Replies: 53 comments 158 replies
-
Thank you for this statement. Could you / Muse Group please also answer any time convenient to this discussion?
|
Beta Was this translation helpful? Give feedback.
-
@unfa suggested to make separate builds for testers that collect data about how the application is being used. |
Beta Was this translation helpful? Give feedback.
-
Very good alternatives! I personally thing an optional mailbox option included in the same app would be beneficial where you could decide what information to send and maybe preview the report. If there's already an option like that in the program, my apologies, I don't know of it |
Beta Was this translation helpful? Give feedback.
-
Good stuff. Thank you for clarifications and for listening to us. |
Beta Was this translation helpful? Give feedback.
-
This is a welcome and, I must say, surprising development. The questions @Martin-Eckleben mentions in his comment--especially regarding just what it is Muse Group bought--still need addressing (but I also understand @Tantacrul's caution as expressed in his response). Based on the limited info that's been provided so far, as well as the initial responses in #835, it seems like Muse Group thought they were buying Audacity the software when they were actually buying Audacity the trademark. |
Beta Was this translation helpful? Give feedback.
-
This is a significant change for the better, Thank you to the developers and muse for listening to the communities concerns, and holding our values at the highest priority. |
Beta Was this translation helpful? Give feedback.
-
I'm glad to see you guys have listened to the community's feedback here and have decided not to use Google/Yandex. However I think it's unfortunate that you are foregoing opt-in telemetry collection altogether. It's a useful tool that could benefit the project. What's most regrettable about this whole fiasco is that people are probably going to remain outraged about the original PR and not even know that this update exists. |
Beta Was this translation helpful? Give feedback.
-
Very good! This shows that you have not only understood the concerns of the community, but also put forth a plan that addresses all concerns sufficiently. I have to admit, I did not expect this and I'm pleasantly surprised. Only one suggestion/ question remains: Will the crash logs be open to all developers or only MuseGroup employees? I believe they should be accessible by everyone, as this would give community developers the means of fixing such bugs. |
Beta Was this translation helpful? Give feedback.
-
Thank god this response is not a tactical evasive maneuver... |
Beta Was this translation helpful? Give feedback.
-
I'm on board with this approach. I can see a clear benefit to both explicit error reporting and update checking, and I'm glad that a self-hosted system is being considered rather than a third party. Thank you for walking back PR #835 and listening to feedback. |
Beta Was this translation helpful? Give feedback.
-
Well, the biggest problem I had with the previous PR was the use of Google, self-hosting is fine by me. And as I said, I'm perfectly fine with telemetry existing, I'm aware that its needed to aid development and improve the program for the good of everybody. All I ask is to have telemetry be ALWAYS OPTIONAL, and ALWAYS OPT-IN, and be clearly told that it's happening in the background. As long as everyone is aware of what's going on, and they give consent to allow that, I see no issue. |
Beta Was this translation helpful? Give feedback.
-
This is significantly better than the OG PR, very sane approach, thank you for listening to the feedback. Telemetry is absolutely ok and is crucial for software development, I think the main problem was Google/Yandex, I would absolutely enable telemetry if it was fully anonymous and self-hosted (or at least with sane host, but self-hosted would be very ideal). |
Beta Was this translation helpful? Give feedback.
-
I want to say that not everyone is okay with telemetry. It easily gets into a slippery-slope type of situation, as once a tool has network and analytics/metrics in place, extending the tracking is very easy. |
Beta Was this translation helpful? Give feedback.
-
What about the concerns with vendoring libcurl and similar? Will the error reporting/updater component be separate from the main application? |
Beta Was this translation helpful? Give feedback.
-
What hash algorithm was up on your mind? The input space for an IP hash is rather small and could be trivial to brute-force. I hope you take that into consideration. |
Beta Was this translation helpful? Give feedback.
-
Is it just me, or does
sound a hell of a lot like a diplomatic way of saying "I have been instructed to add spyware to audacity"? |
Beta Was this translation helpful? Give feedback.
-
TLDR: This proposal is a big improvement over the original PR. However, there
Questions:
This is a much better approach than using Google and Yandex. The choice of
Please recognize that it was more than bad communication. It was a downright As I've written before: the levels of thought and planning need to be carried
Moving forward I would suggest that this be expanded a bit. The Audacity Forum I would suggest that all major changes, features, etc. be announced on the main
Not just perception, relatively well documented issues with how information is
I think for anything of this nature to be reasonable there needs to be complete The reason? I can see situations where, for example, a user has developed a
This was an item that was in question with the original PR. There were comments One of the things that can break trust is sloppy code. Even just including this |
Beta Was this translation helpful? Give feedback.
-
Why is this not OPT-IN, or at least not clearly indicated as OPT-IN ? Be aware that the FOSS community could hard-fork the project and add patches to change this behaviour, like it is the case for ungoogled-chromium; the main development of features for audacity will be done here and propagated in the downstream project if forked, patched as needed. |
Beta Was this translation helpful? Give feedback.
-
I love how "Muse Group" is really called "MUSECY HOLDINGS LTD", as seen in their "Privacy Policy", and yet no else sees that as "shady" or "dishonest"... thoughts? |
Beta Was this translation helpful? Give feedback.
-
The results are in: users hate tracking. When offered the choice, the VAST majority chooses not to be tracked. |
Beta Was this translation helpful? Give feedback.
