Audacity, the open-source audio editor, has been branded as “possible spyware” after a controversial privacy policy change gives its new owner permission to collect personal data, share it with governments and sell to private firms without your consent.
This comes after the Audacity acquisition back in May by the Muse Group: owners of Tonebridge and Ultimate Guitar Score. Since then, users have spotted several changes to the privacy policy page with this latest alteration being the most significant of all.
Why is Audacity a big potential threat to your privacy?
Let’s break down the changes made to the terms of service on July 2 and understand what the risks are to you.
The main concern here is just how vague the wording is. As you can read for yourself on Audacity’s Desktop Privacy Notice page, the company reserves the right to collect and share “data necessary for law enforcement,” or sell “to a potential buyer.”
More alarming than this, though, is the treatment of highly sensitive real IP addresses, which are “stored in an identifiable way only for a calendar day” before they are hashed. That means if a Government was to send a data request, user identification is possible.
Not only that, but all data is stored on servers in the “European Economic Area (EEA).” That is fine in and of itself, but the policy continues to say “we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.”
This means the data is not stored in one particular country, which in turn means that it can be freely shared with any government including Russia.
As a direct consequence of this action, Audacity now has to add the “minor clause,” requesting people under 13-years-old to not use the app.
PSA: If you use Audacity, the new owners just updated the terms of service so they can collect data on you, including for very open-ended “legal enforcement”; and then sell it to “potential buyers” all without your consent pic.twitter.com/2a36nAbEnUJuly 4, 2021
I only use Audacity, how do I avoid this?
Well, beyond the obvious answer of deleting Audacity and using a new tool, there are fixes being discussed.
You could potentially wait out Muse Group, as chances are the backlash may cause a rapid retraction of these controversial policy changes. But there may be another way around, as conversations on Reddit and Github suggest a fork of Audacity may be made.
A “fork” basically means to take the open-source tech and make a spin-off version, with this Audacity off-shoot not including any of the questionable data collection.
Whichever way you decide to go, err on the side of caution for now and make sure you do not update Audacity to version 2.4, which includes these policy changes.