Muse Group Continues Tone Deaf Handling Of Audacity

When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.

For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.

Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

License Shell Game

A little more than a week after our previous Audacity article went out, Daniel Ray, Muse Group’s Head of Strategy, dropped a new bombshell on GitHub in the form of a new Contributor License Agreement (CLA). He explained that past and future contributors would be bound by the agreement, which gives Muse Group unlimited rights over how contributed code is used and licensed. The document makes clear that the original contributor is still technically the owner of said code, and that they were free to use it in other projects, but they would have no say in its fate once folded into the Audacity project.

If there was any doubt to what Muse Group had in mind by implementing this CLA, Ray was clear that they were indeed positioning themselves to relicense the project. In the short-term they want to move Audacity from GPLv2 to GPLv3, which he explained would open up compatibility with various libraries and technologies the team had their eye on. This wouldn’t necessarily be a bad thing, and while some contributors might not have agreed with all the changes made in the later revision of the GPL, it’s unlikely the upgrade would have made too many waves.

The real trouble started when he admitted that Muse Group eventually intended to dual-license the code as well. This would mean that in some situations, and at their sole discretion, Muse Group could offer up a version of Audacity that was bound by an entirely different and yet-to-be-named license. Ray cites issues with listing GPL-licensed projects on the Apple App Store as an example of why this clause is necessary, as it would allow Muse Group to use a more permissive license to satisfy a vendor’s requirements for redistribution.

If that wasn’t enough, the FAQ for the new CLA specifically states that code contributed to Audacity may be used in future closed source projects by Muse Group:

It’s not an exaggeration to say that this is the antithesis of what the open source community, or at least the GPL, stands for. Few individuals who are looking to submit their code for inclusion to a program that’s spent more than 20 years licensed under the GPLv2 would approve of their work ending up as part of a commercial closed source project. When a commenter asked Ray how Muse Group intended to get past contributors to agree to such a document, he replied that only major contributors needed to sign off; the team decided that rewriting what he described as “trivial” contributions would be more efficient than getting the original authors to agree to the new terms.

You Must Be This Tall to Ride

While still coming to terms with the CLA, the community was further riled by the release of a draft version of Audacity’s new Privacy Policy earlier this month. This document describes an as-of-yet unimplemented telemetry system, and how the information it collects would be shared with outside parties. Of particular concern was language that said Muse Group would share “Data necessary for law enforcement, litigation and authorities’ requests (if any)” while failing to clarify the scope of the data being collected or to which authorities the company was referring. It’s worth mentioning at this point that Muse is based in Kaliningrad, Russia.

Another section of the Privacy Policy, titled simply “Minors”, explains that Audacity is not to be used by individuals under the age of 13. This clause was presumably inserted so that their proposed data collection and reporting would not run afoul of the American Children’s Online Privacy Protection Act (COPPA) and the European Union’s General Data Protection Regulation (GDPR), which limit the age at which a user can give consent to their information being used online.

Many commenters expressed concerns that Audacity’s new age requirement would mean the free tool could no longer be used in educational settings, forcing schools to find an alternative program. Others pointed out that both the GPLv2 and GPLv3 specifically forbid any limitations being placed on who can run the program. If it was Muse Group’s intent to leverage the CLA to supersede this clause of the GPL, it would be a dangerous precedent; limiting the age at which a user can run a program is a slippery slope towards other forms of discrimination, another inexcusable affront to the values of the open source community.

Squandered Trust

Just as they claimed with the botched telemetry pull request from May, the official company line is that the release of the draft Privacy Policy was a mistake, and that the final document will be revised to more closely align with the company’s goals for Audacity going forward. According to a post by Daniel Ray, once telemetry is activated in Audacity version 3.0.3, the only data that will be collected is the user’s IP address, basic information about their computer, and optionally, error reports. Despite what’s stated in the draft, he also assured users no additional data will be collected for the purposes of law enforcement, and should users wish, they can operate Audacity in an offline mode that absolves them from following the Privacy Policy altogether.

The vast differences between the draft of the Privacy Policy currently on the Audacity website and the theoretical revised version are difficult to ignore. A reasonable observer would wonder why this draft was ever publicly posted if the goal was to invalidate most of its controversial clauses in a second revision. The inescapable conclusion is that some element within Muse Group is either dangerously naive as to the realities of managing a large open source project, or more worryingly, that they’re actively trying to see how far the community can be pushed before they start to push back.

In the latter case, we may have our answer. A fork of Audacity aimed at undoing the changes being made by Muse Group, appropriately named Tenacity, has already amassed more than 4,000 stars on GitHub. Of course there’s no guarantee as to the longevity of such rebellious projects, or critically, whether or not major software repositories will eschew the upstream version in favor of “de-Mused” builds. But there’s an undeniable momentum behind it, fueled purely by the way Muse Group has bungled their interactions with the Audacity community since taking the reins just three months ago.

If this really is the beginning of a hard fork for the legendary open source audio editor, there’s no question as to who should take the blame. In the end, though, if the new Tenacity crew picks up the Audacity torch and runs with it, in a year’s time, we might find ourselves wondering what all the fuss was about.

132 thoughts on “Muse Group Continues Tone Deaf Handling Of Audacity

  1. Having read as much as I have read, this is an amazing summary of the situation at hand and it highlights quite a few important points I missed! Thank you, and I would recommend this article to anyone who thinks “oh, there’s nothing fishy happening”.

    > The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent.

    I dislike this recently prevalent use of telemetry, seems like it has a lot of potential for misapplication. I know about the benefits, I just hope we won’t get hurt too badly by the drawbacks.

    1. Problem is MS put the fear of Gates into everyone with their telemetry…right down to the point people can quip about implants in vaccines. Feedback can be useful but the big boys have ruined the tool for others.

