Update to Our Privacy Policy & Apology #1353
Replies: 21 comments 43 replies
-
Very pleased to see these changes, and as someone that has worked for many years in education, I'm particularly pleased to see that the item about under 13's has been scrapped. |
Beta Was this translation helpful? Give feedback.
-
It's good that there are clear links to the revised PP in the app itself |
Beta Was this translation helpful? Give feedback.
-
Thanks a lot, I really appreciate this update! |
Beta Was this translation helpful? Give feedback.
-
We have already deleted a comment from a user who is introducing a topic completely irrelevant to this discussion and not actionable by us. We have written a moderation policy to make our criteria for comment deletion clear. We apologise for taking this step, which we feel is necessary. |
Beta Was this translation helpful? Give feedback.
-
The fact remains that not only did you try to force this through, taking two and a half weeks to make some common-sense changes to a policy that didn't even need to be updated in the first place, but that this is the second time you've tried to pull a stunt like this. You need to either stop intentionally trying to start fights with the open source community, or find another maintainer that understands how things work here. Bottom line, if you had just started a conversation about your concerns over the existing privacy policy vs. what data you wanted to collect instead of just trying to cram an updated policy down our throats by effectively saying "this is how it is now, whether you like it or not", none of this would've happened. |
Beta Was this translation helpful? Give feedback.
-
I have been doing 3.0.3 Release Candidate testing and all seems good: a) error and crash reporting are one-off opt-in each time you get such a dialog, b) the update checking dialog that you get on initial launch of 3.0.3 enables you to turn off update checking in Application prefs BEFORE you hit the OK button - and thus no data is sent. |
Beta Was this translation helpful? Give feedback.
-
Cool, now when are you removing the CLA? |
Beta Was this translation helpful? Give feedback.
-
I am sorry but all trust has been lost. I loved Audacity and promoted it whenever possible, now, I'm sticking with my old 2.x build and never updating. Maybe trust will build up in the future but it's not there right now after all the shit that went down the past 2-3 months |
Beta Was this translation helpful? Give feedback.
-
I can appreciate some of the problems around open-source as a business model, coupled with an entitled user culture can make for a very discouraging environment to work in. In that spirit, I just want to say thank you :) There are many of us that have been using audacity for years and would be lost without it. I know about a zillion podcasters who wouldn't be able to do what they do without the software you produce. The question us tech-minded folk get asked in these kinds of communities is "should we keep using Audacity?" As of now, I've been saying 'yes' and intend to continue saying that. This is a very jarring way to suddenly learn your team needs better communication and transparency with users, but I think you've taken some strong steps to show you're listening, and I hope you continue to grow in that regard. In the meantime, keep up with the amazing work, and thanks again :) |
Beta Was this translation helpful? Give feedback.
-
That should be disabled by default. On Linux, I will know if an update is available via my repositories. I want no direct connection done by default to a site I do not trust, and certainly not with my IP nor my OS information. That's also against the GDPR to send such information without asking the user prior agreement. |
Beta Was this translation helpful? Give feedback.
-
What stops you guys from taking another u-turn in the future? Muse has already shown their true colours (Not good ones) when it comes to opensource projects. |
Beta Was this translation helpful? Give feedback.
-
I say bravo! You messed up and you seem to have taken that mistake seriously and taken proper steps to remedy it. Let the folks who still have issues make their forks and change--whatever line of source code they can find that they still have a problem with, I guess? I'll take version 3.0.3. If there eventually is some major change that's worthy of this level of concern in the future, we can all piously jump ship then and congratulate one another on knowing it all along at that time. |
Beta Was this translation helpful? Give feedback.
-
Please release an official statement on the xmader incident. The existing statement does not address the problematic nature of the employee's actions which amount to a veiled death threat. I've defended you on the audacity front but I cannot when it comes to Xmader. |
Beta Was this translation helpful? Give feedback.
-
These are steps in the right direction, but there's one thing I take issue with that might seem minor: In the section "Revision of age restrictions," even though they removed the 13 and under age restriction from the privacy policy (which is good), they do not acknowledge that the change would have violated the GPL. They need to add that to this section. Again, I'm happy Muse is taking steps in the correct direction and righting their wrongs, and if they keep it up, and do good by the community, I'll more than consider using Muse's Audacity. Edit: Also, the CLA is still a really big stain that needs cleaned. |
Beta Was this translation helpful? Give feedback.
