Telemetry is originally intended to help Muse Group to continue with the development of the program. The company wants to collect bug reports so that it can better debug the program. So far, regular, since being an offline program it would not have to send data to any server. But things got worse in July, when the company released more details on everything it will collect from users’ computers when the new automatic update feature becomes available.
Audacity: audio editor or spyware?
Earlier this month, the Muse Group confirmed what many already feared: the huge amount of data nonsense they collected from users. Among many others we can highlight:
- Operating system version.
- Country based on IP (and therefore IP).
- Name and version of the operating system.
- Non-fatal error codes and messages.
- Critical error memory dumps.
Some of this data may make sense, for example, the CPU or the operating system. But others are not at all logical. For example, does having one IP or another affect something before a failure? That is without taking into account that if the program dumps it and sends it to the Muse Group, there is very sensitive data, such as passwords, that can be sent along with those memory dumps.
Things get very complicated when we read the fine print and we realize that this data, in addition, can be transferred to third parties if necessary. And we are talking about a company with headquarters in Russia and the United States, countries that do not exactly stand out for their privacy.
Because Audacity is an open source program, there are many forks already available that remove these privacy features. Something that, by the way, the Muse Group does not like and has come to face some users with threats to delete their repositories.
Muse Group rectifies with telemetry, but it is not enough
- Better wording to remove ambiguity and aid transparency.
- The two network functions explained: bug reporting and update check.
- Removed the entry that recommended that children under 13 not use the program.
- IP addresses are not stored in full.
- The way bug reports are processed has been changed so that no personal information is saved.
Specifically, for search for updates The version of Audacity used and the operating system we use (name and version) are sent to the servers, as well as the country where we live by its IP. And, for error reporting, the error code, trace stacks and basic information consisting of the CPU, the Audacity version and the name and version of the operating system are collected.
Although the data it collects is increasingly limiting, it remains unacceptable. Any amount greater than zero, as it did before, that the program collects is not acceptable for users who have been using the program for decades.