Clarification of Privacy Policy #1225
Replies: 85 comments 325 replies
-
After the telemetry, CLA, and now this, do you expect any trust from the community? MUSE still does not understand open source software at a fundamental level. I am holding out for a fork to gain momentum, and will stay on pre-MUSE Audacity until then. |
Beta Was this translation helpful? Give feedback.
-
It is too late, you know. You've already destroyed any good will the community had. With the CLA and the proposed privacy policy and the (failed) attempt at adding telemetry, us nerds know exactly what you are trying to do. As you've no doubt seen, none of us are having any of it. Forks are being made already. MUSE has no idea how the FLOSS community works, and the community knows it. Good job burning Audacity to the ground. |
Beta Was this translation helpful? Give feedback.
-
What is the reason for having Error Report Data collection be optional but Basic System Info collection not be optional? |
Beta Was this translation helpful? Give feedback.
-
Time for forks. |
Beta Was this translation helpful? Give feedback.
-
or, y'know, not collect that data in the first place and you don't need all the legal stuff |
Beta Was this translation helpful? Give feedback.
-
Stop going "uh oh we got caught again.... sorry we wont do again..." and actually fix your mistakes. |
Beta Was this translation helpful? Give feedback.
-
I think what a lot of people are also taking issue with, especially after all the backlash against the basic telemetry and CLA issues, is that these major, scary-sounding changes are popping up seemingly out of nowhere without any sense of community consultation. Right now, I think people feel caught off-guard yet again and are frustrated that the maintainers aren't demonstrating that they care about what the broader community thinks of their decisions. Not saying you don't, just that it's quite clear people don't feel like you do. Even having a project blog where major decisions are announced and explained well in advance of their implementation would have dramatically decreased the blowback from all these incidents, as the broader community wouldn't feel like the maintainers are trying to sneak things in while no one's paying attention. The more transparent you are about this stuff, the shadowy and sinister people will make you out to be. |
Beta Was this translation helpful? Give feedback.
-
If error reporting is opt-in and those points are required to implement automatic update checking:
|
Beta Was this translation helpful? Give feedback.
-
I dont buy it. Time to start a new software i dont want to get sued by the music industry or something when you tip them off i am making an audio file because for some reason it is sending data out on the internets even though it has worked fine offline for years. for some reason you care about what audio wavs i am cutting for some reason who knows and want the data on everything i do. |
Beta Was this translation helpful? Give feedback.
-
You could always just not log the IP or retain it at all, just drop it on the floor? You still get your counts. |
Beta Was this translation helpful? Give feedback.
-
I'm disappointed that you didn't address the GPL compliance issue that was brought up in the comments of #1213 (i.e. whether children will still be technically allowed to use Audacity once the privacy policy comes into effect). I'd prefer to give you guys the benefit of the doubt where possible, but I think we all expected better than whatever this debacle is. |
Beta Was this translation helpful? Give feedback.
-
have you considered moving development to be incorporated in a country that is a little less pushy about "lawful interception"? The Russian Federation is probably one of the worst choices to be located when it comes to such legislation, besides maybe mainland China. |
Beta Was this translation helpful? Give feedback.
-
Please explain why you need an ip address at all. It's hard to believe what a mess is being made of this. Why not run a beta program, with a version of audacity which sends error reports and data, which beta users are happy to share along with their feedback? Why force it into the main product like this and alienate everyone? |
Beta Was this translation helpful? Give feedback.
-
@carmatope |
Beta Was this translation helpful? Give feedback.
-
Is the IP being collected in the software itself or as a byproduct of sending the data to your server and simply dumped to a log thats nuked every 24 hours resulting it being unpaired with the records that were sent. The IP address is by far the most concerning to most people. |
Beta Was this translation helpful? Give feedback.
-
@zocker-160 |
Beta Was this translation helpful? Give feedback.
-
Logging IP (for even 24 hours) can go a long way to detecting and preventing abuse. Lets say one user decides to maliciously generate thousands of reports in a short period of time. With no way yo identify this you could easily loose this in traffic. But seeing that the same IP range (even if its just 3 octets) you can know something is fishy here and throw out the data between their first and last connection attempt. This could be used to thwart artificially boosting stats on ones platform to attempt to get priority support for their OS or many other nefarious things. Sure. There are ways arround it. But its something. If you have an idea that its happening you can start to log more temporarily too find out what IP is abusing your system and blacklist it. All servers should have a temporary (even if just a couple days) log of IP addresses connecting and look at it every so often to identify signs of abuse.
…Sent from my iPad
On Jul 7, 2021, at 10:30 PM, tvmanus ***@***.***> wrote:
I am not aware of any jurisdictions that require IP addresses for every connection to be retained.