    2. What exactly are you worried about? I would be annoyed if a feature I used a lot were back-burnered because of mis-weighted or overly-weighted usage stats, but other than that what’s the big deal?

        1. Besides, it’s a tail-wag-dog situation in the first place because people use the features which are best developed, which then get more developer time, which the people then use. This “big data” thinking has lead to dumbing down of software to the point that they’re all the same and all the useful features have been lost.

          1. AOL Instant Messenger had functionality 20 year ago well beyond what Facebook messenger has today.
            My Android Phone app still has bugs when I’m on two calls at once (or trying to conference call).
            Google keeps changing text messenger apps and each time they have fewer features and less user friendly than the previous.

            I don’t know if big data is responsible for this, but I know I can’t find a bug report line.

          2. When your enterprise grows big enough to require management that is not involved in the daily operations of the enterprise, you lose information about what’s happening at the “production line” and decisions are made according to what little information percolates up through the system. The same thing happens when someone new buys a business and then attempts to learn the ropes from the top down. In both cases, the growing business loses basic functions and becomes blind.

            In attempts to gain more information, the management applies measurements and metrics which attempt to simplify things down to some key variables and averages easily understood by managers, not by people making or using the product. The product of your enterprise is then made to cater to these metrics – not to actual customer demands or needs. This is seen by the management as rationalizing the business, cutting out the fat, etc. while the customers see loss of features and loss of responsiveness from the company.

            “the system has a severely censored and distorted view of reality from biased and filtering sensory organs which displaces understanding of the actual real-world which pales and tends to disappear. This displacement creates a type of sensory deprivation and a kind of hallucinogenic effect on those inside the systems, causing them to lose common sense. In addition to negatively affecting those inside the system, the system attracts to it people who are optimized for the pathological environment”
            -John Gall, Systemantics, 1978

          3. -John Gall, Systemantics, 1978

            OT, but wow, that’s the first time I’ve seen this one referenced anywhere?!
            It was a life-changing and brain validating book for me when I read it ca ’86 . I re-read it every few years still and think that You’ve picked a very nice quote to show how Gall writes and thinks about the innate situational blindness being alive presents us with ;)

            https://en.wikipedia.org/wiki/Systemantics … does not do it justice. https://epdf.pub/systemantics-how-systems-work-and-especially-how-they-fail.html … pdf here, best read on lazy afternoons.

            I was almost happy to see https://nonzero.substack.com/p/ode-to-a-world-saving-idea-f4b on HN the other day as Ross’77 referenced there is another ‘transcendent conflict killer’ since it too reinforces the idea that circumstances, uh, matter. https://en.wikipedia.org/wiki/The_Culture_of_Narcissism Lasch’79 rounds out the troika of works I cherish, back from the time when reason mattered.

            Anyway, the consequences of exploitation, e.g. hubris before the fall are as sad now as they were 6000 years ago — and Gall et all help one spot, see and talk about that as something intrinsically predictive of opinions.

          4. I was just about to design a dashboard for my system when I read your entry below summing up Gott. Thank you so much for spurring me on to make sure I tell the right story, rooted in the production line reality.

  2. I’m sure that there will still be Muse Group apologists, but hopefully fewer than after the telemetry kerfuffle. I don’t particularly buy their minor contributor argument and doubt they’ll be able to get all the past “major contributors” to sign off on the license change, no matter how much cash they offer. It seems like a fairly impossible task, especially considering a move like this is antithetical to the moral stances of many FOSS contributors. Will they just dump money into rewriting massive portions of the codebase?

    In any case, I’ve only used Audacity a couple of times for fiddly little projects, but if I ever find a use for it again I’ll go looking for a Muse-free fork.

    1. > I don’t particularly buy their minor contributor argument and doubt they’ll be able to get all the past “major contributors” to sign off on the license change

      It’s cute that you doubt it, but all major contributors already signed the CLA.

      1. And, at least those that chose to show up in that PR, refused to answer if they were paid to sign off. As far as I’m concerned any contributes that got paid to sign the CLA, if they in fact got paid, did nothing wrong. But it would be a pretty good indicator that the project is moving away from being open source. It would also make Muse’s retorts of “but all the major contributors signed off on it so it must be good and we must have good intentions” be as disingenuous as everything else they are saying.

        1. It makes me wonder if future FOSS shouldn’t adopt a license that precludes selling one’s own contribution to the project via a CLA. In other words, deny contributors the authority to sign off the sale of their work.

  3. I think it’s predictable, since as the article clearly points out, Muse Group’s parents (since Muse is basically a shell company) has done it before.

    This part gets me: “The document makes clear that the original contributor is still technically the owner of said code, and that they were free to use it in other projects, but they would have no say in its fate once folded into the Audacity project.” – it would be interesting to know just how much of Audacity was written by a small group of power users who could simply be bought out like James Crook certainly was.

    They clearly intend to re-licence the project so they can have Audacity and Audacity Pro By Muse. And there are two things standing in their way – money (which clearly they have) and competition (which is only just forming in Tenacity).

    1. Audacity was, is, and always will be GPL.

      There will never be a paid version of Audacity. Period.

      We fundamentally believe that creator tools should be free and open.

      We also believe in user choice for which device they wish to use software on. There are some devices where access to applications are controlled by a gatekeeper via an app store and their guidelines may change at any time and are not often GPL friendly.

      The CLA allows for a dual license to accommodate such cases.

      1. I can’t believe you would comment on here just to defend your decisions lol. As far as 8m concerned the muse group will always be second fiddle to the true, free, open source audacity. Telemetry I can kind of get behind as it sounds like something I’d consider doing but trying to steal the hard work of others just so the muse grouo can own audacity is something I can’t agree with and will always choose stiff like tenacity which better alines with the core values and ethos of the original audacity project.

