and then.

No one really cares about their IP address being stored in a hash table for 24 hours, then supposedly the hash function is resalted.

Well, I'm sure there are some people who are concerned, but I wouldn't know.

It's more or less, from what I can see, the principle of the matter.  This Muse Group took over a perfectly charming FOSS project released under the GPL, and slipped it a mickey by making it no longer FOSS and swapping a FrankenLicense for the GPL.

I'm sure you can understand that people who contributed to the code under the GPL are mightily peeved, and standing on principle, most netizens (errr....sorry about that word, it just slipped out) are vicariously outraged on their behalf.

For what it means to the average end user?  Not a damn thing, I agree.  In fact, one can argue very well that telemetry helps the corporation to fix bugs, supposedly.  I wouldn't know:  I always opt out, because I'm not a team player.

Remember, what I said is true:  I really don't personally care, but I think the objections are pretty plain to see, if you put yourself in the shoes of the average developer or even partisan of the FOSS ideology.

I don't want to attack many of the participants in the various discussions online, because I sympathize with the underdog, but one must also understand the point of view of the typical internet warrior:  they see themselves as white knights, wielding some sword of truth. 

It's mainly a struggle about purity and ideology, but it is also a legal problem if Muse Group continues to violate the GPL:  I wouldn't be surprised one bit if vast swaths of code were to have been challenged in court. 

And, finally, Muse Group has burnt its bridges.

[lostinidlewonder]

Yes those who have contributed to the project might be annoyed that their work is attached to some system they didn't agree upon. I can only speak as a consumer of a product and I really don't care if a program takes info if it crashes or they want to know which country the program is being used in, or how much it is being used etc. This info cannot harm me and will not slow down my internet since it is only a miniscule package of data.

I also personally don't care because I use better programs than Audacity if I have to do audio work ahha

[j_tour]

Yes those who have contributed to the project might be annoyed that their work is attached to some system they didn't agree upon. I can only speak as a consumer of a product and I really don't care if a program takes info if it crashes or they want to know which country the program is being used in, or how much it is being used etc. This info cannot harm me and will not slow down my internet since it is only a miniscule package of data.

I also personally don't care because I use better programs than Audacity if I have to do audio work ahha

Yeah, no duh! 

So what are you arguing about?

I still use Cubase SX, although not for a while.

I also don't give a crap about telemetry from the new overlords of Audacity.

But I think it's not difficult to understand why people are and have been shocked by villainy.

It's not my fight, but it's also not difficult to understand.

[lostinidlewonder]

I'm just not one to go into hysterics and want to present my opinion. I just see a whole lot of people getting upset over something which is fairly normal. There are a lot of people who are paranoid about their data going out there but it is an irrational fear since many of those people would be using all sorts of other programs which take even more data. 

I'm in the boat where I really don't care what info companies take from me they can do whatever they like with it nothing they take from my computer will ever harm me. If a program is open source then others can just make copies of the program and edit it in a manner that suits them.

[ranjit]

Firewall config or computer with no internet and problem solved.

Yes, but who would be willing to use a computer without internet nowadays?

Program is totally free so some cost must come somewhere, honestly don't know why people complain about a free product.

Audacity used to be open source, which means that developers either volunteered to produce the software, or people crowdfunded developers to produce it. Software so produced is generally very trustworthy, because anyone can point out flaws especially when the source code is available any actively maintained. I believe this was the case for about a decade, until two now. The outrage is because the software went against its own principles.

There are of course much better programs than audacity out there, so if people are REALLY concerned there are other options rather than getting knickers in a twists lol.

Naturally, there are better programs out there. I'm not aware of better open source programs, although there might be. The problem is that if such softwares die out, then everyone will be forced to use programs that intrude upon their privacy. As long as both coexist, it is all right. Also, when you download a piece of closed-source software onto your PC (for which you don't have the source code), you are at the mercy of whoever designed the software, and they can essentially do anything, without legal consequences (because you have agreed to their "terms and conditions").

Honestly who is interested in your info? No one really unless you are someone very rich or a large corporation etc.

I would say this is analogous to asking who is interested in your vote. No one, really. You're only one among millions of people who vote all the time, so your one vote makes essentially no difference. However, these things add up. Even if a spy agency is not going to track you down, even if you, individually, have a 0.01% chance of identity fraud, it all adds up. The large scale social effects are pretty apparent, after all.