-
Saving face in hopes of leveling off loss of userbase seem pathetic in my opinion. As a long time user I have lost my trust and sought out another program to use. As a developer I see the usefulness of collecting telemetry but should always be opt in and should be available pre launch of the program to give the user the ability to opt-out before said telemetry even has a chance to be collected and transmitted, period... |
Beta Was this translation helpful? Give feedback.
-
Remove the network stack. This is an audio editor not a web browser. People who want to help fix bugs can copy/paste or email crash reports. There is no need to add a complete networking stack just to make it easier to send crash reports. This will also put at ease anyone worried about tracking/data collecting. Did any of the active forks remove the network stack completely? |
Beta Was this translation helpful? Give feedback.
-
Audacity was first released in 2000 and in the succeeding 21 years, despite its imperfections, grew to become the beloved and perhaps de facto standard audio editor for countless amateurs around the world. 21 years of positive reputation, goodwill, and trust--and you wrecked it in a matter of weeks. Starting with #835 and proceeding to the the privacy policy addressed in this post, you made it clear where your priorities lie. When challenged on them by users here, you double-downed on why you wanted to do these things and why it should be okay before walking back on the grounds of "miscommunication", and then only after drawing the attention of media. Sure, things as they stand now may be in a more acceptable state, but I have zero faith that Muse Group won't be trying again to make grabs for more user data than relevant or necessary for running an audio editor--only next time, you'll know to start turning up the water temperature very slowly instead of just tossing things into a boiling pot. ETA: added trust to the list of positives in Audacity's 21 year history |
Beta Was this translation helpful? Give feedback.
-
Well.. |
Beta Was this translation helpful? Give feedback.
-
Thank you very much for the clarification. I have always loved Audacity ever since I had my first computer. I always use it for my personal hobby projects. Hearing about the overblown news from the media did concern me, but since I don't know the truth, I didn't know whether to believe or not. In the meanwhile, even though I'm a bit concerned, I kept on using Audacity with the hope that it's all just a big misunderstanding, or of it isn't, then I just hoped that the Audacity Team do not have evil plans when it comes to the personal data collected. And you now come with the clarification that it is indeed a big misunderstanding. I am happy with the current network features, I use Audacity in 3 different OSes, and while I prefer Linux, the other two OSes will be better if there was update checking. Also, I do not mind being able to submit bug reports. As for the telemetry, I am willing to provide vague information (e.g. data that is not personally identifiable and does not contain specific data such as audio samples or filenames) especially if it helps developers to track bugs or determine the priority of issues. Thank you for the continued development of Audacity. It has been a tough week, but I wish that people's trust will never be betrayed intentionally. |
Beta Was this translation helpful? Give feedback.
-
Bold of you to assume that anyone would ever trust anything you say ever again. |
Beta Was this translation helpful? Give feedback.
-
Thank you for reconsidering things - especially regarding the under-13 usage discouragement. Hopefully things can settle and Audacity will continue to improve :) |
Beta Was this translation helpful? Give feedback.
-
Today, we are introducing a revised privacy policy to address the concerns raised with the previous privacy policy published earlier in July. The original policy, which was drafted in anticipation of the release of Audacity 3.0.3, received a large amount of media attention due to the inclusion of a few key provisions that appeared to some to violate promises we had previously made. We want to address the issues that were raised, give assurances about our intentions, and provide verifiable proof of what information is actually sent from Audacity. The new privacy policy uses clearer language that we hope will explain our intentions more accurately this time. We are deeply sorry for the significant lapse in communication caused by the original privacy policy document.
Updated privacy policy
https://www.audacityteam.org/about/desktop-privacy-notice/
Summary of main changes
Unclear phrasing
We drafted the original privacy policy as a legal text. We appreciate that for our community, as well as our users, much of phrasing in the policy produced more questions than answers. From now on we will provide context for changes we make to the policy in a user friendly way. Part of the problem with the original privacy policy is terminology. There are terms we are legally required to use in order to ensure compliance with the GDPR and the CCPA. The best example is the catchall phrase ‘personal information’, a non-specific term that understandably raises concerns for regular readers. While that term must still appear in the new privacy policy, we have tried to be a lot more specific about the actual information we are referring to wherever possible.
To provide an example of where use the term 'personal information' is unavoidable, in section 5.1 there is a line under Data security that states 'We use appropriate technical and organisational measures to protect the personal information that we collect and process'. Please note that an IP address alone counts as 'personal information', and the steps we take to anonymise it count as 'processing'. When you see the line in 4.1: 'We do not store or share any personal information.', this refers to the fact that, while we see (i.e. 'collect') the full IP address, we do not store it (more about this below).
