FOSS Post reports that Audacity has updated its privacy policy page over the weekend. The new additions include a wide range of data collection mechanisms. For example, there’s a line that says it can hand any user data to state regulators. Additionally, there’s the bit that says that it may share data with third parties, which range from auditors to potential buyers. That last bit, according to the description, refers to when the software or parts of it are being sold, merged or acquired by another company. IP addresses of users are also retained for a day on Audacity servers before they are hashed. This means that they are identifiable for a whole day.
Audacity is currently owned by Muse Group. FOSS Post reports that the acquisition happened back in May, which makes it a pretty recent thing. But it didn’t take long before this data collection mechanism was implemented. Some of the data being collected and the reason for their collection makes some measure of sense. Things like OS name and version alongside error codes for troubleshooting and bug fixing. But sending that means revealing your IP address in the first place. While calling it spyware is probably a step too far, it’s hard to deny that Audacity, an offline audio editing software, is collecting data it doesn’t need. The open source community has reacted in a mostly negative manner, predictably so. (Source: Audacity, GitHub, Reddit via FOSS Post)