        1. You’ve implied that his comments are not welcome and that’s not true.

          We want to foster civil discussion here. I’m glad that Daniel Ray did leave a comment so we can hear where he’s coming from. It’s still possible to disagree with what he says, but we should always be open to hearing people out.

        1. If the authorities have access to the reported telemetry, and it is a Russian company that is making the purchase, then the contents of the telemetry matter a great deal especially to the GRU.

          The Russian government cares deeply about its image, and if they could tie a recording to a particular IP or MAC or any number of other unique identifiers then I think free(dom) speech should be carefully guarded in a FOSS app used to create Free( speaker not in jail) recordings.

      2. The CLA also allows for a lot more. That’s the problem. Perhaps you could phrase that CLA so that it ONLY does what you’re claiming here. Then I think intelligent and reasonable people could not argue against it.

    2. I started reading up on MuseScore since that’s the other opensource project that they bought, have been monetizing, and also use as the example of how they help and don’t hurt. I found some reviews of the paid site they run where you can download free music, and the reviews are not positive:

      https://www.trustpilot.com/review/musescore.com

      If you only listen to their press releases, they sound great. If you do even a cursory internet search, they look rather predatory.

      1. This is… misleading, at best.

        musescore.com, the paid, sheet-music-uploading companion site to the MuseScore app, was launched wayyy before Muse Group (or at least the company that would become Muse Group) acquired it.

        Also, as a personal anecdote, I’ve read some of those reviews from the link you provided, and I’m pretty shocked because most of the negative ones are either at the antithesis of my experience with the website, or completely irrelevant (bad music quality/midi instruments, really ? It’s a sheet music website, not a music rendering one).

        And for those who complain about how you now have to pay for almost everything : that’s how services that offer copyrighted works work, unfortunately, so you should rather blame the law for how incredibly dumb the excruciating copyright longevity extensions have been. Although I hate it as much as the next person, musescore.com cannot continue to operate on a freebie model, lest they be completely financially and legally destroyed by record labels and the likes.

        1. Your characterization of my link is quite misleading. Most of the negative reviews are for automatic resubscription and a refusal to refund despite having been cancelled in time.

  4. WOW. You would have thought that they would have learned from Canonical’s missteps with CLAs, along with Cyanogen starting their life as a corporate entity marred by controversy over the Focal relicensing fiasco (setting the stage of them rapidly getting a reputation for screwing over their partners, leading to the company effectively folding within 3 years…), that shoving CLAs and dual licensing down a community’s throats were a good way to drive user and developer communities away.

    1. The actual issue is a bit different than what is perceived.

      The word community is continually thrown around, but all recent drama comes down to the actual definition of community.

      Our priority is the contributor community and the user community as a WHOLE.

      Of those complaining on Github and online, not a single one of them have contributed a single line of code to the project. Not even one.

      Their complaints and concerns are also not very representative of the actual user community (1.2% of users are running Linux, while the overwhelming majority of complaints were from Linux users).

      So, in addition to the contributor community and the user community as a whole, I do not really see any other community.

      There is this nebulous broader FOSS community that is often referred to. A group demanding to impose their version of idealogical purity on the project, yet not contributing a line of code or participating other than to suddenly appear and make demands.

      But if they are not contributors and not representative of the actual user community… why should the project be forced to cater to the demands of 1.2% of the user base at the cost of convenience to the other 98.8% of users?

      How absolutely insane would it be for any other software project to be beholden to 1.2% of their actual users?

      Don’t get me wrong, we are extremely committed to FOSS, and our motivations are actually quite ideological – we believe every creator deserves equal/free access to professional quality software.

      The difference is our ideology is not the same as this very vocal minority that is primarily anti-corporate and whose demands limit capabilities for the overwhelming majority of users.

      And upon extensive surveys of this overwhelming majority, one of the most requested features was “Update Notifications”, which is precisely why it is being added.

      1. I’m not a contributor, but I am a user of Audacity. I consider myself to be a part of the open source community because I try to use open source software as often as possible because it most closely reflects my ethics.

        I find one thing very curious about your reply, “Their complaints and concerns are also not very representative of the actual user community (1.2% of users are running Linux, while the overwhelming majority of complaints were from Linux users)”

        I get that you might have some stats about how many people download Audacity from certain channels and so you should know what percentage of THOSE people use Linux, but have you considered that they might be acquiring the software through other channels? Also, how do you know that most of the people complaining are running Linux? Are they telling you this or are you finding that information in some other way? I have some ideas of how I would do it, but I’m more interested in how you are actually doing it.

        Furthermore, I think it should be said that people who use Linux are typically the most affected by changes in open source software, and they ARE the primary open source community members. Windows users who use open source software are typically doing so out of a lack of money. They have no strong feelings about the ethics of software or open source ideology.

        It seems YOU have made the mistake of thinking you can buy a part of something bigger and own it all. Audacity became a part of the larger open source community through its years of development and adherence to those ethical standards. You and your fellow Muse groupers thought you could buy Audacity and suddenly it was no longer a part of that community and you can do what you want with it. You should course correct and understand that you only bought a name and a logo. The community owns the rest.

      2. Another question and comment after further reflecting on your comment:

        “The difference is our ideology is not the same as this very vocal minority that is primarily anti-corporate and whose demands limit capabilities for the overwhelming majority of users.”

        You haven’t yet clarified what demands are limiting what capabilities.

        It might be that final paragraph, where you say “Update Notifications” was one of the most requested features, but it’s not very believable. NO ONE likes update notifications.

        Have you ever seen that window pop up as you’re just about to get productive, and you think, “Yay, a new version with some minor changes that won’t affect what I was about to do! Now I can go download and update which will probably require I restart my computer before I can start doing what I was just excited about doing!” No, of course you haven’t. No one likes update notifications.