In Russia, every online operator is mandated to keep the log for 5 years, and the full session content for a year, literally, you have to run traffic recorders. Plus all ISPs must record all the traffic, including transit operators. Realistically nobody does it, as it is technically challenging to collect and keep many copies of ALL the traffic, but you can be sentenced in a very real prison for non-compliance if a cop does not like you personally.
On the other hand EVERY web server keeps a technical log for diagnostics and troubleshooting. I have not seen any single web server which does not store logs for at least some period of time, with typical retention from 24 hours to few weeks.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Beta Was this translation helpful? Give feedback.
-
I'm always astonished by the rate of ignorance of how the matrix we are trapped works, despite of all the absurdities we are enduring since march 2020, despite of the intelligence of computer developers. |
Beta Was this translation helpful? Give feedback.
-
To Audacity developers, why not to offer to the user like chrome and other software to accept or not the option "crash report"? |
Beta Was this translation helpful? Give feedback.
-
@petersampsonaudacity |
Beta Was this translation helpful? Give feedback.
-
Thank you for the clarification! |
Beta Was this translation helpful? Give feedback.
-
Really shocked until i realized it was 2015 (i keep legacy versions regularly) and most recently 2020 since i downloaded and used Audacity and most importantly as stated: ...two features being introduced in the next version of Audacity: Automatic Updates - checking to see if there is a new version available The fact that Audacity didn't have auto-update functionality to at least 2020 is a blessing i think. |
Beta Was this translation helpful? Give feedback.
-
You know I keep writing that the law isn't what the privacy policy pretends it is because if it was the entire internet and all of the web servers would be illegal. And I think that comment gets deleted over and over and over because I can't find even one of the many places I said it. |
Beta Was this translation helpful? Give feedback.
-
Thanks for clarification. The people will never understand that without knowing what's wrong with app you can't improve it. Most of audacity users aren't developers nor using GitHub, so they probably won't going to open issues or include log files. So putting automatic bug reporting is a great idea towards improvement. And probably most of you already know that web works with identifying clients using IP addresses. So to send bug reports to their server they will get to know client IP address anyway whether they store it or not. Even if they don't store, the governments probably will already know that X.X.X.X client connected to audacity server either from dns query (not everyone uses dns over tls) or connection logs. If anybody doesn't wants that they might opt out or firewall the app since most of those people probably already familiar with those tools. |
Beta Was this translation helpful? Give feedback.
-
No, MUSE simply can't provide Open Source. For the open source community Audacity is dead. You aren't open source anymore. See you at Tenacity! |
Beta Was this translation helpful? Give feedback.
-
Telemetry isn't the biggest issue. The CLA is very scary. Free ~~forever~~
until some company buys the project.
Em ter., 13 de jul. de 2021 12:56, fossdd ***@***.***>
escreveu:
… No, MUSE simply can't provide Open Source. For the open source community
Audacity is dead. You aren't open source anymore. See you at Tenacity!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1225 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQRVPRLMLVDCA46CJJPIF5TTXQLUVANCNFSM47236UIQ>
.
|
Beta Was this translation helpful? Give feedback.
-
At least, Code (of audacity) itself is open source. Since there are already cases of people using VSCodium instead of Visual Studio Code purely due to telemetry concerns, (Sorry, but Microsoft has done better at this one. VSCode does allow disabling all Telemetry (including total disabling of all online services) on their "official" build by just ticking a checkboxes) At this point, I don't care you (MUSE Corp) doing any anti-pattern for telemetry or something. Just make sure people can completely opt-out from the "Required" telemetry (including OS/IP collection) entirely.) For this moment, I think (but it seems MUSE Corp looks like they are going with literally same track with FastHub Pro License Commercialization Drama Non-sense happened in 2017 according to new CLA. Yuck. Have fun time contributors suing each other.) TL;DR: Audacity is now basically an equivalent of Microsoft's "official" build of Visual Studio Code. |
Beta Was this translation helpful? Give feedback.
-
An update on this issue can be seen here: #1353 |
Beta Was this translation helpful? Give feedback.
-
A quick statement to address the concerns around our new Privacy Policy.
We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying. In the meantime, we would like to clarify what seem to be the major points of concern:
We are working with our legal team to revise our privacy policy to more clearly communicate the above points and our intent.
--
About the term 'Personal Data'
GDPR classifies an IP address as something that potentially counts as 'personal data', which is why we use that term in the Privacy Policy. This is necessary for two features being introduced in the next version of Audacity:
As mentioned in the Compliance with Law Enforcement above, we take steps so that the IP address we collect is non-identifiable after 24 hours.
--
We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.
In the meantime, the Privacy Policy doesn't actually come into force until the next release of Audacity (3.0.3). The current version (3.0.2) does not support data collection any data of any kind and has no networking features enabled.
Beta Was this translation helpful? Give feedback.
All reactions