Audacity 3 I don't see dangers unless people are highly paranoid and don't want a handful of bytes to go over their networks now and then.

Literally speaking, this is correct. However, it's more a matter of principle. And precedent -- with open source software being taken over by companies, there will be lesser and lesser transparency and control you have over your computer. It may not be that obvious, but it is safer from your perspective to install open source, "free" software, when compared to expensive software produced by companies which do not disclose their source code, and this has been seen over and over again.

Overall, as an end user, not that much is likely to happen (although a lot could) if your private data is leaked, or due to targeted advertising etc. But it has large scale effects, and if people forget that they should safeguard their privacy, it could spell disaster down the line. This is the reason why it's so devilish -- there is so little impact on the individual person that they are not prompted to act, while at the same time there are enormous societal implications.

[j_tour]

2xp

[j_tour]

/***************************************************************
********* Sorry, ranjit, your post appeared before *************
********* I was done finding an appropriate image. **************
***************************************************************/

Well, that's about where I'm at as well:  I don't have a cock rooster in the fight.

It's interesting, is all.  To the end user?  Not really so much.  Pretty much inside baseball.

But it's not difficult to see why the internet is ZOMG ON FIRE about this.  For months, now.

This isn't anything new:  like I alluded to earlier, much bigger fires are burning about RHEL's dissociation from CentOS.  Which is, maybe, analogous to, say, the US and China dropping favored nation trading provisions.

[lostinidlewonder]

Yes, but who would be willing to use a computer without internet nowadays?

I dunno some people do especially if they are just using it for recording work. Firewall settings will block certain programs from internet access while you still can maintain your internet.

Audacity used to be open source, which means that developers either volunteered to produce the software, or people crowdfunded developers to produce it. Software so produced is generally very trustworthy, because anyone can point out flaws especially when the source code is available any actively maintained. I believe this was the case for about a decade, until two now. The outrage is because the software went against its own principles.

haha yeah because everyone in this world runs by perfect principle and are always honest and just? ahah Yeah I get what you mean but yeah I dunno if people really realize what they are crying about without being hypocritical.

Naturally, there are better programs out there. I'm not aware of better open source programs, although there might be. The problem is that if such softwares die out, then everyone will be forced to use programs that intrude upon their privacy. As long as both coexist, it is all right. Also, when you download a piece of closed-source software onto your PC (for which you don't have the source code), you are at the mercy of whoever designed the software, and they can essentially do anything, without legal consequences (because you have agreed to their "terms and conditions").

Yeah well free is not always meaning FREE there are always some kind of costs associated if it is not monetary. If people are serious about audio editing software it wont cost them an arm and a leg for something superior to Audacity. I guess those who are upset want something absolutely free and dont want to contribute in any way at all to those running the project. I just don't see how people can complain about something that is free, unless you contributed to the programs function itself.

I would say this is analogous to asking who is interested in your vote. No one, really. You're only one among millions of people who vote all the time, so your one vote makes essentially no difference. However, these things add up. Even if a spy agency is not going to track you down, even if you, individually, have a 0.01% chance of identity fraud, it all adds up. The large scale social effects are pretty apparent, after all.

I dunno if VOTING and this has any connection. Normal citizens really do not have any information that any black hat hacker would be interested in. Unless Audacity has a keylogger and steals all your banking info I don't see what is to be afraid of.

Literally speaking, this is correct. However, it's more a matter of principle.

What I see is people getting upset over something very unimportant. If they act on principles then there are much better things in this world to work against or for. Justice for an audio editing program??? lol!

Overall, as an end user, not that much is likely to happen (although a lot could) if your private data is leaked, or due to targeted advertising etc. But it has large scale effects, and if people forget that they should safeguard their privacy, it could spell disaster down the line. This is the reason why it's so devilish -- there is so little impact on the individual person that they are not prompted to act, while at the same time there are enormous societal implications.

Could but wont. Its just paranoid thinking imho.

[timothy42b]

So, it's no longer an open source program, it's no longer a part of well-understood copyright licensing frameworks, and it aims to please vast law enforcement networks for no good reason.

The analogy is this:  "if you have nothing to hide, then you shouldn't be worried if we search your vehicle or domicile." 
**/

If the good guys can get into my vehicle, domicile, and computer, what's to prevent the bad guys from getting in the same way?