        However, if we just ignore that, because maybe you could find one person who has some inexplicable condition that makes them lust after notifications of all sorts, then we’re left with the notion that capabilities = update notifications. Personally, if I were about to tank the value of my open source project name and logo that I had just bought over whether or not I should add update notifications, I’d just not add the update notifications. They don’t add enough value to anything to risk wasting all that money.

        How absolutely insane would it be for any other software project to be beholden to update notifications over the value of their entire investment?

      3. “Update notifications” are a plague. They are a sign of a lack of software management in the operating systems from Microsoft.

        You see very few Linux users downloading Audacity because we Linux users get it installed through the package management of the operating system.

        I am an example.

        I have used Audacity since it first showed up in the package managment of OpenSuse. That was in the early 2000s. I have never downloaded Audacity for Linux from project’s home page.

        On the other hand, I use it on Windows computers at times (mostly at work.) I must always manually download it for use on Windows.

        Look into how your users actually get the software before you go spying on them.

        1. What about Mac users? The vaunted Mac OS’s installation/removal experience has sucked for decades, leaving it up to developers to solve the problem. Do you consider that problem solved?

        2. >They are a sign of a lack of software management in the operating systems from Microsoft.

          As a Windows user, I don’t want Microsoft or any third party to manage any of my software other than updating Windows. Update notifications can be done unobtrusively.

      4. >cater to the demands of 1.2% of the user base

        If you want to write good software, you don’t write for your “user base”, you write the software for a task or problem that needs to be solved by people.

        Trying to develop “democratically” just leads to wild goose chases because the masses of amateurs using the software don’t know what they need or want, or how things should be done, because they’re amateurs and haven’t yet the experience to say. Tracking the habits of your users is simply going to reveal that they use the features you give them – so you’re trapping yourself into a feedback loop.

        That 1.2% of the highly technical users are probably going to have better ideas about what the software should do, how it should do, than the people who pick up the software because they don’t have to pay for it. Just like, if you were to develop a competitor to Photoshop, you would go ask professional photographers and printers, painters, etc. about their processes and theory, instead of just winging up something in cargo-cult fashion to please the amateurs.

    1. It was the founders of the software. They really only sold the name and logo, but also access to the github account. The main guy’s name is actually Crook (hilarious, but coincidental?). I’m ok with it being sold. It was theirs to sell, and so what? It’s open source. I understand the stink being made about it all, but really, we should just fork and move on. Let Audacity die the death the founders have planned for it.

    1. Personally I’d give priority to an entire software package over a python library, but a simple “Tenacity-audio” and “Tenacity-pylib” or some other such renaming would be fine. I doubt it would be an insurmountable problem.

  5. Freenode and now Audacity stories shows that it’s too easy to register a trademark on a community project and take full control of it. The actual legislation don’t care about contributors and even less about community. The Debian project constitution is probably an example of possible solution, but it focus more on contributors than in the community.

    1. > Freenode and now Audacity stories shows that it’s too easy to register a trademark on a community project and take full control of it.

      Except no, it does not. Because the trademark for Audacity was registered around 2004 by the guy who actually wrote this software, and the reason he did so has a few things to do with protection from Amazon/ebay scams.

  6. Don’t for a second think your Internet connection is anything other than a firehose for things you wouldn’t share if you knew. There is ultimately no privacy or anonymity on a network .

  7. Are people still surprised in regards to this type of ‘stuff’? Or only when it has an effect on them. This pattern of shenanigans on display, down to damage control, is from a very old playbook. Out with the old, in with the new while only minimizing controversy with repetitive, and often times not quite honest information release, which is quite often murky at best. Sorry to say, most business operates like this.

    1. I stepped in here to make precisely that point- Apparently, the owner put out comments asking for a name to call it, and a lot of people got rather butthurt when their suggestions were not used and decided to go full-on doxxing and SWATing against the owner.

      For the love of %deity% people, be kind to others, even if you don’t fully agree with them.

      1. Worse, he was stabbed.
        The details are unclear due to the ongoing police investigation but it happened on private property where one had to explicitly enter.
        Gona take some time for the full details to shake out about it.

        1. As far as online drama goes, that is just a claim and, just like the “police was contacted”, might be false or misleading. I got bored and wrote a 5k character breakdown of the situation as I saw it unfold, if it goes through HaD moderation, you will see why I’m doubting the maintainer in question.

          Either way, the Tenacity fork wasn’t cancelled, a maintainer stepped down, IIRC someone else took the lead.

      2. That’s… not what happened. I was metaphorically “passing by”, was ill and out of energy that day (IIRC on 7th of July), a friend tipped me off that something was happening, I decided to relax and read a bit of online drama. I’ve read a lot of (now-deleted) GitHub issues&PRs, 11 4chan threads, a dozen of tweets + some side coverage, here’s the story I saw.

        The person who originally forked Audacity on GH and took the lead (nicknamed cookiengineer, further CE, no idea about gender) made a poll with names to avoid trademark infringement. “Sneedacity” was one of the options *in the poll*, either added by CE or their friend. “Sneed” happens to be a 4chan meme, a reference to a skit from a Simpsons episode, thanks to clever wordplay. A 4chan user noticed the poll and posted a “let’s vote Sneedacity to the top” thread – and it happened. CE saw that option and said “oh, I actually don’t like it, I will pick something else”.

        If you say “pick a name” to a large audience and then throw out the overwhelming favourite that *you yourself added*, people will be pissed. You can refuse respectfully and only draw the ire of idiots, but CE’s refusal was far from respectful. And while the more mature people were put off by that and just flamed the threads a bit at most with Simpsons memes and “why even make a poll if you won’t accept your own candidate name”, the less mature ones… With 4chan’s “edgy teenagers” audience, there was some serious harassment in GitHub issues, -isms and -phobias, anything upsetting to read, it was there.

