New Privacy Policy Gets Audacity Back On Track

Regular readers will likely be aware of the considerable debate over changes being made to the free and open source audio editor Audacity by the project’s new owners, Muse Group. The company says their goal is to modernize the 20 year old GPLv2 program and bring it to a larger audience, but many in the community have questioned whether the new managers really understand the free software ethos. An already precarious situation has only been made worse by a series of PR blunders Muse Group has made over the last several months.

But for a change, it seems things might be moving in the right direction. In a recent post to Audacity’s GitHub repository, Muse Group unveiled the revised version of their much maligned Privacy Policy. The announcement also came with an admission that many of the key elements from the draft version of the Privacy Policy were poorly worded and confusing. It seems much of the problem can be attributed to an over-analysis of the situation; with the company inserting provocative boilerplate protections (such as a clause saying users must be over the age of 13) that simply weren’t necessary.

Ultimately, the new Privacy Policy bears little resemblance to the earlier draft. Which objectively, is a good thing. But it’s still difficult to understand why Muse Group publicly posted such a poorly constructed version of the document in the first place. Project lead Martin Keary, better known online as Tantacrul, says the team had to consult with various legal teams before they could release the revised policy. That sounds reasonable enough, but why where these same teams not consulted before releasing such a spectacularly ill-conceived draft?

The new Privacy Policy makes it clear that Audacity won’t be collecting any user data, and what little personally identifiable information Muse Group gets from the application when it automatically checks for an update (namely, the client’s IP address) isn’t being stored. It’s further explained in the GitHub post that the automatic update feature only applies to official binary builds of Audacity, meaning it will be disabled for Linux users who install it through their distribution’s package repository. The clause about working with unnamed law enforcement agencies has been deleted, as has the particularly troubling age requirement.

Credit where credit is due. Muse Group promised to revise their plans for adding telemetry to Audacity, and judging by the new Privacy Policy, it seems they’ve done an admirable job of addressing all of the issues brought up by the community. Those worried their FOSS audio editor of choice would start spying on them can rest easy. Unfortunately the issue of Audacity’s inflammatory Contributor License Agreement (CLA) has yet to be resolved, meaning recently christened forks of the audio editor dedicated to preserving its GPLv2 lineage are unlikely to stand down anytime soon.

29 thoughts on “New Privacy Policy Gets Audacity Back On Track

    1. That’s one take on that situation. The other is that their upstream licencors are making them take action against the tool, and the Muse Group are honestly concerned about what will happen to the programmer that happens to be a Chinese national when their hand is forced.

      1. The cow is out of the barn, they need to implement server side login validation if they want to to appease upstream licencors. If you create a backdoor and people find out out about it, you got to close that back door. No use deporting back door spelunkors.

        1. yikes! i just read about all this and i’m stunned. they took an open source project that was widely used for piracy, and then turned it into adware that now used a properly-licensed dataset? and then complained that people had written an alternative client to access the same dataset without the ads that supported the licensing???

          if they had simply made the adware in the first place there would just be this awkward question of “what did you expect would happen when you open-sourced your adware?” but starting with an open source program. jeesh they’re really showing off how cooperating with this particular company on open source software is impossible.

  1. Frankly, during all of this, even the most optimistic angle I can find presents the Muse group and all of their actions as being wholly incompetent and totally unfit for the role and responsibility of furthering development of Audacity.

    But the pessimist side of me suspects this is the corporate Russian oligarch overlords pressuring for changes that makes it easy to directly or indirectly monetize hardcore from Audacity, but the consistent backlash against those changes so far has caused them to go on retreat and lick their proverbial wounds while figuring out how they can make their money making dream happen instead.

    Long story short: Muse group either needs to Leave Audacity, or Audacity needs to leave Muse group.

  2. I think its a case of too little too late.

    If you anger the open source community to the point where forks are being made, and one of those forks comes out on top as the de-facto replacement, you’ve already lost.

    Community momentum is a thing.

    If they had said “our bad, we’ll retract, reassess, and keep you in the loop transparently” on day 1, they’d have probably kept the community.

    Now… I’m fairly certain they won’t.

  3. I’m still going with Tenacity. Audacity had my trust but chose to squander it and now they’ll be in the same group as Sony, Apple, and Ticketmaster to never receive any of my attention, ever.

  4. So, the story is now that they didn’t understand what they were doing.

    I agree. While I thank them for the confirmation… The issue now is why anyone would ever want to trust them again. I’m moving on.

    That’s the problem with Foss development… Your reputation is everything. One big misstep and it may be years/never before folks trust you again.