Good guys, with the best of intentions, have long histories of accidentally losing the keys.

When I enter yahoo mail, yahoo is nice enough to provide me with nice little news snippets that I might be interested in.  Sometimes I even am.  But, a disconcerting percentage of the time these news snippets are about conservatives doing unethical things.  These aren't fake news, these things really happened and made the news.  But i don't like it that somebody's algorithm assigns a likely political leaning to me. 

[j_tour]

If the good guys can get into my vehicle, domicile, and computer, what's to prevent the bad guys from getting in the same way?

Good guys, with the best of intentions, have long histories of accidentally losing the keys.

Well, sure!  I'm not saying that's a particular concern of mine, but once bitten, twice shy!  It's a valid concern.

And @lostinidlewonder, that's all great, but do you not grasp the notion that there is a matter of optics and propriety involved?  Put aside all the black-ops helicopter stuff.  Nobody's talking about that. 

Do you not follow that an act can be destructive even without ill intent? 

Keep in mind, I'm not calling for calling in the FSB or the DHS to raid any offices....I don't care. 

But software development, especially in FOSS land, is a community project, and it's just plain not difficult to see how people take disssolving binding legal licenses like the GPL unilaterally the wrong way.

[lostinidlewonder]

And @lostinidlewonder, that's all great, but do you not grasp the notion that there is a matter of optics and propriety involved?

I'm not sure what the definition of "optics" and "propriety" is in this case.

Do you not follow that an act can be destructive even without ill intent? 

Sure but the chance is mostly fueled by paranoia rather than something which will actually happen. Also if Audacity's information collection is leaked to some black hat what are they doing to do with it? What information is there that would be "dangerous" for me as a user? Someone please clearly explain what it is because all I see is paranoid thinking.
 

But software development, especially in FOSS land, is a community project, and it's just plain not difficult to see how people take disssolving binding legal licenses like the GPL unilaterally the wrong way.

In business people do all sorts of things, I don't see why people are surprised. There are so many options out there but I understand change is difficult for many people.

[ranjit]

There are so many options out there but I understand change is difficult for many people.

Are there any such options, better than Audacity, under the GPL license or similar? I think that's the point of concern here. It's not even a question of the price of the software, because companies will collect data  from paying customers without batting an eyelid.

[lostinidlewonder]

Are there any such options, better than Audacity, under the GPL license or similar?

If one only wants free options then that's the situation they have put themselves in I guess. I haven't scoured the free options for audio editing for at least 2 decades now. When I did use free programs I used a large number of them each one for specific needs. I've used Sound Forge for many years. I have other programs (VE-7s) which I use to remove voices from audio (not an easy to find programs which do that well in fact hardly any can do it and those that do all do it poorly) but they are not largely disributed and cost a lot of money. I like making karaoke files ahhaha

[j_tour]

In business people do all sorts of things, I don't see why people are surprised. There are so many options out there but I understand change is difficult for many people.

Nobody is surprised. 

However, you have to understand that creators of software like Audacity don't see themselves as "businessmen." 

Yes, there are "Tech Bros," but you have to understand where these people are coming from. 

Just back of envelope calculation, probably 80% are employeed as network engineers, sysadmins, IT factotums... I don't really want to continue guessing, but you know that's more or less right. 

Why the strawman, "Change is difficult"?  I can only speak for myself, but I think any reasonably intelligent person would evaluate what the change is and adopt it wholeheartedly if it were an improvement.

As I've been repeating, it's more likely that there was no change proposed, contrary to long-standing practice and community standards, but rather a duplicitous change in TOS, which d'un coup switched, unilaterally, everything fundamental to Audacity (FOSS, GPL) to something else.  Viz., Audacity (Non-FOSS, FrankenLicense).

Anyway, even I don't care much about it.  So what is your main beef in continuing to flog this dead horse? 

I care about it as much as I care about George Winston music on piano:  it's a curiosity, and despicable.  So what's your angle, chief?

[j_tour]

Someone please clearly explain what it is because all I see is paranoid thinking.

I've already explained, it's not a concern for the average end user.

The difference between you and me is that I've tried to understand the opposing viewpoint, and articulate it.  I may have failed, but I have tried to understand and articulate the POV of those who oppose Muse Group. 

What have you articulated, beyond your own POV?

[lostinidlewonder]

However, you have to understand that creators of software like Audacity don't see themselves as "businessmen."