        CE and a few quickly picked moderators were deleting comments, both the vile ones and the “this is dumb, it was your suggestion in the first place” ones. That didn’t help. Honestly, I don’t know how to react when a small crowd of people with lack of frontal lobe development are spamming you, and I wouldn’t wish it on anyone, but I *certainly* would not do what CE did next.

        CE, in a fit of whatever is the opposite of self-respect, started replying to their 4chan harassers, both through their GitHub issue comments (indirectly calling the 4chan crowd out) and through their GitHub profile – directly replying to certain inflammatory comments in 4chan threads (referencing them by 4chan comment number) by updating the GH bio with replies every few minutes or so, which I’ve witnessed personally. CE didn’t object to/defuse the harassment as much as they stated that they consider people on 4chan to be inferior to themselves, both personality- and skill-wise. Now, this may be true, but I’ll be damned if it didn’t escalate the shitflinging.

        It became obvious to me that 1) CE knows what 4chan’s MO is (from CE’s now-deleted GH comment) 2) given CE’s awareness and persistence, they deserved each other. CE kept fueling the fire for some time with replies as full of bruised ego as they were of words, then stopped after some time, and eventually released a “I am being harassed and police is involved” statement, and then a “I am stepping down as a maintainer because of harassment” one. It was apparent that CE decided to have an ego trip instead of using moderation tools to their advantage. Again, this is what I’ve witnessed unfolding in real time, but not something that was highlighted anywhere where I’ve seen it covered.

        CE also therefore set up the moderators they asked to help clean up the GitHub mess, some of them targeted with severe transphobic comments due to their gender identity, IIRC. When I realised that, my opinion of CE sharply dropped. Who cares if someone decides to pick an ego fight with a crowd of teens, but don’t make others suffer because of that.

        CE made claims that they were harassed IRL, CE’s phone being spam called (probably a robocall-for-hire service), someone knocking on their house’s window, later, someone stabbed them by a “butterfly” knife? 0_0 None of these claims were accompanied by meaningful evidence + I saw CE contradict themselves on the first one. I haven’t seen CE’s phone number and address being published anywhere I looked, even though I was curious and figuratively “on the crime scene” as it was unfolding, neither did others.

        CE says they contacted the police – I sincerely hope that the people involved get the book thrown at them, they were obviously looking for someone to lash out on. However, the police story is also just a CE’s claim, too – I am hopeful but doubtful, what’s with the self-contradictions and immaturity. There was no SWATting involved.

        I believe that the Tenacity project deserves a more mature maintainer, hopefully that’s what it got. What I’ve witnessed was… Imagine you’re in a bar relaxing and drinking, a drunk guy with slurry speech who can’t keep his mouth shut looks at you and tries to offend you. Instead of deescalating and telling the bouncer or the bartender, CE looked the drunk guy in the face, laughed, said “you are a drunk idiot, I’m better than you, scum” and flipped him off. Anyone surprised that a bar fight happened?

        1. Thanks, interesting little story.
          While I don’t wish any 4-chan “experience” on anyone, especially over some stupid trivia like this case, it does sound like CE “done goofed up” with the response when it actually happened.

          Maybe there’s a lesson here somewhere, but I doubt it’s a new one. There’s been a saying about people who argues on the internet, well, as long as there’s been an internet. Still true.

    1. @Kris said: “The fork is already done. Just use and contribute to that. No need to talk about it any further than that, except to make people aware of the new fork.”

      I see at least four Audacity forks on GitHub right now (there may be more): tenacity[1], Sneedacity[2], Audacium[3], and Saucedacity[4]. At my post time looking on the GitHub pages, Sneedacity is offering binaries for Windows, MacOS, and Ubuntu. Audacium is offering binaries for Windows, MacOS, and as an AUR package for Arch Linux. I don’t see any binaries available for tenacity yet. Saucedacity says it offers Windows and MacOS releases but the link on the GitHub page doesn’t seem to work for me. Things seem in flux right now, which is a good thing at this early stage IMO.

      There’s a report the tenacity forker “cookiengineer” quit because of 4channers harassing him/her over the “tenacity” name.[5] There’s also a report “Audacity fork maintainer nearly killed!” [6] which refers to the Sneedacity fork. Given the sources I’ve seen for these stories I have no idea what’s true and what isn’t.

      I have not tried any of the new forked binaries yet. I’m not a frequent Audacity user so I’ll let things settle down a bit first. If you want to try an early forked binary, I recommend you let something like VirusTotal [7] have a look at it first. If you eventually find an Audacity fork you’re happy with, remember to contribute something to those that made it possible.

      * References:

      1. tenacity on GitHub

      https://github.com/tenacityteam/tenacity

      2. Sneedacity on GitHub

      https://github.com/Sneeds-Feed-and-Seed/sneedacity

      3. Audacium on GitHub

      https://github.com/SartoxOnlyGNU/audacium

      4. Saucedacity on GitHub

      https://github.com/generic-pers0n/saucedacity

      5. Audacity fork maintainer quits after alleged harassment by 4chan losers who took issue with ‘Tenacity’ name

      https://www.theregister.com/2021/07/07/tenacity_maintainer_quits_4chan_harassment/

      6. Audacity fork maintainer nearly killed! look desc.

      https://www.youtube.com/watch?v=0cKsOSHwkiY

      7. VirusTotal

      https://www.virustotal.com/gui/

  8. The CLA is the worst part, but I think you’d be surprised at how many projects you use every day have a CLA as part of their development process.

