Audacity’s new privacy policy renews concerns over data collection

Audacity’s new privacy policy renews concerns over data collection

Open source audio editor Audacity was recently in the news for its updated privacy policy. Several media outlets reported that the changes were invasive, going so far as to label the audio editor as spyware. Audacity’s new owner, Muse Group, has now shared a statement to clarify the new privacy policy terms.

For the unaware, Audacity is a free and open source multi-track audio editor and recorder for Windows, Mac, and Linux. It was acquired by Muse Group (owner of the music notation software ‘MuseScore’ and the online ‘Ultimate Guitar’ community) in April this year and, as part of the acquisition, Muse Group gained the rights to the trademark but promised that “the tens of millions of users of Audacity can rest assured that the software will remain forever free and open source.”

A month after the acquisition, Muse Group announced that it planned on adding basic telemetry collection to Audacity. The company planned on using the data to identify issues with application instability, estimate the size of its user base, make informed decisions on which OS versions to support, and estimate the impact of the new file format introduced in Audacity 3.0. To do so, the company also planned to implement Google Analytics and Yandex Metrica. But it promised that all the data collection would be “strictly optional and disabled by default.”

Several Audacity users were displeased with Muse Group’s decision to introduce telemetry into Audacity and believed that the company could use the data to profile users or sell it to third parties. Due to the backlash, the Audacity team announced that it had dropped the proposed telemetry features. However, it planned on implementing error reporting and the ability to check for updates regardless.

A few days ago, many users discovered that Audacity had updated its privacy policy to include a clause that would allow Muse Group to collect “data necessary for law enforcement, litigation and authorities’ requests,” among other things. This worried users about the telemetry data being collected and what it could be used for. However, the company has now released another statement clarifying the new privacy policy terms.

In a recent post on GitHub, the company states: “We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying. In the meantime, we would like to clarify what seem to be the major points of concern.” The post further states that Audacity will not sell any user data or share it with third parties. It will collect limited data, including IP addresses, basic system info (OS version and CPU type), and error reporting data (optional). The audio editor won’t collect any additional data, and it won’t share it with law enforcement until compelled by a court of law. Furthermore, the company has clarified that the privacy policy won’t apply to offline use.

Despite the clarification, many Audacity users have expressed their concerns regarding the new privacy policy in the comments. Thankfully, the new privacy policy is yet to go into effect. It’s targeted at the upcoming v3.0.3 release, so you can stay on an older version if you don’t want to agree to the new terms. Alternatively, you can compile Audacity from the source without any error reporting or update checking, and these features are excluded by default via CMake options.

About author

Pranob Mehrotra
Pranob Mehrotra

A Literature and Linguistics graduate with a keen interest in everything Android. When not writing about tech, Pranob spends most of his time either playing League of Legends or lurking on Reddit.