[HN Gopher] New [July 2, 2021] Audacity Data Collection Policy
___________________________________________________________________
New [July 2, 2021] Audacity Data Collection Policy
Author : prvc
Score : 21 points
Date : 2021-07-03 19:59 UTC (3 hours ago)
(HTM) web link (www.audacityteam.org)
(TXT) w3m dump (www.audacityteam.org)
| eric__cartman wrote:
| If you're looking for a good alternative to Audacity for doing
| audio recording/production I recommend Ardour.
| (https://ardour.org/)
|
| Sadly you have to pay to download it from their site, but if you
| compile it yourself on Windows/MacOS or install it through the
| repositories of your Linux distro, the full version is available.
| Or download builds here:
| https://archive.org/download/ardour-6-builds (I haven't tested
| these so proceed with caution.)
| Turing_Machine wrote:
| These new terms don't appear to be anywhere in the current source
| repo on Github, so maybe fork while the forking's good.
|
| https://github.com/audacity/audacity
| dane-pgp wrote:
| Is there a team out there who is willing to maintain a fork of
| Audacity? They could call it "Temerity".
| dsr_ wrote:
| It's GPL, so I expect a fork in about 3, 2, 1...
| motohagiography wrote:
| I can use ffmpeg from sources for most use cases, but this non-
| privacy policy taints my impression of the project.
|
| There was a really nice blog post and intro from the new product
| manager for Audacity some months ago talking about the new
| governance, and he seemed very earnest and positive, but looking
| at this privacy agreement, I'd wonder how much executive power
| earnest people could have in it.
|
| Thinking the solution to this may be a privacy patch that carves
| out this data collection code. I really don't want to have to
| comb through sources or binaries for watermarking features and
| other spy tools.
|
| One thing that does not appear mentioned in the table of data
| they collect is _When_ they collect your OS and IP address, and
| what other metadata about your project files gets collected.
|
| Let's say I am processing some sensitive media, or even analyzing
| politically provocative materials, do hashes of it or
| identifiable information about my content get sent to Audacity
| that can be compared online?
|
| Given the Data Controller in that privacy agreement is regstered
| in Russia, if I use Audacity to do audio forensics on purported
| Russian propaganda media, does that mark out my IP/OS and
| identifiers to them? This seems like an extreme question, but the
| tools that are going to be used to fight deepfakes are going to
| (or were going to) include tools like Audacity.
|
| Under what they collect about you:
|
| > "Data necessary for law enforcement, litigation and
| authorities' requests (if any)"
|
| So an unspecified blob of law enforcement data, which is anything
| they want. This is not a privacy commitment. I can see why there
| was some controversy on the project.
|
| The obvious question is, "we're a commercial service who is now
| responsible for this, and things are complicated, so what would
| you have us do?"
|
| The answer is: facilitate completely offline, and anonymous use
| of the open source parts of the code, potentially by allowing
| users to flag privacy invading code as off at compile time.
| chris_wot wrote:
| So kids under 13 can't use Audacity? Such nefarious software!
| iratewizard wrote:
| Those 13 year old may end up using audacity for the
| development, design, manufacture, or production of nuclear,
| missile, or chemical or biological weapons. Kids are up to
| crazy things these days.
| benttoothpaste wrote:
| Worse than that! Those kids can use audacity to facilitate
| COPYRIGHT INFRINGEMENT!
| greyface- wrote:
| > The App we provide is not intended for individuals below the
| age of 13. If you are under 13 years old, please do not use the
| App.
|
| This is farcical.
| gus_massa wrote:
| Audacity has a GPL2+ license. Is it legal to add an age
| restriction to the compiled version?
| initplus wrote:
| Copyright holders have complete freedom to license tehir work
| under any terms they like. I believe it's actually legal to
| sell commercial use licenses for GPL'd code for example. Or
| to switch licenses for all future releases.
|
| You just cannot revoke existing license terms.
| greyface- wrote:
| GPLv2 says: Activities other than copying,
| distribution and modification are not covered by this
| License; they are outside its scope. The act of
| running the Program is not restricted, and the output from
| the Program is covered only if its contents constitute
| a work based on the Program (independent of having been
| made by running the Program). Whether that is true
| depends on what the Program does.
|
| I can see several possible readings. The first sentence seems
| to regard "use" as out of scope, and therefore, MuseScore
| could be well within their rights to restrict it. But the
| second sentence then seems to grant an unrestricted right to
| run the program, which this policy denies for people under
| 13.
|
| edit: GPLv3 says: All rights granted under
| this License are granted for the term of copyright on
| the Program, and are irrevocable provided the stated
| conditions are met. This License explicitly affirms your
| unlimited permission to run the unmodified Program.
| The output from running a covered work is covered by
| this License only if the output, given its content,
| constitutes a covered work. This License acknowledges your
| rights of fair use or other equivalent, as provided by
| copyright law.
|
| I can't see this being allowed under GPLv3. And the GPL is
| pretty clear that in "GPLv2 or later" situations, it's the
| _user_ who chooses.
| elaus wrote:
| Many states and jurisdictions (like the EU with GDPR) severely
| limit what personal data of minors you can store.
| markovbot wrote:
| good thing there's absolutely no reason to store any data
| about users of an offline desktop app!
| kian wrote:
| It is beginning to look like Audacity and MuseScore were both
| purchased for the purpose of extending the domain of copyright-
| infringement to the act of using these tools in an unsanctioned
| manner.
|
| To quote:
|
| * For legal enforcement * Data necessary for law enforcement,
| litigation and authorities' requests (if any) * Legitimate
| interest of WSM Group to defend its legal rights and interests
|
| It is unclear from the above what kind of legal enforcement they
| have in mind. A telemetry advanced enough for copyright-
| enforcement is also advanced enough to be abused to steal the
| work of people without the means or knowledge required for legal
| recourse.
|
| Will instruments start listening in on what's being played at the
| campfire to ensure that college students don't infringe on the
| "rights" of copyright-holders? Will construction tools start
| snitching on people who don't call in the appropriate union help
| for the job to be done?
|
| Where does this end?
| stordoff wrote:
| > Data necessary for law enforcement, litigation and authorities'
| requests (if any)
|
| I'm not sure this really tells me what "Personal Data they
| collect". It feels more like a restatement of the purpose for
| collection ("Why we collect it - For legal enforcement"), and
| hardly in the spirit of the "very limited types of Personal Data
| that we may collect"
| eric__cartman wrote:
| It's "very limited types of personal data" until you become a
| despicable copyright violator.
___________________________________________________________________
(page generated 2021-07-03 23:02 UTC)