I dunno what there is to understand about that. How can you be so certain that they don't consider it a business? I mean people can say all sorts of things but obviously this program must benefit their bank accounts in one way or another.
 

Why the strawman, "Change is difficult"?

What is strawman about that? If people are disgusted by Audacity 3 info collection then they need to face change don't they? Seems logical. Change in terms of dealing with it, or change in terms of seeking different programs. 

As I've been repeating, it's more likely that there was no change proposed, contrary to long-standing practice and community standards, but rather a duplicitous change in TOS, which d'un coup switched, unilaterally, everything fundamental to Audacity (FOSS, GPL) to something else.  Viz., Audacity (Non-FOSS, FrankenLicense).

I still don't see how any of this is "dangerous" to the consumer can you demonstrate the dangers for me because I just don't see it. 

Anyway, even I don't care much about it.  So what is your main beef in continuing to flog this dead horse? 

Whats the problem with me doing what I like? I think a thread were everyone has their hands up in the air crying about the changes would be totally boring. I have a different opinion and love playing the devils advocate when my opinion goes against the apparent grain.

I care about it as much as I care about George Winston music on piano:  it's a curiosity, and despicable.  So what's your angle, chief?

I have a very acute angle

[lostinidlewonder]

I've already explained, it's not a concern for the average end user.

So I don't see why a large fuss is made over this then. How is it "dangerous" to those others? I am only saying "dangerous" because of the video posted in the OP.

The difference between you and me is that I've tried to understand the opposing viewpoint, and articulate it.  I may have failed, but I have tried to understand and articulate the POV of those who oppose Muse Group. 

What have you articulated, beyond your own POV?

Oh you are so altruistic right lol. Message boards on internet are there to discuss your opinions and ideas, if the way I am presenting my opinions are not like yours that's ok you don't have to question it, we are different people you know?

I've already asked to understand the other viewpoint, several times actually I have asked what is the exact danger but everyone seems to avoid that question or admit there is no danger for most users (which still doesn't explain what the dangers are).

[j_tour]

I've already asked to understand the other viewpoint, several times actually I have asked what is the exact danger but everyone seems to avoid that question or admit there is no danger for most users (which still doesn't explain what the dangers are).

It's not a question of "danger" or "alert red." 

It's a simple matter of understanding the POV of those who have skin in the game, directly or indirectly.

No, as I've said, there's no "danger" to any individual.  As far as I know.  Maybe some Russian plutocrat can be trapped in a sting operation using Audacity as a listening device.  I have no idea, nor do I care.

If you prefer, it's a simple legal matter of conforming to the GPL. 

Is that black-and-white enough for you?

I have no interest in fighting with you, nor anybody else.

I am, however, surprised at your dogged insistence that others may have no interests at stake. 

And, no, interests may be not directly financial:  I wouldn't know the motivations of past contributors to the defunct Audacity, but I do know the interests may not have been directly monetized.

I've already asked to understand the other viewpoint, several times actually I have asked what is the exact danger but everyone seems to avoid that question or admit there is no danger for most users (which still doesn't explain what the dangers are).

From the beginning I've attempted to imagine what arguments from the opposition have been.  In most cases, those positions I've articulated have not been my own.

But you're asking the wrong questions.  The opposition is not concerned about such-and-such an average end user:  the average developer is concerned about security, rationale, implementation, and, above all, why the deliberate violation of the GPL.  In addition to, IMHO, the average developer's sense of some kind of community standards.

That sounds wishy-washy, but I really do think there's a deep ideological core to contributors to FOSS software.

No, I don't have any evidence.  This isn't a civil trial before a magistrate, just common sense.

[lostinidlewonder]

If you prefer, it's a simple legal matter of conforming to the GPL. 

Is that black-and-white enough for you?

If it is a "simple legal matter of conforming to the GPL" can you outline what that exactly is and how it is bad for people?

I have no interest in fighting with you, nor anybody else.

Why is this a fight? I don't see it that way. People just have to realize that not everyone thinks or writes the same way.

I am, however, surprised at your dogged insistence that others may have no interests at stake. 

Because it has not been clearly outlined what the dangers and problems are. People say SPYWARE but then lets go into the details of all that, from my brief skimming over I don't see anything at all which is untoward but I am totally open to someone explaining to me how I am mistaken.

