Clarification of Privacy Policy #1225
Replies: 85 comments 325 replies
-
After the telemetry, CLA, and now this, do you expect any trust from the community? MUSE still does not understand open source software at a fundamental level. I am holding out for a fork to gain momentum, and will stay on pre-MUSE Audacity until then. |
Beta Was this translation helpful? Give feedback.
-
It is too late, you know. You've already destroyed any good will the community had. With the CLA and the proposed privacy policy and the (failed) attempt at adding telemetry, us nerds know exactly what you are trying to do. As you've no doubt seen, none of us are having any of it. Forks are being made already. MUSE has no idea how the FLOSS community works, and the community knows it. Good job burning Audacity to the ground. |
Beta Was this translation helpful? Give feedback.
-
I think what a lot of people are also taking issue with, especially after all the backlash against the basic telemetry and CLA issues, is that these major, scary-sounding changes are popping up seemingly out of nowhere without any sense of community consultation. Right now, I think people feel caught off-guard yet again and are frustrated that the maintainers aren't demonstrating that they care about what the broader community thinks of their decisions. Not saying you don't, just that it's quite clear people don't feel like you do. Even having a project blog where major decisions are announced and explained well in advance of their implementation would have dramatically decreased the blowback from all these incidents, as the broader community wouldn't feel like the maintainers are trying to sneak things in while no one's paying attention. The more transparent you are about this stuff, the shadowy and sinister people will make you out to be. |
Beta Was this translation helpful? Give feedback.
-
or, y'know, not collect that data in the first place and you don't need all the legal stuff |
Beta Was this translation helpful? Give feedback.
-
Time for forks. |
Beta Was this translation helpful? Give feedback.
-
If error reporting is opt-in and those points are required to implement automatic update checking:
|
Beta Was this translation helpful? Give feedback.
-
@workedintheory your own policy says this:
Are you lying? |
Beta Was this translation helpful? Give feedback.
-
Stop going "uh oh we got caught again.... sorry we wont do again..." and actually fix your mistakes. |
Beta Was this translation helpful? Give feedback.
-
I'm disappointed that you didn't address the GPL compliance issue that was brought up in the comments of #1213 (i.e. whether children will still be technically allowed to use Audacity once the privacy policy comes into effect). I'd prefer to give you guys the benefit of the doubt where possible, but I think we all expected better than whatever this debacle is. |
Beta Was this translation helpful? Give feedback.
-
Why is the program limited to those who are 13+ in violation of the GPL |
Beta Was this translation helpful? Give feedback.
-
Please explain why you need an ip address at all. It's hard to believe what a mess is being made of this. Why not run a beta program, with a version of audacity which sends error reports and data, which beta users are happy to share along with their feedback? Why force it into the main product like this and alienate everyone? |
Beta Was this translation helpful? Give feedback.
-
My questions: What valuable information do you get from telemetry that you cannot get from any other direct user feedback process? Why does telemetry extend to the point that you need a privacy policy, and the various regulations and T&Cs that come with that? edit: Why is this the story not "Here's a feature roadmap"? I get that things like policies and terms of service use boilerplate text, but even if you re-word and put it on a cake it the message still distils down to "this app phones home to the point lawyers are involved" |
Beta Was this translation helpful? Give feedback.
-
Or you could just not have a completely offline audio editing program collect any data at all and not have to deal with this in the first place. |
Beta Was this translation helpful? Give feedback.
-
have you considered moving development to be incorporated in a country that is a little less pushy about "lawful interception"? The Russian Federation is probably one of the worst choices to be located when it comes to such legislation, besides maybe mainland China. |
Beta Was this translation helpful? Give feedback.
-
Just put the updater and error-report functionality on separate apps, that get suggested during install without actually even being included (gets downloaded at the request of the user during install), without being mandatory, and have their own separate names, and their own separate ToS and Privacy Policy documents. |
Beta Was this translation helpful? Give feedback.
