Popular open-source audio editing software Audacity is facing "spyware" allegations from users for recent privacy policy changes that suggest the desktop app is collecting user data and sharing it with third parties, including state regulators where applicable.
Two months ago, Audacity was acquired by Muse Group, which owns other audio-related projects including the Ultimate Guitar website and the MuseScore app. According to Fosspost, changes to the privacy policy section on the Audacity website indicate that several personal data collection mechanisms have since been added by the parent company.
The type of data collected now includes the computer's processor, operating system and version, the user's IP address, and any crash reports, fatal error codes and messages generated by their machine. More concerning perhaps is the inclusion of a vague section listing data that must be collected "for legal enforcement, litigation, and authorities' requests (if any)."
The storage of said data is located in servers in the U.S., Russia, and the European Economic Area. For example, IP addresses are stored in an identifiable way for a day before being hashed and then stored in servers for a year, leaving users identifiable via government data requests.
In addition, the new policy prevents people under the age of 13 from using the software, which is a violation of the GPL license that Audacity uses.
Understandably, the policy changes have upset Audacity users, who have taken to Reddit and GitHub to question why an offline desktop app needs to "phone home" at all, and there is already discussion about forking Audacity into a separate open-source project that's free from the Muse Group's ownership and questionable data collection practices.
