Libre Arts - The audacity of privacy

Thank you very much for your assessment of this delicate topic. There’s a lot of truth in it, but I want to add some additional comments as I feel that some aspects are not getting the attention I would give them.

Using software is all about trust and confidence. The software has access to all my sensible data such as the last bank statement and less dressed images of my wife (just to give examples, ymmv). Some people do trust big companies such as microsoft and apple. I personally trust the libre software community more for reasons that have already been discussed. I might be wrong, and the others might be wrong as well. The point is, it’s about trust.

So for me, there is some difference in what data I transmit to a website via my browser, which should properly prevent my other data from being exposed to the internet, and an arbitrary binary I am natively running which can access all data.

I do decide which browser I trust, and I do decide which data I give to web sites. This is under my control, at least to a degree that gives me confidence. Risky? Yes. More risky than trusting microsoft or apple in general? Probably not.

When a software company actively adds to their privacy notice, that they are collecting data, which they are going to use for whatever purpose, and in particular that they may give it to authorities for prosecution, rings all bells in my head. I mean, for the latter, there are laws. There is no need to add this to the privacy notice if there are laws.

I mean yes, this is for sure mainly a PR fail, and not a technical. However, it shows some attitude and therefore directly interferes with the trust and confidence topic. It’s not a big company, and if they are pro-actively telling what data they might use for purposes that are not quite required for development, they might not fight for the user data in case of a request from official side or if somebody waves a big check.

Removing from the privacy notice a hint that they are not interested in selling personal data also reveals an attitude.

Is there some consequence for me personally? Probably not, for the reasons you gave. Do I like the attitude? No.

Is all of this really a fail? Follows it a “also bad publicity is good publicity” thing? I can hardly believe that the triple fail is really a fail. I mean, how naive can one be? Weird.

Don’t forget that laws are different depending on jurisdiction. So someone in America shouldn’t be expected to know about GDPR (an EU regulation). I think it is a good idea to be explicit even if it requires restating a local regulation in a privacy notice. Some laws even require you to state the law in the privacy notice.

Yes, these aspects also came to my mind. But with the proper wording and a more sensitive communication to the community, this had the chance to be a no-issue. Opportunity missed (or not, depending on what the purpose was).

This sounds like a non-issue to start with for me. I would have understood if the discussion was about update-checks and error-reports being opt-out instead of opt-in. I do not understand how everyone is mad about a privacy policy. Privacy policies are the same as terms & conditions: A load of bullshit to comply with bullshit regulations. In the end what counts is trust and if you have money & time: laws&courts. If you write anything into a privacy policy that isn’t lawful, the privacy policy is null. If you go against your own privacy policy, but stay within the limits of the laws - you will lose trust, but are otherwise fine. I recently needed to add a privacy policy to an app where one goal is to improve user privacy by syncing data without letting any 3rd party collect data on users. Well google made me write weird bullshit until they accepted the privacy policy, while the actual privacy policy could have been: “We care about your data, that’s why we don’t collect your data - bye.”.
Seriously: Focus on their action. Check what they are doing. If they are benefiting open-source software and not doing shady stuff (bad communication is bad, not shady), they are doing good. At least in my books.

I see no problems with update checking and crash reporting. This is exactly what we did in Natron, we got no complaints, users wanted this feature (and could easily disable it in the settings if they wanted to).

Nice to see a level headed, informative and well written review.
Minor correction. Steve Daulton actually said that “Better ability to update” was the 17th most popular feature request (referring to the old feature request log).
“Better ability to update” could encompass a variety of means, including auto-update, auto-update notification, notify on click …
Audacity has had a “click to check for updates” feature for quite a few years (it’s just a link to a web page that opens in your default web browser), but that relies on you remembering to check on a regular basis, which very few people do

This is a sane and good article that people should read. And I agree that muse group did the communication part wrong. It should be a case study for companies about how not to communicate with FOSS communities when taking over a project.

Another thing I came to know is that the audacity devs have forked some dependencies like Wxwidgets, and it has to be patched by the distribution packagers to bring the latest audacity to Linux users and arch people don’t agree with patching stuff so the version in Arch repo is outdated. I hope muse groups also learns more about how to work with FOSS communities and does things in open with consultation of the community.

Thanks, I’ve just amended that bit, will go live in a short while.

When I seen the news article headline online I was a bit shocked, but then as I dug I found out the “news reporter” who wrote it obviously blew things out of proportion, IMO.

As mentioned here, many apps do send info, etc to check for updates so it seems odd to get upset about Audacity doing it. I also agree with those that said it is a matter of trust and attitude -especially for a well-established OS project like Audacity.

The one thing that trips me up though, is the fact that there has to be an age checker. It feels like having to do a recaptcha outside of the browser…which seems silly for an audio editor.

Maybe the solution would be to have it OFF by default and allow users to “auto-check for updates” if they want. That way, it’s opt-in and no age checker needs to be shown to the majority of the users.

The thing is, anything that is off and can only be enabled via Preferences dialog is barely discoverable.

Back in May, there was a plan to have a startup screen asking whether to enable networking features or not. I hope they will get back to working in that direction.

Agreed.

@prokoudine - Alex the latest alpha test build for release-3.0.3 build now shows this dialog on first launch of 3.0.3

Peter

And Application prefs has this:

On by default - but easily turned off (before any data is sent)

@Peter_Sampson

That might just do it! Let’s see how users respond.

The revised (finalised) Privacy Policy for Audacity 3.0.3 and later has been published by Muse Group today: Update to Our Privacy Policy & Apology · Discussion #1353 · audacity/audacity · GitHub

@prokoudine - Alex I hope you don’t mind but I put a link to this sane and sensible review of yours on The Wikipedia Audacity page: Audacity (audio editor) - Wikipedia

Thanks, I probbaly should write an update somewhere into this article.

I think CDM and Ars did a sensible coverage of that story as well.

What used to be Audacity is now Tenacity.

Or this

Tenacity has triple the forks already. Sneedacity is rife with meme-vandalism.

@prokoudine Alex I have added a citation link to this article of yours from the Wikipedia page on Audacity: Audacity (audio editor) - Wikipedia