And, no, interests may be not directly financial:  I wouldn't know the motivations of past contributors to the defunct Audacity, but I do know the interests may not have been directly monetized.

I mean it all looks fairly business like to me:

Audacity trademarks
On January 16, 2004, Dominic Mazzoni filed the trademark for "AUDACITY" with the United States Patent and Trademark Office as seen by the USPTO Serial Number 78352743.

On December 1, 2020, Dominic Mazzoni assigned all right, interest, and title in the trademark "AUDACITY" to MuseCY SM Ltd. in exchange for one dollar "and other good and valuable consideration" a legal phrase used when one side wishes to conceal the amount or nature of the payment. [65]

On January 27, 2021, the USPTO website shows the status of "Automatic Update of Assignment of Ownership" to MuseCY SM Ltd.[66]

On March 19, 2021, MuseCY SM Ltd. (or Muse Group) filed a new trademark for Audacity name with the headphones logo with the USPTO as seen by the USPTO Serial Number 90591173.[67]

On March 24, 2021, MuseCY SM Ltd. filed a new trademark for the Audacity headphones logo by itself with the USPTO as seen by the USPTO Serial Number 90600351.[68]

[j_tour]

If it is a "simple legal matter of conforming to the GPL" can you outline what that exactly is and how it is bad for people?

Sure.  All people regardless of age may use any software distributed under the GPL.  So, the PG rating for Audacity fails.  Violation, legally culpable, may not be distributed under the GPL, must recreate project.  End of story.

Because it has not been clearly outlined what the dangers and problems are. People say SPYWARE but then lets go into the details of all that, from my brief skimming over I don't see anything at all which is untoward but I am totally open to someone explaining to me how I am mistaken.

Well, I think people are too quick to toss around terms like ZOMG "spyware" or even "telemetry."

Like I said earlier, it appears that the Muse Group has walked back their telemetry/"phone home" options.

Probably to placate those to whom it matters.

But, the practical matter is, and this is why it's still a matter of concern is, "Hey, great, fool me once, shame on you, fool me twice, shame on me."

Again, I don't really care one way or another, but that's the way it comes across to people who are and have been involved with creating Audacity ab initio.

I've been trying to understand it on and off since this morning, but that's my best guess. 

No, I don't think there are any dangers or even "dangers" to the average consumer, but that's not remotely what the teapot tempest is all about.

[quantum]

I can only speak as a consumer of a product and I really don't care if a program takes info if it crashes or they want to know which country the program is being used in, or how much it is being used etc. This info cannot harm me and will not slow down my internet since it is only a miniscule package of data.

Tiny portions of metadata, telemetry, crash reports, geolocation, etc. may seem innocuous, but one needs to look at the bigger picture. All this data can be added up to create a profile of a user, and over time accumulate to an increasingly accurate picture of a person, or organization.  IMO, this metadata is more personal in function than items a person may consider personal: like photos of family, private letters, oral history of ancestry, etc.  This metadata can be used to build a frighteningly accurate and personal profile of any person, the more data available the more accurate the profile.  It can come to the point where the data may provide a more accurate and objective profile of a person, as opposed to asking a person to describe who they are and what they do.  The more data one feeds the algorithms, the better the algorithms can become at sorting data. 

Yeah well free is not always meaning FREE there are always some kind of costs associated if it is not monetary. If people are serious about audio editing software it wont cost them an arm and a leg for something superior to Audacity. I guess those who are upset want something absolutely free and dont want to contribute in any way at all to those running the project. I just don't see how people can complain about something that is free, unless you contributed to the programs function itself.

FOSS isn't just about costs.  A lot of it is built around principle and community. 

Say you found some organization that cleans up discarded plastic on beaches. You like the cause, so you donate some of your time to remove plastic bits from a beach, and put them in a bin to be collected.  A year later you find out that organization was bought out and now you find that organization is redirecting profits to further enable other organizations up the chain to continue to pollute beaches with no consequences.  You could say you don't care, and just find another organization to support, but does that really help the situation on the beach?  If enough people say they don't care, it presents a certain message to the big companies that they can continue under the radar doing bad stuff because people are not willing to take action.  You just carry on with your life, as though these matters do not affect you, feeding your children with seafood that have ingested microplastics. 

