Audacity is an open source tool for creating and editing audio files. By says my companion Pablinux, it does not even come close to comparing itself to GarageBand, but for the needs of common users it is enough and more than enough.
The problem is that it has a new owner, Muse Group And, a decision they made, to include telemetry, generated a lot of annoyance among users.
From Muse they clarified that
- Telemetry was strictly optional and was disabled by default.
- Telemetry only works on builds made by GitHub CI from official repositoryl (telemetry URLs are only defined there).
- For those who want to compile Audacity from source code, a CMake option will be provided to enable the telemetry code. This option is will deactivate of default.
At the same time, it was clarified which data the chosen collection services would receive: Google and Yandex.
- Tracking between sites is not incorporated, which limits the ability to identify the user by both Google and Yandex.
- Yandex would only receive the event «open application»To help estimate the size of the user base.
- Google I would only receive:
to. Session start and end events;
b. Debugging errors;
c. File formats used for import and export;
d. Versions of the operating system and Audacity;
and. Use of effects, generators and analysis tools to prioritize future improvements
Due to community complaints, Google and Yandex were replaceds for self-hosting the reporting database using the Sentry bug tracking tool.
Table of Contents
What data Audacity collects
In a updated version of the privacy policies, the company, under the name of WSM Group, and domiciled in Kaliningrad, Russia, identifies itself as responsible for collecting and protecting user data. In it, it lists what data it collects and what it uses it for.
- Name and version of the operating system.
- IP adress.
- Geographical location (Calculated from the IP address.
- Relevant hardware data.
- Non-fatal error warning message.
- Crash report.
As reported, With this data they can analyze the problems and improve the application.
Data collected for legal purposes
In this case, it is not clear what types of data we are talking about, but They say it is to defend themselves in case of litigation and respond to inquiries from the authorities.
A curiosity is that clarify that the application is not suitable for children under 13 years. So if you're under that age, stop editing the symphony recording you wrote and go watch Netflix. It is not something that Uncle Putin gets angry and puts Polonio 210 in the Colacao.
With whom is the data shared?
According to what is stated in the privacy statement, lThe Hash IP address is shared with the following institutions and individuals:
- Staff members who have a legitimate business need access and with a contractual prohibition to use Personal Data for any other purpose.
- CAny competent law enforcement body, regulator, government agency, court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend legal rights;
- Auditors, advisers, legal representatives and similar agents in connection with the advisory services they provide for legitimate business purposes and under the contractual prohibition of using Personal Data for any other purpose.
- Potential buyer (and its agents and advisers) in relation to any proposed purchase, merger or acquisition of any part of the business,
- Any other personna with prior consent from user to disclosure
Data storage and transfer
On how they save the data, they explained the following:
- The IP address will be stored identifiably for one calendar day only in the form of a hash, the salt of which is changed daily. The salt file is not stored in any database and cannot be retrieved after it has been changed. ANDThe hash is stored for one year, after which it is removed. Other information we collect, such as operating system version or CPU information, is not identifiable.
- All your personal data is stored on servers in the European Economic Area (EEE). However, it may occasionally be necessary to share personal data with the head office in Russia or the external advisor in the USA.
Now that we know what data Audacity collects and what it does with it, it seems pretty reasonable what they say, anyway, if you prefer not to share anything, open source always has alternatives.