-
Thank you for the clarification, as it significantly helps pin down the issues that are the chief cause of concern. "Automatic Updates" and "Error Reporting" are instances of what is known as the "Inner Platform Effect" - which is considered bad programming. To be more direct: you're stepping on the host OS platforms' toes. It already does that (e.g. "dnf update" and Bugzilla in Linux) and it doesn't need you to be doing its job for it. A responsibly-written program confines itself to what it is designed to do, and does not try to take a bite out of everything else and turn into an OS-inside-an-OS. This is one of the golden paths to the land of bloatware; and that's the path you're going down. Age restriction is also a no go, and is in direct violation of copyright law - as applies to GPL; and the GPL restriction against the placement of restrictions is inalienable. We've been closely studying and analyzing the source code for Audacity for a long time, with the aim in mind of completely refactoring the system, of possibly integrating more directly some of the dependent libraries to simplify the build process and remove dependency hell, of incorporating more advanced DSP (e.g. 2-way spectrographic analysis/synthesis, time-frequency and time-scale analysis) along with other innovations (e.g. non-linear factor analysis to extract sound components, relocation, etc.). And I'll be frank. If you don't get back fully into the FOSS fold, and drop the newly-stated policies you're going to lose this system - first to forks (which will be considered in place of your branch for adoption by distro publishers, putting you out into the cold), and then to the submarine that's been waiting quietly beneath the surface (us), who will surface to distribute a drop-in replacement that obsoletes both Audacity and the system you're seeking to migrate this into. There is no reason for any net-out in something meant for sound editing: not even recording from the net (just to take an example) - that's something delegated for ffmpeg to do, not you. So, do us a favor, and roll back your recent announcements - 100% - because the forks are already out. And hope that we don't become sufficiently galvanized (anyhow) to surface and torpedo your system into obsolescence. |
Beta Was this translation helpful? Give feedback.
-
Here to pay respects to one of the greatest pieces of FLOSS. May it live on in forks. |
Beta Was this translation helpful? Give feedback.
-
It is not required by no government agency, this is a false information. Audacity is a FLOSS Desktop program that can be manipulated by any Linux distribution maintainer to not have any collection of data, due to its FLOSS nature. Audacity being a offline program by design, no such collection data will ever be necessary or mandated by any government agency. Linux distributions are not required by no government agency or no law in any country to have a telemetry implemented by default in their systems. |
Beta Was this translation helpful? Give feedback.
-
If the IP addresses are inretrievable after 1 day, why are you storing it for 1 year? |
Beta Was this translation helpful? Give feedback.
-
I will probably stick with Audacity, because I knowingly don't give a shit about privacy. Oh no! You have my IP address so you can tell me to update? That's terrible! You collect data when it crashes? Oh no! The horrors! No, really, I don't give a shit. Go ahead. Hell, I'm using Linux, a modern CPU, a ton of RAM, and am the same KGIII that's all over the 'net in Linux realms. But... I will no longer recommend Audacity without a caveat. That's the damage done. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
It seems that there is no hyperlink on your website that links to the afformentioned page. |
Beta Was this translation helpful? Give feedback.
-
Updates are performed differently on different operating systems. On Linux, updates are done through a repository. On Windows, it's better to make a separate update service. As you can see, this feature should be separate from the main product. Make a separate updater. Then make a separate privacy policy for this updater. Let people decide if they want to install the update service and accept its privacy policy during installation (on Windows, because such a service doesn't make sense at all on Linux). And you're done.
Don't collect anything, and this requirements will not bother you.
Don't collect anything, and GDPR will not be an issue. P.S. what about restriction to use Audacity for those who are younger than 13 years old? It is clearly a violation of GPL. Is this also was an "unclear phrasing"? |
Beta Was this translation helpful? Give feedback.
-
What counts as "off-line use"? Do I need to turn on Airplane Mode and close the curtains whenever I wanna use Audacity in private? Do I need to setup a separate airgapped machine? |
Beta Was this translation helpful? Give feedback.
-
Beware what you think: "pseudonymized" data might not be what you think and you might not be able to do even with the broad scope given by GDPR. Some European countries might not even allow you to do what you want. One random example, with official sources: https://www.ga4gh.org/news/are-pseudonymised-data-within-the-gpdrs-scope/ |
Beta Was this translation helpful? Give feedback.
-
“You either die a hero or live long enough to see yourself become the villain” Looks like you guys have sold out and joined the massive horde of apps that mine our data. Shame. You shouldn’t even be collecting our IP address or any data for that matter. I for one will be looking for other options unless you reverse this and promise not to collect our data. Maybe someone will make a fork and call it “audacity, without the spyware” super disappointed in you guys. You’re better than this. |
Beta Was this translation helpful? Give feedback.
-
@zocker-160 |
Beta Was this translation helpful? Give feedback.
-
| yes because we are talking about Audacity and not any other product or service, which is not relevant in this context |
Beta Was this translation helpful? Give feedback.
-
A quick statement to address the concerns around our new Privacy Policy.
We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying. In the meantime, we would like to clarify what seem to be the major points of concern:
We are working with our legal team to revise our privacy policy to more clearly communicate the above points and our intent.
--
About the term 'Personal Data'
GDPR classifies an IP address as something that potentially counts as 'personal data', which is why we use that term in the Privacy Policy. This is necessary for two features being introduced in the next version of Audacity:
As mentioned in the Compliance with Law Enforcement above, we take steps so that the IP address we collect is non-identifiable after 24 hours.
--
We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.
In the meantime, the Privacy Policy doesn't actually come into force until the next release of Audacity (3.0.3). The current version (3.0.2) does not support data collection any data of any kind and has no networking features enabled.
Beta Was this translation helpful? Give feedback.
All reactions