You are not logged in.

#1 2021-07-05 02:10:53

PackRat
jgmenu user Numero Uno
Registered: 2015-10-02
Posts: 1,428

Audacity now a possible spyware -

Bummer if true; popular application:

Audacity is now spyware


You must unlearn what you have learned.
    -- yoda

Offline

#2 2021-07-05 02:17:33

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

Very sad to see something like this happening. In the Open Source world I am sure there will become a fork of the last codebase before the acquisition. I will NOT upgrade this program on any machine at this time and others should not either as these data collection backdoors could well attract hackers and miscreants.

I do hope this is not true but the Audacityteam site has that announcement. Hopefully we shall see what fallout comes of this.

Last edited by DeepDayze (2021-07-05 02:18:00)


Real Men Use Linux

Offline

#3 2021-07-05 03:01:04

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,168
Website

Re: Audacity now a possible spyware -

Sounds a bit over the top. I can't see Debian including known spyware on their repositories.
The Debian code is stored on salsa, details:
https://tracker.debian.org/pkg/audacity
https://salsa.debian.org/multimedia-team/audacity

I doubt they would merge in anything suspicious from github.
https://github.com/audacity/audacity/commits/master
But anyway, this is open source, all the commits are there to check if anyone wants to go over recent changes:
https://github.com/audacity/audacity/commits/master

From reddit, though:
https://www.reddit.com/r/linux/comments … &context=3


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#4 2021-07-05 03:19:41

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

Interesting. Meanwhile, the vastly superior Ardour 6.8 was released this week...

https://ardour.org/whatsnew.html

But Audacity was the go-to for a simple DAW, ready to use OOTB. Sad if true.

Offline

#5 2021-07-05 05:30:38

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,168
Website

Re: Audacity now a possible spyware -

^Happy to see Ardour in the Debian repos.
Does it play nicely with pulseaudio?


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#6 2021-07-05 08:22:40

glittersloth
buena piñata
Registered: 2015-09-30
Posts: 1,364

Re: Audacity now a possible spyware -

This bit from the page @PackRat linked, along with the github discourse, tells me the writing's on the wall;

Muse Group, after acquiring Audacity, introduced a CLA where it requires anyone wishing to send a pull request to the original source code to agree on giving them unlimited and unrestricted rights to own the modified lines of code.

That Dre DeVault (iirc, he wrote Sway) quote in the github thread pretty much sums it up. Audacity is now like your wife discovering Facebook. Tainted, forever.

That they supposedly abandoned the plan, only to sneakily update their privacy policy hoping that no one would notice, probably tells us all we need to know.

Debian builds may try to opt you out by default, like they do (or at least used to) with some of the Firefox options, or perhaps disable telemetry completely in the build system via CMake variables. If that's not possible, then they'll probably host the fork (if/when it becomes available) or maintain the older version for as long as it's feasible.

Of course, it could be forked by Germans who'll embed their swanky new "Staatstrojaner" in it, so..... pick your poison?

Last edited by glittersloth (2021-07-05 11:58:38)

Offline

#7 2021-07-05 19:02:52

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

johnraff wrote:

^Happy to see Ardour in the Debian repos.
Does it play nicely with pulseaudio?

Ardour actually now recommends just using pulseaudio for general purposes, the latency is acceptable for home studio engineering...

https://ardour.org/jack-n-pulse.html

Ardour wrote:

Final note before we get started: these days (late 2019) we generally recommend using Ardour without JACK unless you specifically need to. If you want to share the audio interface with other applications you will need to use JACK, because Ardour's own ALSA audio/MIDI backend currently can only use a single audio interface at a time.

I recently just messed with JACK again and also pipewire (very promising!) but on Bullseye it's much easier to get ardour playing nicely just using pulseaudio and pavucontrol (and I would have saved a lot of time and aggravation going that route from the get-go).

---

All the versions of Audacity in Debian are safe. Bullseye and sid currently have the last safe version, 2.4.2.

https://packages.debian.org/sid/audacity

The original Audacity devs have also archived 2.4.2...

https://archive.org/details/audacity-2.4.2

Offline

#8 2021-07-06 02:39:08

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

Ardour on Bullseye...