    1. It’s gonna take one helluva Mea Culpa, along with nuking from orbit every single thing that negatively contributed to the brouhaha.
      So far they haven’t napalm’d the CLA out of existence nor /dev/null’d any of the telemetry related components they’re planning, or laid bare the whole structure of muse groups and the owners’ names.

      So yeah, not doing well on that front…

  5. to me, it will be better to go on with the fork without care about “step back” of Mouse Group and the Community should abandon Audacity. It should be a good sign to next “sharks” that will try to overpower a FOSS software. “you buy and change policy”? ok ,we fork it, abandon the original software and “byebye” your evil plans. To me, audacity is dead.

  6. Why is this even a thing here anymore? They’re threatening developers openly online, in some cases threatening to have the Chinese government unleashed upon people. Audacity is a billion miles away from being on track.

  7. They were ( are ) probably feeling the waters for what they can get people to accept.

    But the real problem is , while some people will leave for the alternatives / forks, a lot of people, due to brand recognition or just laziness / “don´t care” attitude, will stay with audacity.

    To each one his own, as long as we have alternatives, they can put whatever their users will accept in their software. We just jump to other options.

    And if those options start to misbehave also ? Just start another project like this from scratch. During sometime, it will work and be rid of this kind of shenanigans.

  8. I think the change of attitude purely motivated by fear of public backlash is clearly recognizable here. Would have they corrected the privacy policy in case it went unnoticed? Nope. Will they attempt that trick again should the public pay less attention in the future? Yes, they will do.

    To me Audacity is dead, as is any product from Muse Group.

  9. Years ago I had a “forever free” credit card from my credit union. One year I got a charge on my bill for a $35 annual renewal fee for the card, so I called them. They were happy to tell me that there was a voucher for that fee in the newsletter they were sending out. I canceled the card, it did not take a rocket scientist to see that the next year the voucher would be gone. If they changed all at once many people would make noise, but this was a clever way to dilute the change. I suspect the year after when there were no free vouchers, if you too the time to call, they would forgo the fee, but I also suspect in a few years no one would call anymore and by that point in time they would figure they could afford to piss off the last of the hold outs by not being “free”.

    I think the new owners of the name have shone the direction they want to go in and are now working out the roadmap for how to get there, perhaps more slowly. This also does not address the changes to code that has been submitted and the ownership and use of that.

  10. I don’t believe it for a moment. This clearly was not an oopsie copy paste template draft. They tried to sneak it in and failed and now they are going to slow roll changes and hope we dont notice. Audacity is dead, long live Tenacity

  11. It looks more and more like:
    – Muse had a side goal of wanting to monitize Audacity in any way possible and telementary can be sold.
    – While their main goal was and is being able to take any contributed code, past or future, to use wherever they want, anyway they want, licenced anyway they want.

    So no big deal that they – on paper – promised to change their telementary/privacy plans. That’s just a side issue. The big one is where they get to steal contributed code. If they can distract people away from that by waving a privacy policy, they’ll do it.

    Culturally they seem to assume they can just bully their way into what they want. They’ve setup up their camp fully in the Not Trusted Zone. No matter what they do to try and move (or try to appear that they will move?), the pile of debris they made in their camp will always be there.

  12. Feels a lot like “We’re very sorry that we got caught”.

    Explaining it as incompetence doesn’t really help either – who the hell takes on something like this and then immediately makes multiple obviously controversial steps/mistakes/changes without any communication or consultation with the community? It surely doesn’t take a rocket surgeon to see that “Hey let’s update the privacy policy / add tracking” is going to cause ripples no matter how carefully you do it, never mind clumsily dropping it in people’s laps.

  13. You’ve all been focusing on the wrong thing.

    Telemetry? Well how much personal information are you giving it? Are you putting credit card numbers in the meta data of your audio files?

    No-kids policy? Like anybody follows the EULA.

    This part scares me:
    “The company says their goal is to modernize the 20 year old GPLv2 program and bring it to a larger audience”

    Modernize it? What does that mean? Remove all the keyboard shortcuts, De-emphasize the mouse and add so many gestures that every single touch activates some unexpected menu item? That’s what everyone else seems to think of as a modern UI.

    Bring it to a larger audience? So dumb it down then. Remove all features more advanced than play/stop/record so that even the lowest common denominator brain can comprehend it all and not be scared away by the feature that one individual does not need?

    That UI is so old because the developers *cough* Cool Edit *cough* figured it out a long time ago, it works really well and changes probably will not make it better.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.