The most unclear and damaging part of the original document stated that we collect personal information “…necessary for law enforcement, litigation and authorities' requests (if any)”. This was interpreted to mean that we intended to collect and store unspecified additional information on top of the basic system information mentioned elsewhere in the privacy policy. This is not true, as could be seen through inspection of the source code and network analysis of the release binaries. However, we agree that the wording used in the old privacy policy made it sound like it might be true. We have now changed the wording to remove this source of confusion. To be clear, any organisation, if ordered by the court, is required to cooperate with an investigation, and doing otherwise is considered to be an obstruction of justice. These are not the rules we create, these are the requirements we must follow. However, we would only be able to provide the specific information mentioned in the privacy policy (outlined below) and nothing more. In addition, the steps we have taken to anonymise all stored data means that it would be of extremely limited use to anyone.
It is verifiably untrue that we hid the exact data being collected. As noted by journalists who investigated the issue, Audacity is free and open source software, and an inspection of its source code shows that the data it shares is extremely limited. This was already the case at the time the original privacy policy was published and has not been changed since, as can be confirmed from the commit history in our repository and in others.
Update Checking
We notify users when there is a new version of Audacity available. This requires a network connection, and shares your IP address, OS, and the Audacity version. This is the only information that the program shares by default and it can be disabled in Preferences at any time, as we promised in #889.
Regarding IP addresses, when Audacity checks for updates, we use the IP address to determine the country the user connected from but nothing more detailed than that. We have set up our systems in such a way that IP addresses are immediately anonymised (technically speaking, we truncate the IP address to 3 bytes out of 4 and then hash it). This makes it impossible for us to identify the user or pinpoint their exact location, yet it should still be enough to help detect and mitigate spam update requests or possible DoS attacks on our servers.
After anonymisation, the data we store provides basic statistics about the daily number of users we have per country, operating system (Windows, Mac or Linux), and Audacity version. We would be able to tell on a given day how many people in the USA used a particular version of Audacity on a particular operating system, but we would be unable to dig any deeper than that. These statistics are extremely useful for planning and development. For example, it will tell us how many people use Audacity on old operating systems, which will help us to decide when it is reasonable to drop support for those old operating systems in favour of newer technologies (e.g. macOS version 10.9 is required for minimal C++17 support).
Error reporting
Besides the check for updates feature, the only other feature in the upcoming Audacity release that requires use of a network connection is error reporting. If an application error occurs, a popup appears asking you whether you want to send us the details of that error, which you can review before sending. Since the previous privacy policy was released, we have taken additional steps on the server to ensure that all potentially identifiable information is filtered out of report data before storage. We were already filtering out file paths from non-fatal error reports within Audacity, but now we have configured our Sentry server to filter file paths from crash reports too. We do not store an IP address for any kind of error report.
In terms of the data sent by Audacity, we have only made one change since publication of the previous privacy policy: we have removed the ability for users to send a comment as part of an error report. This was done to prevent users typing personal information in the comments field, which we have no reliable way to filter. With the rest of the report's technical data anonymised, the comments field was the last way that we might have obtained identifiable information. With the comments field gone, we were able to remove all references to sharing of personal information in the updated privacy policy, because after anonymisation (which occurs more or less instantly as data arrives on the server) there is no personal information for us to share.
Building from source
When you build Audacity from source code all network features are excluded by default. We expect Audacity builds available via Linux distributions to be network-free unless the maintainers of said packages specifically want to include networking features.
Revision of age restrictions
The old privacy policy contained a provision that discouraged children under 13 years old from using the program. After extensive further consultation with our lawyers, we have determined that this provision is unnecessary given the actual mechanics of data transmission and storage. The provision had been included out of an abundance of caution, but in the end turned out not to be required. We sincerely apologise for including this provision in the original privacy policy, and we are pleased to confirm that Audacity will remain freely available to users of all ages.
Conclusion
We accept that the provision about under 13s was unnecessary and we accept certain other clauses in the old privacy policy were worded in a way that begged for misinterpretation. However, we hope we have sufficiently demonstrated that very little data is actually collected and that you have full control over whether or not any data is sent, and that this was already the case before the story received any media attention. We'd like to repeat our apology for the confusion our old privacy policy has caused. We are now taking steps to improve our processes for releasing any information related to Audacity in the future to ensure that users are appropriately informed. We understand that some people may have questions concerning the revised Privacy Policy, which we will do our best to answer here.
Beta Was this translation helpful? Give feedback.
All reactions