I thought audacity was tarnished with spyware or something these days. Is it safe again?
after looking into it:
it's not and it never was.
a) it's open source, so nobody's putting that shit in there without getting caught
b) it had an opt-in error reporting feature that would send data back... that was the entire thing...
What? You must be joking. Really? The entire thing was about opt-in error reporting?
.... seriously, that can't be it, can it?
Not really that simple, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.
Were they reverted? I'll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I'm not downloading it, Open Source projects generally don't need telemetry to begin with.
yep... really just that...
i've used it forever with a very restrictive firewall and i've never seen it do anything unexpected... or any phoning home at all...
in 2021 Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It's spyware as far as I'm concerned.
If opt-in telemetry is spyware then the FOSS community truly is off the rails.
If it was truly opt in, then why did the community feel the need to create forks removing the telemetry? Plus, a lot of FOSS don't need telemetry to start with. They get tons of voluntary high quality feedback without automated collection.
I've read this exact or very similar comment from you for the fourth time at least. You're a spambot as far as I'm concerned.
Lmao
Pot says the Kettle exagerates.
Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn't malicious? I can barely read my coworkers code... Let alone a strangers.
people are definitely going through the code on a project as popular as audacity...
less well known stuff is much less scrutinized, of course
Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.
If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.
That's not entirely true, Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It's spyware as far as I'm concerned.
i don't believe you
And thats fair, you should always do your own research and make your own informed decisions.
It was a pull request to add opt-out analytics that got blown out of proportion, where the real issue was the EULA and how tonedeaf of a move it was considering the community around Audacity. IIRC, they ended up replacing it with opt-in analytics.
Not really, but there is a fork called tenacity which fixes this
I thought audacity was tarnished with spyware or something these days. Is it safe again?
after looking into it:
it's not and it never was.
a) it's open source, so nobody's putting that shit in there without getting caught
b) it had an opt-in error reporting feature that would send data back... that was the entire thing...
What? You must be joking. Really? The entire thing was about opt-in error reporting?
.... seriously, that can't be it, can it?
Not really that simple, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.
https://github.com/audacity/audacity/issues/1213
Changes were eventually reverted or revised.
Were they reverted? I'll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I'm not downloading it, Open Source projects generally don't need telemetry to begin with.
yep... really just that...
i've used it forever with a very restrictive firewall and i've never seen it do anything unexpected... or any phoning home at all...
in 2021 Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It's spyware as far as I'm concerned.
If opt-in telemetry is spyware then the FOSS community truly is off the rails.
If it was truly opt in, then why did the community feel the need to create forks removing the telemetry? Plus, a lot of FOSS don't need telemetry to start with. They get tons of voluntary high quality feedback without automated collection.
I've read this exact or very similar comment from you for the fourth time at least. You're a spambot as far as I'm concerned.
Lmao
Pot says the Kettle exagerates.
Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn't malicious? I can barely read my coworkers code... Let alone a strangers.
people are definitely going through the code on a project as popular as audacity...
less well known stuff is much less scrutinized, of course
Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.
If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.
That's not entirely true, Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It's spyware as far as I'm concerned.
i don't believe you
And thats fair, you should always do your own research and make your own informed decisions.
It was a pull request to add opt-out analytics that got blown out of proportion, where the real issue was the EULA and how tonedeaf of a move it was considering the community around Audacity. IIRC, they ended up replacing it with opt-in analytics.
Not really, but there is a fork called tenacity which fixes this