I would say this is analogous to asking who is interested in your vote. No one, really. You're only one among millions of people who vote all the time, so your one vote makes essentially no difference. However, these things add up. Even if a spy agency is not going to track you down, even if you, individually, have a 0.01% chance of identity fraud, it all adds up. The large scale social effects are pretty apparent, after all.

I like this analogy.

I also personally don't care because I use better programs than Audacity if I have to do audio work ahha

Sure there are better programs, but I think it is important to consider the function of the work before choosing. 

When doing live concert recordings, I tend to use simpler stable programs rather than large flashy DAWs with tons of features.  Audacity fits this function pretty well.  I might not mix in Audacity, but when it comes to recording I am looking for stability.  In live concert recording there are no retakes, if your DAW crashes you've lost data. 

I've been part of recording sessions and live concerts where the recordist used a bigger, better, brand name DAW.  One that had a habit of crashing in the middle of the concert, multiple times. 

[ranjit]

And, no, interests may be not directly financial:  I wouldn't know the motivations of past contributors to the defunct Audacity, but I do know the interests may not have been directly monetized.

To add to this, I know a person who contributed to an open source project in college. It was a really small change, but it's not that easy to do because changes are not accepted unless they conform to code standards etc. That change is now part of a package which basically ships to most Linux distributions, which would mean that this person could look at someone else's operating system, point to the feature, and tell them, "hey, I did that". And this is for a very minor change. It's not hard to imagine why someone would like to be part of such a project. I know I would be interested.

Here's another analogy which comes to mind -- what did Bernhard gain from posting here?

[lostinidlewonder]

Sure.  All people regardless of age may use any software distributed under the GPL.  So, the PG rating for Audacity fails.  Violation, legally culpable, may not be distributed under the GPL, must recreate project.  End of story.

That all sounds like gobbledeegook to me.

But, the practical matter is, and this is why it's still a matter of concern is, "Hey, great, fool me once, shame on you, fool me twice, shame on me."

Ah and thus the paranoia.

No, I don't think there are any dangers or even "dangers" to the average consumer, but that's not remotely what the teapot tempest is all about.

If the changes doesn't affect that vast majority of users I wonder what the commotion is about then.

Tiny portions of metadata, telemetry, crash reports, geolocation, etc. may seem innocuous, but one needs to look at the bigger picture. All this data can be added up to create a profile of a user, and over time accumulate to an increasingly accurate picture of a person, or organization.  IMO, this metadata is more personal in function than items a person may consider personal: like photos of family, private letters, oral history of ancestry, etc.  This metadata can be used to build a frighteningly accurate and personal profile of any person, the more data available the more accurate the profile.

This is all paranoid thinking though IM MY OPINION. So what they can have whatever info they want on me what are they going to do with it? How will it change my life? How will I become abused? I just don't see anything important they could get from me. Black Hats don't really care about the general civillian, we are not that important.

It can come to the point where the data may provide a more accurate and objective profile of a person, as opposed to asking a person to describe who they are and what they do.  The more data one feeds the algorithms, the better the algorithms can become at sorting data. 

Mmm they will have no idea about movements outside of Audacity, so I don't see the problem unless people live their entire lives in Audacity.

FOSS isn't just about costs.  A lot of it is built around principle and community. 

Didn't Audacity come out like almost 20 years ago? Are people thinking that it should remain the same forever? I dunno, when it comes to business things don't stay the same unless you want to dissolve into obscurity. I think people hold "principles" up way too high, when it comes to business so long its not illegal people will do it, heck they will even toe the line of legality.

Say you found some organization that cleans up discarded plastic on beaches. You like the cause, so you donate some of your time to remove plastic bits from a beach, and put them in a bin to be collected.  A year later you find out that organization was bought out and now you find that organization is redirecting profits to further enable other organizations up the chain to continue to pollute beaches with no consequences.  You could say you don't care, and just find another organization to support, but does that really help the situation on the beach?

I mean if you donate your money to any large charity organization you will see what % of your money actually goes to the poor or the cause you want to help. Donations do not give you any power of expectation as to what is done with that money or how the company will develop from it. That's business for you, it's often very impersonal.

If enough people say they don't care, it presents a certain message to the big companies that they can continue under the radar doing bad stuff because people are not willing to take action.  You just carry on with your life, as though these matters do not affect you, feeding your children with seafood that have ingested microplastics. 