    The privacy policy is pretty much boiler plate. There is literally nothing surprising there. The request that you must be 13 to use the software is interesting. I suspect that a bunch of projects and even proprietary programs run afoul of the GDPR and COPPA. Expect more of these CYA sort of statements to be snuck into privacy policies.

    The “telemetry” coming to Audacity is very simple, Automatic updates. Your system tells them the OS and version of Audacity running, to see if a new version is available. That’s it. The error reporting is off by default, even.

    What’s really caused the uproar this time is a few sites looking for clicks, and running libelous headlines based on a privacy policy that is really uninteresting. Kudos to Tom for sticking to the facts here.

    1. “Automatic updates.”

      Nope. My operating system manages updates. A program has no need to worry about updating itself. The package management system takes care of that for all my programs instead of every program implementing the same functionality and each connecting to some other server to see if there are updates available and by the way spying on me.

      1. And guess what? When the maintainer for that package pulls the update, they can turn that feature off. (I think it’s been said that it’ll be off by default for Linux compiles, but don’t have a source to point to.) Most of the Audacity installs are almost certainly on Windows, where there is no such operating system feature.

      2. >My operating system manages updates. A program has no need to worry about updating itself.

        The issue is that if we’re pushing software and updates to a third party service, then that service gets to choose what software is available, which versions are available, when they become available or when they are removed from the service… and all that also costs extra money, which is recouped by making “special deals” with software vendors, ads, or charging me more money for the same thing. None of those are nice things to have, and not something I would trade off for the “convenience” of having automated updates pushed on me.

        Especially on Windows, we do not want software to be distributed through the Microsoft Store just so we could get automated updates. The further they keep away from whatever software I choose to have, the happier I am.

    2. Nah, no need to be telling Muse what you have for updates. The client (Audacity) only needs to request the latest version number from muse and compare it with what’s installed to determine if an update is needed. Muse doesn’t need telemetry to be sending IP’s and system configurations and all that crap to handle updating. It can all be done in the client, privately, through requests.

      1. Sorta. Regarding IP, anytime your machine talks to the Muse servers, you’re sending them your IP. You check for an update manually by opening the site and looking at the latest version? Your browser sent your IP. You do need to send your platform and OS in order to get the correct link to download. It’s even feasible that the various platforms wouldn’t be on the same version number, for various reasons.

        1. Yes, sorta. But a few points —

          The article calls out the IP as “sent” information. The implication being that’s a metric they intentionally gather and store. Yes, webserver logs will always expose my IP address to the host, but it’s up to company policy whether they store and index that information.

          And no, it is never necessary to send any information to the host for updates. All they need to do is host a small text file (or json, csv, whatever) listing the latest versions per platform. They can even include different releases (stable, beta, dev, old-stable, etc) in the same file. Client just requests the latest update metadata and chooses an appropriate reaction.

    3. The sensationalist headlines are very frustrating, especially when the history, technical, and legal details are massively nuanced and undoing a lot of the misconceptions, which you touch on well, requires pretty long winded explanations. Although misconceptions is putting it nicely because there have been so many outright lies reported as fact that I’ve seen in the low effort click bait that its burnout inducing. The boilerplate legalese is a bit concerning but not particularly unique or out there for any developers struggling to take child privacy laws seriously, but I feel like even in this article is being sensationalist about the actual details of the telemetry feature proposed and is nit picking a required legal document to make the case against it seem better than it really is. The assertions that this is being done to “kill competition” is laughable because frankly Audacity in its current form is toy quality audio software.

      The most disappointing thing about this however is seeing the number of so called FOSS enthusiasts who apparently do think the F stands for F as in beer.

    4. I’m sure all sorts of modern OSS projects have weirdo contributor covenant/agreements/pacts/whatever, but how many of them have been dropped on a project that’s been under GPL for 20+ years by the new owner who stated in black and white that they intend on using your contributions for a future closed/paid product?

      Feel like you’re really downplaying how scummy this is.

      1. One small problem with that grand plan. How does GPL code come under “new ownership”? If that was the case Microsoft would have had a grand day buying up the Linux kernel, and putting an end to the young upstart. It doesn’t matter what any “owner” says. The only words that matter are the people who wrote the code in the first place. The rest is just blowing smoke.

        1. Did you read the article, or the linked GitHub posts? They say the majority of the past contributors signed the CLA, and the ones that didn’t will have their contributions removed.

          If that’s the case, they have the right to turn Audacity into a closed source program tomorrow if they wish. Old releases will still be bound by the GPL, but new ones can be whatever they wish.

    1. Its the comments like this that really kill me because exposure is legitimately a benefit of donating ones times, whether it being coding or community support, to a FOSS project and a paid version doesnt explicitly require a non-GPL license. These are very basic misconceptions.

      1. No Walter. Maybe in the past when paid jobs followed exposure, but that’s no longer the case. Now you’re just another person to exploit for free labor. Forget about exposure. It’s a lie.

        1. Just a humorous example to support my claim: Consider all the editors in the comment section here at hackaday. They have a tremendous amount of exposure whenever they point out typos, but I don’t think a single one has been hired to do the same job for money.

  9. I used to caution ppl to not jump the gun just cuz riling up on a disabled-by-default telemetry is unwarranted paranoia, but Muse has only kept on proving they only have bad plans in the bg, so, I’m now disabling all the cautions and breaks, instead Imma say “Fork away and let’s show this won’t stand !”.

      1. Are you cool with your groceries spying on you and selling data about the contents of your house to other retailers?

        Linux and BSD software repos give away the groceries and respect you privacy. They are even organized better than most commercial app stores.

        Audacity was a fine mature simple audio editor that filled a niche on Linux boxes and Macs. Telemetry and spyware are unnecessary. Monetizing lame mobile versions of other people’s software they gave for free is stupid. Taking a perfectly good free product, crippling it and selling a “Pro” version that brings nothing substantial in the way of new functionality is sleazy.