RHVPExkt.png

Offline

#9 2021-07-06 03:01:29

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,168
Website

Re: Audacity now a possible spyware -

glittersloth wrote:

Debian builds may try to opt you out by default, like they do (or at least used to) with some of the Firefox options, or perhaps disable telemetry completely in the build system via CMake variables. If that's not possible, then they'll probably host the fork (if/when it becomes available) or maintain the older version for as long as it's feasible.

My guess too.

@hhh thanks for the Ardour encouragement. Next time I have an audio project + some spare time I'll check it out.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#10 2021-07-06 03:15:53

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

johnraff wrote:

@hhh thanks for the Ardour encouragement. Next time I have an audio project + some spare time I'll check it out.

Let me know if you get stuck. I'm by no means an expert but I've made it through the first stages of learning.

Offline

#11 2021-07-06 16:26:46

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

Would be good for Ardour to have a novice mode that can resemble Audacity to help new users move to it from Audacity, but yet still keep the advanced features tucked away in its standard mode.

Good for Debian to keep the version at 2.4.2, at least until the concerns about the new version (and new owners) are all resolved to everyone's satisfaction. If there's a fork, that be even better.


Real Men Use Linux

Offline

#12 2021-07-07 08:10:32

damo
....moderator....
Registered: 2015-08-20
Posts: 6,660

Re: Audacity now a possible spyware -


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#13 2021-07-07 15:48:02

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

Yet the damage has been done already in my opinion as publishing that privacy policy was plain wrong. Why should an offline app be collecting data? No need for Audacity to be phoning home and the only online act should only be when user checks for updates.

Rather than deny, perhaps then Audacity's new owner ought to rescind that privacy policy and revert to the original policies in place prior. So there ought to be a fork where all the telemetry and data collection is stripped out at compile time and that ought to be what Debian would do if a new version is released considering Debian has strict policies on privacy.

Last edited by DeepDayze (2021-07-07 15:49:55)


Real Men Use Linux

Offline

#14 2021-07-07 16:35:40

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

DeepDayze wrote:

Would be good for Ardour to have a novice mode that can resemble Audacity to help new users move to it from Audacity, but yet still keep the advanced features tucked away in its standard mode.

Or one brief, well-made YouTube video walking through a basic Ardour setup and recording using just pulseaudio and a USB microphone. Of the few Audacity vids out there, Irfan has the best but uses jack and even his beginner video is pretty complicated and is catered to his setup and preferences.

Offline

#15 2021-07-07 17:26:28

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

hhh wrote:
DeepDayze wrote:

Would be good for Ardour to have a novice mode that can resemble Audacity to help new users move to it from Audacity, but yet still keep the advanced features tucked away in its standard mode.

Or one brief, well-made YouTube video walking through a basic Ardour setup and recording using just pulseaudio and a USB microphone. Of the few Audacity vids out there, Irfan has the best but uses jack and even his beginner video is pretty complicated and is catered to his setup and preferences.

That would be a great idea for something like that just for people new to Ardour how to set it up and use it even for a simple use case for recording voice with just a single mike and outputting the resultant recording into a simple WAV or MP3.

Or even how to use Ardour for digitizing your CD's and cassettes with full control over the audio.

Last edited by DeepDayze (2021-07-07 17:27:18)


Real Men Use Linux

Offline

#16 2021-07-07 23:32:28

jeffreyC
Member
Registered: 2019-09-07
Posts: 53

Re: Audacity now a possible spyware -

The no telemetry Audacity fork:

https://github.com/tenacityteam/tenacity

Offline

#17 2021-07-08 00:22:05

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

jeffreyC wrote:

The no telemetry Audacity fork:

https://github.com/tenacityteam/tenacity

Now that's a cool name for this fork! Tenacity really fits.

Maybe Debian should take a look at this to see if it is worth packaging as I am sure the Debian maintainers will take a stand on this debate. I am also sure Arch would love to have this at least in the AUR.