-
I would like to have a bit more details regarding the access of crash and telemetry data for non-muse contributors (i.e. all the people that contribute to Audacity with a PR). I think that all the data should be available freely, without any access-control restrictions. |
Beta Was this translation helpful? Give feedback.
-
Have you checked out OpenTelemetry? If you want to use telemetry, it probably makes sense to use an open standard. I just found it by accident today and haven't used it, so no idea how usable it is. |
Beta Was this translation helpful? Give feedback.
-
Hi Tantacrul, With regards to the GDPR, I would argue that a non-colliding hash of the IP address is not sufficient. There are roughly four billion IPv4 addresses; assuming a non-colliding hash that's a pretty small table, e.g. 32GB for SHA256, for a simple reverse lookup. In this case it can only be considered the same as storing the address in plaintext. There are reasons why e.g. Google's Analytics has to blank out the last octet to comply with GDPR. What is the point of an update check anyway? If your linux distribution manages audacious, the user won't be able to update it, because they aren't root, and any form of update that bypasses the package manager is wrong to begin with. I can only recommend you make the update checking code a compile-time option, giving distro managers a way to deactivate it, while keeping it in to remind people compiling themselves, or running common pre-packaged versions like windows, flatpack, etc to update. |
Beta Was this translation helpful? Give feedback.
-
just ask the user during installation or after, it's not a big deal. |
Beta Was this translation helpful? Give feedback.
-
Tldr: sorry we go caught. Now we are changing our plans completely because we got caught. Now that we can't make money off tour data, we are currently deciding how we can add telemetry so we can sell it. |
Beta Was this translation helpful? Give feedback.
-
this aged horribly |
Beta Was this translation helpful? Give feedback.
-
You killed one of free open source apps by your actions, please buy other propriety apps and let our precious open source app alone. |
Beta Was this translation helpful? Give feedback.
-
this statement aged like milk LOL |
Beta Was this translation helpful? Give feedback.
-
i dont like audacity anyways but fuck you |
Beta Was this translation helpful? Give feedback.
-
Will we get a response to the actively anti-copyleft CLA that has now been instated? The thread about it was locked without any answer to the many concerns that were raised. |
Beta Was this translation helpful? Give feedback.
-
Hi everyone,
I’m going to describe the actions we propose to take to address the concerns raised about PR #835 (opt-in Telemetry using Google and Yandex as 3rd party hosts):
What happened?
The creation and subsequent discovery of PR #835 was a bad communication/coordination blunder that caught us completely by surprise. We're very sorry for causing so much alarm. Our intention was to make an initial announcement about our plans to introduce telemetry on the Audacity forum, similar to how we discussed the topic for MuseScore in 2019. In that instance, I think the fact that we introduced the issue openly resulted in a lot less suspicion.
What are we proposing now?
I have spent the last few days working with the heads of Muse to try and reach a solution that would accommodate the requests of the community as much as possible. Apologies about the delay. These decisions took time to arrive at because - despite my role as the lead on the project - calls on this specific issue are not mine to make.
First, it is important to stress that we have absolutely no interest in harvesting or selling personal data and Audacity will always be free and open source. The response to PR #835 has brought about a realisation at Muse that the convenience of using Yandex and Google is at odds with the public perception of trustworthiness, so we will be self-hosting instead.
The next item is telemetry. I believe our communication mistake contributed to a lot of misunderstanding about our intentions here. Telemetry is a practical tool that tells us a lot about how an app is performing or underperforming (is this new feature being used a lot? Is this button being discovered? etc.) We assumed that making it opt-in would allay privacy concerns but since this isn't the case, we are dropping it. In the future, we may want to determine if there are any acceptable alternative solutions that could achieve the same goal. Feedback would be appreciated on this point. In the meantime, I will continue user testing, interviewing, reading feedback and conducting surveys to learn more about what our users want. I will happily discuss this in the comments section.
Before delving into the specifics, it is important to mention that we have been asked a lot of different questions. For the purposes of not muddying the conversation, I have stuck only to the most pressing issues raised about PR #835. There will be a lot more communication from Muse about its goals in the near future. I will be continually talking about Audacity and discussing what we are working on over the coming weeks and months. Please ask questions here. We're ready to answer.
Below is more specific information related to error reporting and update checking.
Error reporting
We are currently interested in SQLite errors, application crashes, and non-fatal exceptions. If one of these events is detected, a dialog will appear that explains the nature of the problem and offers to send an error report to us, the Audacity developers. This dialog will contain:
Error reports of course take place over the internet, which naturally allows us to see an IP address. The error report is stored in our self-hosted Sentry database on a server located in the EU. No information will be sent to any third parties unless required by law. Sentry stores crash data and system/hardware specifications. Here is a link to their source code: https://github.com/getsentry/sentry
Update checking
When the program starts, Audacity will check whether a newer version of the program is available for download. If there is a new version, the user will be shown a dialog to notify them.
Update checking reveals three things: the IP address, the OS version and the Audacity version. We will use a self-hosted geolocation database to determine the country the IP address is located in and nothing more. The raw IP address will not be stored or logged, but we will store and log a non-reversible hash of the IP address to improve the accuracy of the daily statistics. The server is located within the EU to comply with the GDPR. No information will be sent to any third parties unless required by law.
Compiling from source and Linux distribution packages
The behaviour described above for error reporting and update checking would only apply to official “release” versions of Audacity available from our website or GitHub page. In other builds, the error reporting and update checking code will be excluded by default via CMake options.
Beta Was this translation helpful? Give feedback.
All reactions