        In short, fuck Muse….. Tenacity will carry the torch.

        1. Technically no. They still operate to make profit and compete against other co-ops. They need the profits to re-invest back into the business and its operation, and any profits left over are redistributed back onto the customer-owners, at the expense of non-owning customers. A co-op is a business just like any business, and under capitalism businesses make profit to benefit their owners.

          Large co-ops have the problem however, where the management of the co-op starts to spend the company money onto themselves instead of giving out dividends. This happens because there may be thousands or even millions of nominal owners to the co-op, so anyone’s control over the company is diminished into electing the board of managers. People form factions, most don’t even vote, and whoever is in control is always doing their best to reward their own supporters while pocketing as much as they can get away with.

          1. One word, “Mountain Equipment Co-Op” here in Canada.

            It had two stores in 1981 when I joined, it was about to go under last year from over-expansion, and the need to sustain it (so lots of new items that had nothing to do with self-propelled outdoor activity).

            You had to be a.member to buy, so millions of members, only a handful voted. A board focus away from coop ideals, to management types.

            The AGM cancelled last year, the contents sold before we were informed, and never given a chance to vote.

            It worked when it was select items sold out of a van, and membership fees accumulated so inventory, and a store, could be added. Bit those membership fees also allowed for the heavy expansion in the last fifteen years.

            I’ve seen small coops come apart because people liked the idea, but were unwilling to put their time into it.

            Neat ideas fail if they are mostly idea.

        1. Historically, only economic freedom, AKA capitalism, has resulted in the sort of prosperity we take for granted today. Have you ever read the accounts of what happens when a nation tries to do away with capitalism? Go read about the Khmer Rouge, and then China’s Great Leap Forward. For all its warts, I’ll keep my capitalism and its profit-driven markets.

        2. The only motivation to produce more food and resources than are needed to sustain yourself is to trade. Trading is the means by which other people than those who work the land can survive. The other alternative is robbery.

          The Soviets found this out the hard way when they redistributed the lands to the peasants and made more than 80% of the population independent and self-sufficient homesteaders. With nothing to trade for, they simply kept their surplus to themselves and the urban communists found themselves lacking a purpose – which was supposed to happen, since communism was supposed to make the state vanish. However, the problem was, the people who were the state did not. Hence the forced collectivizations to take the land back from the peasants and re-instate state control, so the urban political elite could eat and not have to become peasants themselves.

  10. Is info getting picked off from users about what they are recording? The record police would like to know what audio is being recorded. They would pay for this data. WASAPI is a very handy feature when recording anything happening on my computer.

    I had to put an old version on a 32 bit computer with XP to use a venerable Soundblaster card for a standalone transcribing rig.

  11. Oh right, I keep forgetting to tell Muse Group that a simple way to avoid the issue of needing to change the Audacity user agreement to account for the telemetry, since it’s off by default anyway, would be to make the telemetry a plug-in. That way, the additional terms would only be needed when installing the plug-in, not the base program.

    This would also allow them to make a second version of the plug-in for people who want additional telemetry via Google or whatever other system, without the code for calling those services even being installed for users who either opt for either no telemetry or the more limited version.

    Additionally, an alternate way to get feedback on use of program features could be to make a very customizeable user interface that lets people set certain functions more prominently, and run a portal for user-made UI setups. The popularity of various setups, as measured by downloads, could then be taken as a proxy for user interest in the functions placed most prominently in them.

  12. I’ll say it up front, I’m still on Audacity 2.x because I run Gentoo, and compiling Audacity 3.x is a pain. Given this, and the fact PortAudio (which Audacity is based on) does not play well with PipeWire, I’m actually looking at an alternative. I was thinking about this before Muse’s shenanigans, but maybe there’s interest in doing more.

    Thinking technically… GStreamer framework looks like it’d get us 90% of the way there, we just need to build the UI. As a bonus, GStreamer has first-class support for ALSA, JACK, PulseAudio, DirectAudio, CoreAudio, OSS, there’s talk of including first-class PipeWire support (but for now you can just use the JACK or PulseAudio sources/sinks).

    The thinking is that the tool would not only let you record and play audio, but also allow you to apply filtering real-time on the audio on its way in or out using the GStreamer filter plug-ins.

    There could be other audio flow-graph frameworks that might be viable too, but that’s the first one that came to mind that might do the job. Another option might be to re-purpose GNURadio, since that’s a similar concept… we’ll have to do research.

  13. Hmm, I’ve been mildly interested in MuseScore for a while, but this controversy with Audacity makes me hesitant to try any of the Muse Group’s products. I use Reaper for most of my audio heavy lifting and only use Audacity for transcoding or simple recording & editing. I’ll resist upgrading until there’s a reliable truly FOSS alternative. This reminds me a little of the Open Office – Libre Office fork.

  14. Is there a project which keeps an eye on telemetry from software and then can be used to find the IP’s and block them ?
    Other than manually doing it via wireshark which I do at present.

  15. But, is Peter Quistgard pissed?

    Only the older generation will get this joke. Serial number and name registration details for Cooledit 2.0 , way back in the 2000 era.

  16. I updated audacity on my PC a month or so before the sale went through. Thank goodness I still have the installer. I’ll stick with that version for a while until I know whether or not the fork is worth using.

    1. Same here. Audacity already did everything I wanted it to do and then a lot more as well. I’ll be happy with what I already have installed for pretty much the rest of my life. I hate to see a good open source project die the death of a thousand profits, though.

  17. Honest, genuine question: what examples do we have for commercial entities adequately shepherding projects which had started as Free/Libre Open Source or otherwise crowdsourced/community-based?
    In other words, what’s appropriate inspiration for a company taking over code (or data, content, etc.) originally built in the open?