Last edited by DeepDayze (2021-07-08 00:23:22)


Real Men Use Linux

Offline

#18 2021-07-08 02:17:38

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,168
Website

Re: Audacity now a possible spyware -

DeepDayze wrote:

So there ought to be a fork where all the telemetry and data collection is stripped out at compile time and that ought to be what Debian would do if a new version is released considering Debian has strict policies on privacy.

I would be very surprised if Debian hadn't done that already, assuming that there even was such code in audacity <=2.4.2

the only online act should only be when user checks for updates

Of course on Debian the only way to update a package is via the official repositories. Firefox on Debian had its "update" option stripped out years ago.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#19 2021-07-08 02:23:02

hhh
Meep!
Registered: 2015-09-17
Posts: 12,032
Website

Re: Audacity now a possible spyware -

One of the first Audacity forks that will appear, Tenacity...

https://github.com/tenacityteam/tenacity

Offline

#20 2021-07-08 08:29:54

ohnonot
...again
Registered: 2015-09-29
Posts: 5,532

Re: Audacity now a possible spyware -

johnraff wrote:

Sounds a bit over the top. I can't see Debian including known spyware on their repositories.

glittersloth wrote:

Debian builds (...) disable telemetry completely in the build system via CMake variables.

AFAIU that's already happening on most distros; I read some comments that these _can_ be disabled with some simple switches, and this whole thing is largely a non-issue for Linux users.
But it still leaves a bad taste and wondering what the future will bring.
There's also the related issue of some problematic licensing changes, not sure how Debian is going to deal with that.

For now I just made sure that my version of Audacity does not contain any nonsense, and blocked updates for it.


Give to COVAX! Here or here. (explanation)

Offline

#21 2021-07-08 14:35:44

DeepDayze
Like sands through an hourglass...
From: In Linux Land
Registered: 2017-05-28
Posts: 1,278

Re: Audacity now a possible spyware -

johnraff wrote:

I would be very surprised if Debian hadn't done that already, assuming that there even was such code in audacity <=2.4.2.

2.4.2 seems to be safe on Debian, and on Windows 3.0.2 seems to be OK as it was released just before Muse closed its acquisition. I blocked updates on the Windows one just to be safe.

Last edited by DeepDayze (2021-07-08 14:36:37)


Real Men Use Linux

Offline

#22 2021-07-16 21:42:31

jeffreyC
Member
Registered: 2019-09-07
Posts: 53

Re: Audacity now a possible spyware -

Another telemetry free fork:

https://github.com/SartoxOnlyGNU/audacium

Offline

#23 2021-07-23 05:41:28

AndrewSmart
Member
Registered: 2019-06-10
Posts: 29

Re: Audacity now a possible spyware -

Interesting. I looked into Audacity some years ago and submitted 3 patches to their mailing list for their consideration. They were nice. One of the devs chatted with me off-list.

I'm in Richard Stallman's philosophical camp on this.

Today it looks like the Audacity "owner" apologized and revised the privacy policy, but allegedly they still are trying to circumvent "copyleft" and thus there remains good reason for a fork: https://fosspost.org/audacity-developer … cy-policy/

Weird.

Offline

#24 2021-07-23 09:21:30

jeffreyC
Member
Registered: 2019-09-07
Posts: 53

Re: Audacity now a possible spyware -

Their CLA reminds me of the Canonical/Ubuntu CLA from back when upstart was a rival to systemd for the Debian init.
Wonder if they just copied it?

Offline

#25 2021-07-27 20:07:35

The Byte Size Brawler
Member
From: Lurking In The Record Store
Registered: 2021-05-16
Posts: 7

Re: Audacity now a possible spyware -

To be fair I rarely use Audacity now days (not sure why I still I've still got it installed probably just encase I need to do some super quick recording etc) If this is still true then it might be worth taking a look at a fork then

hhh wrote:

Interesting. Meanwhile, the vastly superior Ardour 6.8 was released this week...

https://ardour.org/whatsnew.html

But Audacity was the go-to for a simple DAW, ready to use OOTB. Sad if true.

I've been a Reaper user for years I've never used Ardour, am I missing much? (Did a google search but it came up with the usual really unhelpful comparison waffle)

Offline

Board footer

Powered by FluxBB