Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Audacity 3.0 called spyware over data collection changes by new owner
#1
https://forums.appleinsider.com/discussi...-new-owner        Audacity 3.0 called spyware over data collection changes by new owner
AppleInsider
Posted: July 4, 2021 9:17PM
in Mac Software edited 7:25AM
Audacity, the well-known open-source audio-editing software, has been called spyware in a report, with privacy policy changes revealing the tool is collecting data on its users and sharing it with other firms, as well as sending the data to Russia.
Audacity was acquired by Muse Group in May, a company that also controls Ultimate Guitar, MuseScore, and Tonebridge. Since the purchase of Audacity, changes have been discovered in online support documents indicating that it is being used to perform data collection on its users.

The privacy policy page for Audacity was updated on June 2, reports Fosspost, with some additions relating to the collection of personal data. Specifically, that the app collects a variety of details relating to the users Mac.

The list of data includes the operating system and version, the user's country based on their IP address, non-fatal error codes and messages, crash reports, and the processor in use. Under data collected "for legal enforcement," the software collects "data necessary for law enforcement, litigation, and authorities' requests (if any)," though no specifically what data is collected in such cases.

IP addresses are stored "in an identifiable way only for a calendar day," stored as a hash with a daily-changed salt. The hash is stored for one year before deletion, though the company also claims the salt "is not stored on any database and cannot be retrieved after it has been changed."

It is claimed the one day of storage is enough for a government entity to identify a user, with sufficient resources and legal authority.

The data is said to be stored within the European Economic Area, though the language of the policy also mentions that the company is "occasionally required to share your personal data with our main office in Russia and our external counsel in the USA."

The personal data may also be shared with a long list of entities, including "advisors" and "potential buyers," as well as law enforcement bodies, regulators, courts, and other third parties.

While previously the app was available for all ages to use, as per the GPL license, the privacy policy also includes language that says people under 13 years old to "please do not use the app." This is considered a violation of the GPL license that Audacity is released under.

Conversations on both Reddit and GitHub have include talk of a fork of Audacity into a new project, in a bid to eliminate it of the data collection and licensing alterations.

While the privacy policy changes have caught the most attention, it seems that performing data collection has been a plan of the company since its purchase. On May 4, a GitHub update revealed the app was supposed to include opt-in anonymous analytics data collection, handled through Google and Yandex, with the developers stressing it was "strictly optional and disabled by default."

A later update on May 13 attempted to answer complaints and outcry about the telemetry, including dropping the proposed telemetry features. At the time, it was determined that data collected from error reporting and checks for updates would be self-hosted, taking Google and Yandex analytics out of the loop over perceived trust issues.

AppleInsider has confirmed that the telemetry is still being sent in testing on July 4 and July 5.

Update June 5, 7:25 AM Eastern: Details of earlier telemetry proposals and AppleInsider test results added.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Consumer-grade spyware found running on hotel guest PCs mrtrout 0 407 05-24-2024 , 08:59 AM
Last Post: mrtrout
  There's a new scam called 'smishing' that's incredibly sophisticated mrtrout 0 469 05-15-2024 , 10:41 AM
Last Post: mrtrout
  U.S. State Department phones hacked with Israeli company spyware - sources mrtrout 0 3,996 12-04-2021 , 11:24 AM
Last Post: mrtrout
  Amnesty International links cybersecurity firm to spyware operation mrtrout 0 724 10-11-2021 , 10:02 PM
Last Post: mrtrout
  FTC orders Big Tech to explain their data collection mrtrout 0 1,164 12-19-2020 , 10:21 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)