You have a lot more say by boycotting products, that makes companies stand up and listen. When it comes to computer software they really should be wary because they easily
can become obsolete if people band together and are really interested to do so. The thing is most people simply don't care.

[j_tour]

2xp

[j_tour]

You've actually misattributed most of the rest of your quotes to me, when they are from other people.

But, you got 10% or whatever right, so I can clarify on one of the few you correctly attributed to me.

It's not a difficult point that I made:  by saying that the software can only be used by certain people, whether segregated by age or any other criterion, that software can no longer use the GPL. 

It's not that difficult.  A x<=13<b is not really ambiguous.  So, the faulty violator is culpable, tout court.  Or whatever it is:  I don't give a damn about kids, but that's the license.  Lawsuit city.  Fat city, if you're familiar with that idiomatic expression.

I can't speak for anyone else, but the points I've made, sometimes by imagining possible arguments, sometimes by examining actual arguments, are not necessarily trivial.

To you or me, say, they may seem that way, but it's not very difficult to understand the rationale behind such arguments, nor the tenets of the FOSS community.

[lostinidlewonder]

You've actually misattributed most of the rest of your quotes to me, when they are from other people.

Copy paste error oopsy.

But, you got 10% or whatever right, so I can clarify on the one you correctly attributed to me.

It's not the end of the world. 4/10 is a little more than 10%.

It's not a difficult point that I made:  by saying that the software can only be used by certain people, whether segregated by age or any other criterion, that software can no longer use the GPL. 

You think kids actually listen to rating advice? Who else would be segregated?

It's not that difficult.  A x<=13<b is not really ambiguous.  So, the faulty violator is culpable, tout court.  Or whatever it is:  I don't give a damn about kids, but that's the license.  Lawsuit city.  Fat city, if you're familiar with that idiom.

I dunno what you are talking about though. What kinda lawsuits? Kids getting sued? ahhaha

I can't speak for anyone else, but the points I've made, sometimes by imagining possible arguments, sometimes by examining actual arguments, are not necessarily trivial.

To you or me, say, they may seem that way, but it's not very difficult to understand the rationale behind such arguments, nor the tenets of the FOSS community.

Well your attempt to explain to me has not really worked because I still don't really know what the fuss is all about lol It doesn't matter really.

[j_tour]

Well your attempt to explain to me has not really worked because I still don't really know what the fuss is all about lol It doesn't matter really.

Well, we can agree about this. 

I personally don't give a ***, but I don't find it difficult to understand the perspective of those who disagree.

And, FWIW I think most children under breeding age should be executed, regardless of how well they copy music.  But, Audacity is no longer de jure and de facto licensed correctly:  now, it's just some riduclous toy owned by some stooges in suits, like Finale Notepad or whatever.

It doesn't matter to those who use professional software, but it's not difficult to see why long-term advocates, users, and developers have been angered by the combination of the violation of contract law and the arrrogance of the back-pedalling corporate owners.

[lostinidlewonder]

I dunno if this is a situation where there is any need to agree or not. It is just how one views the situation, there is no right or wrong answer. Some people might be afraid of data being sent, they might legit be scared stiff about that, if thats the case then they have a lot to be concerned about outside of a program like Audacity.

[quantum]

This is all paranoid thinking though IM MY OPINION. So what they can have whatever info they want on me what are they going to do with it? How will it change my life? How will I become abused? I just don't see anything important they could get from me. Black Hats don't really care about the general civillian, we are not that important.

We will have to agree to disagree on this point.

As has been discussed throughout this thread, it seems that things other people are concerned about, do not cause you concern.  Instead of waving a flag of  paranoia, try to understand the perspective of how these changes affect other people. 

Organizations are collecting data to predict consumer trends in order to market products in a timely manner.  As I said above, IMO this data when assembled is more personal than almost any personal possession or thought we may have. 

You walk into a mall, look at the store directory.  It's camera sees you and identifies you based on images you posted on your personal social media accounts.  Past data points show that you have an interest in music and audio products.  You came to the mall to buy shoes, but on the way to the shoe store a digital advert shows you the newest audio product that just so happens to be something you could use.  Past data shows you have a trend to buy stuff at certain times of the year, so that advert was very specifically directed to you at that time.  You walk into a store unplanned, see the audio product you have never heard of before, you buy it - no research, no prep.  Would you like to be manipulated like that?  I know I would not, but it is already happening in some form.  If you are ok with this kind of data use that it is your decision, but that does not diminish the argument of those that are opposed to this kind of data usage.

