Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Audacity users are seriously angry right now - here’s why

Image Description

An update to the Audacity privacy policy has raised concerns the audio editor may be used to harvest a wealth of user data under its new ownership.

Audacity was purchased earlier this year by a company called Muse Group, which owns various music and audio software, such as Ultimate Guitar, MuseScore and Tonebridge.

When the acquisition was announced, Muse Group promised the software would remain free and open source. However, sections of the community believe the new privacy policy runs counter to philosophies and ambitions of the open source movement; some have gone as far as to call Audacity “spyware”.

Under the new privacy policy, Audacity will collect information such as OS version, CPU and error codes, but also the location of the user. According to the policy, this information is required for analytics purposes and to improve the application, although it’s unclear where location data slots into this picture.

The policy goes on to state that Audacity will collect “data necessary for law enforcement, litigation and authorities’ requests”, but does not expand on what type of information this clause might cover, leading to speculation it could be used to justify an unacceptable breach of user privacy.

Audacity outcry

Ever since the Audacity acquisition, relations between Muse Group and the open source community have been strained.

The company ruffled feathers with a new Contributor License Agreement (CLA) for Audacity, which contributors were required to sign if they wanted to continue to work on the project. This new agreement also stipulated that Muse Group must be given unrestricted rights to all contributions.

A significant portion of the community felt the new CLA compromised the values of the open source ecosystem, built around the concepts of transparency and collaboration, by allowing Muse Group to use code submitted by contributors in other non-open source projects.

For others, the privacy policy update was the final straw. Contributors have taken to both GitHub and Reddit to call for a fork of the software, which would see developers break away to develop a new audio editor, using Audacity code as the backbone.

TechRadar Pro asked Muse Group for specific details about the data collection activities covered by the privacy policy and for a perspective on the community outcry, but the company has not yet responded.

Via FOSS Post

Date

05 Jul 2021

Sources

Share

Other Blog

  • What is a blog and why you should start one

    Want to start a blog but don't know where to start? This guide will show you everything you need to know about blogging.

    Read More

  • The best website builder 2020

    Create an online site for yourself or your business in minutes with the best website builder choices

    Read More

  • Historic data breach exposes practically all US voters ahead of election

    Massive databases containing detailed information about US voters are circulating underground forums.

    Read More

  • Russia creates its own TLS certificate authority to bypass sanctions

    Russia has formed a domestic trusted TLS certificate authority (CA) to help Russian sites renew their TLS certificates and continue providing services to their visitors.

    Before its invasion of Ukraine, websites based in Russia would pay international CAs for the renewal of their TLS certificates. However, since the invasion also resulted in heavy sanctions, signing authorities in these Western countries can no longer accept the payments, and therefore, cannot renew the certificates.

    If a website certificate is expired, the browser will display a message that the page the user wants to visit is insecure - and to work around this problem, Russian authorities have come up with a domestic CA. 

    Two browsers recognize the new CA

    “It will replace the foreign security certificate if it is revoked or expires,” a rough translation of the announcement published on the Russian public services portal, Gosuslugi, reads. “The Ministry of Digital Development will provide a free domestic analog. The service is provided to legal entities – site owners upon request within 5 working days.”

    All of this is not as easy as it sounds. A CA needs to be trusted by web browsers, and to get there - it needs to be vetted by “various companies”, as BleepingComputer puts it. That, it seems, can’t happen overnight. 

    As things stand now, only two browsers recognize the new CA as trustworthy: Yandex, and Atom. The former is Russia-based, while the latter is open-source. So far, Sberbank, VTB, and the Russian Central Bank, have received these new certificates, the publication states. 

    Going forward, some 200 domains have been notified of the new TLS certificate, but as they’ve not been made mandatory, there’s no telling how long it will take for the companies to adopt them, or how many will do it, to begin with. 

    Read more

    > Ukraine wants Russia kicked off the internet

    > ICANN rejects call to remove Russian domains from the Internet

    > Russia could target Starlink users in Ukraine, warns Elon Musk

    The sanctions that came as the result of Russia’s invasion of Ukraine, are taking its toll on the invader’s economy. Many services, such as PayPal, Visa, Mastercard, or even SWIFT, are unavailable in the country, while most of the Western retailers, such as Microsoft, Apple, Google, McDonalds, Coca-Cola, and many, many others, have pulled out. 

    For experts at cybersecurity firm Venafi, the establishment of the new Russian CA also could create the possibility of a catastrophic single point of failure for Russian entities, as they see the CA as a “clear strike at privacy and freedom online”, as it gives the Russian government the power to spy on its citizens, and spoof any Western internet services. 

    “All of this should come as no surprise,” says Kevin Bocek, Chief Security Strategist for Venafi. 

    “It is further escalation in conflict against an open Internet and an expansion of control over citizens. Russia is also locking itself out of the global economy and dimming the hopes of economic growth for current and future generations of Russian citizens.”

    “It’s safe to assume that this new CA will be a primary target of Anonymous and other groups that are currently waging cyberattacks against Russian entities,” adds Pratik Selva, Security Engineer at Venafi. “Unlike the rest of the world, both government and private-sector Russian sites and infrastructure don’t have a CAs, so this one goes down or is compromised every website connected to it will be disconnected from the internet until a new CA is created and new certificates can be issued.”

    Via: BleepingComputer

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us