New Privacy Policy Gets Audacity Back On Track

Regular readers will likely be aware of the considerable debate over changes being made to the free and open source audio editor Audacity by the project’s new owners, Muse Group. The company says their goal is to modernize the 20 year old GPLv2 program and bring it to a larger audience, but many in the community have questioned whether the new managers really understand the free software ethos. An already precarious situation has only been made worse by a series of PR blunders Muse Group has made over the last several months.

But for a change, it seems things might be moving in the right direction. In a recent post to Audacity’s GitHub repository, Muse Group unveiled the revised version of their much maligned Privacy Policy. The announcement also came with an admission that many of the key elements from the draft version of the Privacy Policy were poorly worded and confusing. It seems much of the problem can be attributed to an over-analysis of the situation; with the company inserting provocative boilerplate protections (such as a clause saying users must be over the age of 13) that simply weren’t necessary.

Ultimately, the new Privacy Policy bears little resemblance to the earlier draft. Which objectively, is a good thing. But it’s still difficult to understand why Muse Group publicly posted such a poorly constructed version of the document in the first place. Project lead Martin Keary, better known online as Tantacrul, says the team had to consult with various legal teams before they could release the revised policy. That sounds reasonable enough, but why where these same teams not consulted before releasing such a spectacularly ill-conceived draft?

The new Privacy Policy makes it clear that Audacity won’t be collecting any user data, and what little personally identifiable information Muse Group gets from the application when it automatically checks for an update (namely, the client’s IP address) isn’t being stored. It’s further explained in the GitHub post that the automatic update feature only applies to official binary builds of Audacity, meaning it will be disabled for Linux users who install it through their distribution’s package repository. The clause about working with unnamed law enforcement agencies has been deleted, as has the particularly troubling age requirement.

Credit where credit is due. Muse Group promised to revise their plans for adding telemetry to Audacity, and judging by the new Privacy Policy, it seems they’ve done an admirable job of addressing all of the issues brought up by the community. Those worried their FOSS audio editor of choice would start spying on them can rest easy. Unfortunately the issue of Audacity’s inflammatory Contributor License Agreement (CLA) has yet to be resolved, meaning recently christened forks of the audio editor dedicated to preserving its GPLv2 lineage are unlikely to stand down anytime soon.

Open Source Is Choice

If you haven’t been following along with the licensing kerfuffle surrounding the open-source Audacity audio editing software, take a sec to read Tom Nardi’s piece and get up to speed. The short version is that a for-profit company has bought the trademark and the software, has announced plans to introduce telemetry where there was none, made ominous changes to the privacy policy that preclude people under the age of consent from using the software, and requested that all previous developers acquiesce to a change in the open-source license under which it is published. All the while, the company, Muse, says that it will keep the software open, and has walked back and forth on the telemetry issue.

What will happen to “Audacity”? Who knows. But also, who cares? At least one fork of the codebase has been made, with the telemetry removed and the old open licenses in place. The nicest thing about open source is that I don’t care one bit if my software is named Audacity or Tenacity, and this is software I use every week for production of our podcast. But because I haven’t paid any license fees, it costs me absolutely nothing to download the same software, minus some anti-features, under a different name. If the development community moves over to Tenacity, it’ll all be fine.

Tom thinks that the Audacity brand is too big to fail, and that Muse will have a hit on their hands. Especially if they start implementing new, must-have features, they could justify whatever plans they have in store, even if they’re only available as a “freemium” Audacity Pro, with telemetry, under a more restrictive license. When that does happen, I’ll have to make the choice between those features and the costs, but I won’t be left out in the cold as long as the Tenacity fork gets enough eyes on it. So that’s just more choice for the end-user, right? That’s cool.

Compare this with closed source software. There, when the owner makes an unpopular decision, you simply have to take it or make the leap to an entirely different software package. This can be costly if you’ve gotten good at using that software, and between licenses and learning, there’s a lot of disincentive to switching. Not so in this case. If I don’t want to be tracked while editing audio offline, I don’t have to be. Woot.

The elephant in the room is of course the development and debugging community, and it’s way too early to be making predictions there. However, the same rules apply for devs and users: switching between two virtually identical codebases is as easy as git remote add origin or apt get install tenacity. (Unpaid) developers are free to choose among forks because they like the terms and conditions, because one group of people is more pleasant to work with, or because they like the color of one logo more than the other. Users are just as free to choose.

Time will tell if Audacity ends up like the zombie OpenOffice, which is downloaded in spite of the much superior LibreOffice just because of the former’s name recognition. I know this split riles some people up, especially in the LibreOffice development community, and it does seem unfair that the better software somehow enjoys less reputation. But for those of us in the know, it’s just more choice. And that’s good, right?

Just What Have We Become?

The world of open source software is one that often sees disputes between developers, some of which spawn lifelong schisms between devotees of different forks, and others mere storms in a teacup that are settled over a few beers. There are a couple of stories of late though that seem to show the worst in the online world, and which all of us should take a moment to think about.

Many of you may have heard two weeks ago of the passing of [near], the software developer and game translator whose bsnes emulator for the Super Nintendo was the go-to platform for retro Nintendo enthusiasts intent on the pursuit of the closest possible match to the original without possessing real Nintendo hardware. The details of their passing are particularly distressing, in that they committed suicide after numerous attacks over several years from users of Kiwi Farms, a website notorious for the worst kinds of trolling.