Mmm they will have no idea about movements outside of Audacity, so I don't see the problem unless people live their entire lives in Audacity.

This is one of the concerns.  What happens to your data once in Muse Group's possession.  Can you be absolutely certain that your data stays on their servers?  Are their servers on their physical property, or are they in the cloud?  I think it would be naive to make the assumption that our personal data is not vulnerable once out of our hands.

Didn't Audacity come out like almost 20 years ago? Are people thinking that it should remain the same forever? I dunno, when it comes to business things don't stay the same unless you want to dissolve into obscurity. I think people hold "principles" up way too high, when it comes to business so long its not illegal people will do it, heck they will even toe the line of legality.

I mean if you donate your money to any large charity organization you will see what % of your money actually goes to the poor or the cause you want to help. Donations do not give you any power of expectation as to what is done with that money or how the company will develop from it. That's business for you, it's often very impersonal.

You have a lot more say by boycotting products, that makes companies stand up and listen. When it comes to computer software they really should be wary because they easily
can become obsolete if people band together and are really interested to do so. The thing is most people simply don't care.

Not everyone approaches a project from a business perspective.  Again a large part of FOSS is principle. 

[quantum]

But, Audacity is no longer de jure and de facto licensed correctly:  now, it's just some riduclous toy owned by some stooges in suits, like Finale Notepad or whatever.

Speaking of notation software, Muse Group also owns MuseScore, which is becoming one of the alternatives to the leading professional level software packages such as Finale, Dorico and Sibelius. 

[lostinidlewonder]

We will have to agree to disagree on this point.

That's fine because like I said before this is a situation where there is no right or wrong, it is just how each individual percieves it and how they believe it might affect them. However I think I am quite correct that black hats have no concern over civilians unless there is a real reason, you and me really are not important to them.

As has been discussed throughout this thread, it seems that things other people are concerned about, do not cause you concern.  Instead of waving a flag of  paranoia, try to understand the perspective of how these changes affect other people.

I have already been asking questions as to what the concern is, to me although it seems rather flippant and unimportant and especially unusual if people who are concerned about it use things like facebook!

Organizations are collecting data to predict consumer trends in order to market products in a timely manner.  As I said above, IMO this data when assembled is more personal than almost any personal possession or thought we may have. 

I personally am a very complicated person, there is no way on earth that they could data collect from Audacity and give a perfect picture of who I am personally with all my details. I actually would encourage that it negatively affect my life because I would like to know how that is possible. 

You walk into a mall, look at the store directory.  It's camera sees you and identifies you based on images you posted on your personal social media accounts.  Past data points show that you have an interest in music and audio products.  You came to the mall to buy shoes, but on the way to the shoe store a digital advert shows you the newest audio product that just so happens to be something you could use.  You walk into a store unplanned, see the audio product you have never heard of before, you buy it - no research, no prep.  Would you like to be manipulated like that?  I know I would not, but it is already happening in some form.  If you are ok with this kind of data use that it is your decision, but that does not diminish the argument of those that are opposed to this kind of data usage.

Haha, well I am not very suseptable to being controlled or influenced by others. Maybe it's the aluminium hat I wear? haha I would be impressed if they could manipulate me with any information that comes out of Audacity if I used it. Facebook tries to do it with me, maybe because I post negative comments on some products they try to show me they think I'm interested in it ahahah. I've actually helped reduce the amount of sales on some facebook adverts they target me with. So yeah sure go ahead and try to influence me I'll just work in the opposite fashion and remove their sales.

This is one of the concerns.  What happens to your data once in Muse Group's possession.  Can you be absolutely certain that your data stays on their servers?  Are their servers on their physical property, or are they in the cloud?  I think it would be naive to make the assumption that our personal data is not vulnerable once out of our hands.

Give all that data to anyone I wouldn't care, I just don't see how it would hurt me.

Not everyone approaches a project from a business perspective.  Again a large part of FOSS is principle.

In reality Audacity is run by a business so we can't escape that. 

[lelle]

A shame to hear that they are messing up the privacy bit. I follow the guy Tantacrul on Youtube who works on overhauling the ui/ux of the coming version of audacity. Pretty interesting guy with entertaining videos about music topics who seems like a legit person. Wonder what drove them to change the privacy stuff?