    I’m having a hard time thinking up examples. Part of the reason might be that we cover negative examples more extensively? At the same time, if positive examples are rare, they’d be deemed newsworthy.

    Of course, there are businesses built on top of Open code, data, content which are successful and didn’t attract that much controversy. Which isn’t the same thing as taking care of that codebase or that data/content/etc. And it’s radically different from the dream scenario for a community-based project.

    The reason I mention data or content is that I keep thinking about two transitions which happened a while back: CDDB (now Gracenote) and IMDb (now owned by Amazon). Those cases were much less about the software development and much more about information contributed by users, in the early days. As strange as it may sound, these two cases still leave a bad taste after so many years.

    So, sincerely, I’m interested in “good shepherds”.

    1. As a followup, as I’m still trying to find those examples…

      We can come up with “good shepherds” from foundations and nonprofits. For instance, despite some issues, isn’t it fair to say that the (almost-18yo) Mozilla Foundation did well with the Netscape codebase?
      (Surely, some people will point out how bad it’s been. Still, it doesn’t have that bad a reputation in terms of maintaining the code which developed as proprietary and then opened up.)

      Was thinking of Automattic’s WordPress from b2/cafelog code… Which is more of a fork (and “official successor”) than maintaining the original project.

      So, what are some open projects which have been handled properly by business interests?

      1. That’s a really good question and some interesting thoughts. I honestly cannot think of a single example that fits your requirements. It seems that crooked people tend to be attracted to open source projects. Maybe they think that all the hard work they couldn’t do in a million years has been done, so now they just have to swipe, swindle, and profit?

  18. It’s hard not to associate this with a related move by Adobe to watermark content you create in their products to prevent the spread of anonymous “misinformation”

    1. That’s dumb. It’s pretty easy to run stuff through convertors and strip out all the non-standard info. Even a print screen of your work in the Adobe software would remove any watermark. Color printers are a bigger problem. You’d have to print without yellow, then it might as well just be a black and white printer. OR you could hack it and remove all the suspect hardware.

  19. I have a copyright/patent question about this section:

    “When a commenter asked Ray how Muse Group intended to get past contributors to agree to such a document, he replied that only major contributors needed to sign off; the team decided that rewriting what he described as “trivial” contributions would be more efficient than getting the original authors to agree to the new terms.”

    My understanding of what is described here is basically that they’re going to “reverse engineer” and rewrite the code so that they have “original” code to use as they wish. However, how can they do that when they have the original code staring them in the face? I’m reminded of the article that was recently posted about how the BIOS code was reverse engineered by a description being written about it by one group of engineers who held the device/manual in their hands and then the code was written by someone else who only had access to the description that was written by the first group of engineers. Wouldn’t that also be required in a case such as this? If so, who’s going to be checking up on them? If not, is the difference the copyright vs patent issue, or is it something else?

        1. QCad was forked into LibreCAD, because newer community edition of QCad (based on Qt4) wasn’t coming at the time. Parts of QCad were also licensed GPLv2 only (not GPLv2 and newer) at the time. This, in particular, prevented the software from using LibreDWG directly (it’s GPLv3+). While LibreCAD 2.x is still GPLv2, upcoming v3 has all GPLv2 classes rewritten from scratch so that the switch to GPLv3+ became possible.

      1. GPLv3 isn’t an upgrade. GPLv3 chases away your project’s best funded contributors.

        The “or newer” clause in the example GPL header was always a terrible idea, and it allowed the FSF to issue a harmful successor to the GPLv2.

        It would be difficult to quantify, but I would wager that the “or newer” clause combined with the GPLv3 squandered decades of good will and potential interoperability as deep-pocketed corporations stopped cooperating on the parts of the stack outside of their core business because the terms of the GPLv3 were naively written in such a way that is impossible for them to comply with.

        Whether you agree with me about GPLv3 or not, I strongly urge you NOT to include “or later” clauses when licensing your OSS.

  20. When you write “The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent”, I could also read: “which audio filters are most applied so that we can license them as plugins that must be paid/accessible with a subscription plan”…

  21. “We cannot allow the fact that we accept contributions from the community to become a disadvantage”
    No, you’d rather screw over the contributors to gain as much advantage as possible.

  22. I must be missing something… I have a tiny, free firewall installed; after installing a program, it shows in the “application” list and I simply set the firewall to “block this application”. So every Audacity telemetry goes to the bucket.
    What’s missing?

    1. Stupidly hard to do on Linux, cuz the firewall GUI’s aren’t good, and probly neither IPTables or NetFilter supports per-app, so it’s things like AppArmor or systemd, AFAIK, and those aren’t intuitive.

  23. If the authorities have access to the reported telemetry, and it is a Russian company that is making the purchase, then the contents of the telemetry matter a great deal especially to the GRU.

    The Russian government cares deeply about its image, and if they could tie a recording to a particular IP or MAC or any number of other unique identifiers then I think free(dom) speech should be carefully guarded in a FOSS app used to create Free( speaker not in jail) recordings.

    // Mods and readers, this was intended to be a standalone comment about the article and not a response to the thread I posted it on above. It was user error and in that context the response didn’t apply well.

  24. I agree, that the “Tenacity” project needs to be renamed to prevent package manager conflicts. I’d suggest “Audicity” or “Audiocity”, simply changing the second “a” to an “i”. Part of the beauty of the original name was the way it resembled “Audio” or “Auditory”. Which points out that the current fork name “Tenacity” loses that resemblance. It might also be advantageous to retain the letter “A” as its first letter for the sake of prominence in alphabetic sorting.

Leave a Reply to Jonathan BennettCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.