Hot on the heels of that distressing story comes news that [Cookie Engineer] is stepping down as maintainer of the project that’s now called Tenacity, a fork of the popular but now-controversial Audacity audio editor. They are doing so after being targeted by users of 4chan, the most well-known of online trolling websites, following an ill-advised Simpsons joke in a naming poll for the software. [Cookie Engineer] alleges that the harassers knocked on doors and windows where they live and a real-world knife attack followed.

Nobody deserves to be hounded to death, to suffer the sort of sustained harassment that [near] encountered, or to be confronted with knife-wielding strangers merely because they have stuck their head above the parapet as an open-source developer. There are no excuses to be made, no justifications for this.

All of us who read Hackaday are likely to be regular users of open-source software, many of us will have used bsnes and may yet use Tenacity, but we probably rarely stop for a moment to think of the real people behind them. Countless hours from innumerable highly-skilled people are what makes the open-source world tick, and aside from the immeasurable sadness of suicide or the horror of a knife attack there can only be harm done to open source software as a whole if to be a prominent developer or maintainer is to expose yourself to this.

The Internet will always have raucous communities at its margins and that’s something which still contributes to its unique culture, but when it jumps off the webpage and into damaging real people then perhaps it has become a monster. As a community we can do so much better, and we shouldn’t be prepared to accept anybody who thinks otherwise among our ranks.

We’d like to remind our readers that help exists for those who have reached the point of considering suicide, and that should you suffer from mental health problems you are not alone in this. Everybody, take care of yourselves, and keep an eye out for each other.

Muse Group Continues Tone Deaf Handling Of Audacity

When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.

For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.

Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

Continue reading “Muse Group Continues Tone Deaf Handling Of Audacity”

Piezo Pickup Makes Wax Records Easy To Digitize

Sound recording and playback have come a long way in the last century or so, but it’s fair to say there’s still a lot of interesting stuff locked away on old recordings. Not having a way to play it back is partly to blame; finding an antique phonograph that plays old-timey cylinder recordings is pretty hard. But even then, how do you digitize the output of these fragile, scratchy old recordings?

As it happens, [Jan Derogee] is in a position to answer these questions, with an antique phonograph and a bunch of Edison-style wax cylinders with voices and music from a bygone era locked away on them. It would be easy enough to just use the “reproducer” he previously built and set up a microphone to record the sound directly from the phonograph’s trumpet, but [Jan] decided to engineer a better solution. By adding the piezo element from an electronic greeting card to his reproducer, potted with liberal quantities of epoxy and padded with cotton, the piezo pickup was attached to the phonograph arm in place of the original stylus and trumpet. The signal from the piezo element was strong enough to require a shunt resistor, allowing it to be plugged directly into the audio input jack on a computer. From there it’s just an Audacity exercise, plus dealing with the occasional skipped groove.

We appreciate [Jan]’s effort to preserve these recordings, as well as the chance to hear some voices from the past. We’re actually surprised the recording sound as good as they do after all this time — they must have been well cared for.

Continue reading “Piezo Pickup Makes Wax Records Easy To Digitize”

Hackaday Links Column Banner

Hackaday Links: June 6, 2021

There are a bunch of newly minted millionaires this week, after it was announced that Stack OverFlow would be acquired for $1.8 billion by European tech investment firm Prosus. While not exactly a household name, Prosus is a big player in the Chinese tech scene, where it has about a 30% stake in Chinese internet company Tencent. They trimmed their holdings in the company a bit recently, raising $15 billion in cash, which we assume will be used to fund the SO purchase. As with all such changes, there’s considerable angst out in the community about how this could impact everyone’s favorite coding help site. The SO leadership are all adamant that nothing will change, but only time will tell.

Continue reading “Hackaday Links: June 6, 2021”

Counter-Strike Gets The RGB LED Treatment

Inspired by the over-the-top stage lighting and pyrotechnics used during e-sport events, [Hans Peter] set out to develop a scaled-down version (minus the flames) for his personal Counter-Strike: Global Offensive sessions. It might seem like pulling something like this off would involve hacking the game engine, but as it turns out, Valve was kind enough to implement a game state API that made it relatively easy.

According to the documentation, the CS:GO client can be configured to send out state information to a HTTP server at regular intervals. It even provided example code for implementing a simple state server in Node.js, which [Hans] adapted for this project by adding some conditional statements that analyze the status of the current game.

These functions fire off serial commands to the attached Arduino, which in turn controls the WS2812B LEDs. The Arduino code takes the information provided by the HTTP server and breaks that down into various lighting routines for different conditions such as wins and losses. But things really kick into gear when a bomb is active.

[Hans] wanted to synchronize the flashing LEDs with the beeping sound the bomb makes in the game, but the API doesn’t provide granular enough data. So he recorded the audio of the bomb arming sequence, used Audacity to precisely time the beeps, and implemented the sequence in his Arduino code. In the video after the break you can see that the synchronization isn’t perfect, but it’s certainly close enough to get the point across in the heat of battle.

With the special place that Counter-Strike occupies in the hearts of hackers and gamers alike, it’s little surprise people are still finding unique ways to experience the game.

Continue reading “Counter-Strike Gets The RGB LED Treatment”