Audacity to become spyware?

Discussion in 'Techforge' started by NAHTMMM, Jul 5, 2021.

  1. NAHTMMM

    NAHTMMM rhymes with Htom

    Joined:
    Mar 29, 2004
    Messages:
    14,831
    Location:
    Wisconsin
    Ratings:
    +10,220
    https://fosspost.org/audacity-is-now-a-spyware/

    And more at the link. Time to go shopping for a different free audio editor, I guess!

    Edit: it looks like you might be fine with v2.
    • Agree Agree x 1
  2. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    I saw a similar post on FB. I get the feeling that the issue may be a bit overblown. I'm quite familiar with Audacity and the developers have a very active FB page where the frequently interact with posters. When the spirit moves I'll go over there and see if they have any comment. Usually, greed would be the motivation for such a thing, but it's free and I'm really not sure what information would be gained and how it would be monetized. It's good software and comes about as close to being "user friendly" as any recording software can be. If anyone needs basic recording software Ocenaudio (that is the correct spelling) is from a Brazilian group that's also pretty easy to use and is free.

    eta: here's an article on the issue that seems to be pretty even-handed.
  3. Tuckerfan

    Tuckerfan BMF

    Joined:
    Oct 13, 2007
    Messages:
    79,024
    Location:
    Can't tell you, 'cause I'm undercover!
    Ratings:
    +159,517
    Short answer: If you’re a despot and you know that people opposed to you are using software to record podcasts protesting your regime, having software that monitors the recordings and sends data to you can help you pin down who the folks are making the podcasts. Longer answer whenever I have some time.
    • Agree Agree x 1
    • popcorn popcorn x 1
  4. NAHTMMM

    NAHTMMM rhymes with Htom

    Joined:
    Mar 29, 2004
    Messages:
    14,831
    Location:
    Wisconsin
    Ratings:
    +10,220
    There's an update that the privacy update may have simply been poorly written. Something to keep an eye on. Going to add a ? to the title.
    • Agree Agree x 1
  5. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    • Thank You! Thank You! x 1
  6. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    Here's a follow up from a site called CDM.

    An excerpt points out that Fosspost's original claim may have been a bit overwrought mixed in with a dose of the pot calling the kettle black.
    I’m sorry, as this is a bit too easy and possibly mean, but let’s review the privacy policy at FOSS Post – the site that wants you to delete Audacity and contribute to a fork. You may have noticed you already had to click past a GDPR banner if you live in the EU as I do. (The German GmbH I own that legally publishes what you’re reading now is very much obligated to this same legal standard.) From their policy, just part of what they collect as you use their site (among other things):

    When you visit fosspost.org, we receive your IP address, browser user-agent and some other cookies your browser may provide us with. Some of this data is stored at our backend servers and some of them are stored remotly [sic] at 3rd-party services or the hosting company and CDN we use.

    In other words, just reading the article on FOSS Post means you gave them essentially the same data a future, non-shipping version of Audacity would collect – IP address and OS. That’s even before taking into account cookies and ads. Obviously, this site (CDM) does the same, as we are all, like it or not, part of the same basic regimen of how advertising currently works on the Web.
    • Thank You! Thank You! x 1
  7. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    Okay, here's what I think should be the last word on Spywaregate. Don Baarns is someone I've worked with and who has helped me enormously when it comes to improving the quality of the audio I can turn out of my rather rudimentary recording space. Whatever he says is good enough for me. YMMV.
    • Thank You! Thank You! x 1
  8. Tuckerfan

    Tuckerfan BMF

    Joined:
    Oct 13, 2007
    Messages:
    79,024
    Location:
    Can't tell you, 'cause I'm undercover!
    Ratings:
    +159,517
    Okay, now the longer explanation.

    I'll get to the Pootie-Poot part in a bit. The company that bought Audacity is wanting to make money off of it. How? I don't know. There's certainly legitimate ways to do that, such as charging for the software, though I don't know if anyone will be willing to pay for it going forward. There are also illegitimate ways of doing this as well. One of the big ways people do this, that would certainly be applicable to podcasting software, is that they'll falsely file a copyright strike with YouTube. (I need to point out that a lot of podcasters, even if they're only doing audio, will make available the audio of their podcast on sites like YouTube to get more listeners.)

    One of the things that YouTube does, if someone files a copyright strike with them is give them the choice: They can get YouTube to pull down the offending video, or they can allow YouTube to run ads on the video, and they get the money from the ads. Legitimate copyright holders who file a claim will do one or the other, depending upon the particulars of the work being infringed. The folks falsely claiming to have a copyright claim will almost always (unless they're trying to get someone removed from YouTube because they don't like them) take the ads option. They are then able to get a sizable chunk of change, with no effort, even if the actual copyright holder contests the claim (YT doesn't make it easy to object, and it can take months to get resolved).

    Your big entertainment companies already put inaudible triggers in their works, so that if they're illegally uploaded to a site like YT, their bots can find them and flag them with YT. These bots, of course, are incapable of figuring out what is "fair use" or not, and will even pull down a video made by fans, excitedly pointing out all the Easter Eggs in the latest movie trailer. (Not only is that clearly "fair use," but it is also free advertising for the movie.)

    Forget the "phone home" aspect that they're putting into Audacity, they can have it inject triggers into stuff, then when it gets uploaded to YT, their bots auto-file a copyright claim, demand ad revenue, and the smaller podcasters will have a bitch of a time getting the ads taken down (if they ever are). Do it for enough, even really small podcasters, and you can make big money.

    Yes, I know, it doesn't appear such code is in there, but one of the ways that malware apps slip through the various app store verification processes is that they initially submit a clean app, and then, months later, they push out an update that has the malware in it. Notice that they're planning on putting an auto-update feature into Audacity.

    Paranoid? Sure, but we're dealing with people tied to Putin, and not only does Putin have no problems with murdering people outside of Russia, but he's also got his mitts in every major company in Russia. If this idea hasn't occurred to him already, it certainly will later on. Not to mention, it has the potential, as I pointed out earlier, to give him information on dissidents who might be using Audacity to record anti-Putin podcasts.

    I have been told that this is a good, free, alternative to Audacity. I haven't had a chance to play with it yet, so I don't know how it compares. I do notice that it can handle some file formats that Audacity can't, so that's a plus.
  9. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    I've used OcenAudio. For long form narrations it's got a very easy to use punch and roll system. Noted audiobook narrator Steven J Cohen has an excellent video on Youtube describing how to use it. I now use Studio 1 (which is a real bitch to learn). Thanks to Don Baarns' Jumpstart Course, I'm able to use it effectively, although when it comes to multitrack editing, I have a copy of Adobe Audition 1.5 that still works with Windows 10. I'm also suspicious of anything to do with Russia, but I'm confident that enough watchdogs are keeping an eye on it to sound the alarm if any of Vlad's minions try to slip something nasty into a download. One thing about this whole mess is that it has shined some light into something that the buyers (if they are up to no good) would have no doubt preferred went unnoticed. That may be the best protection of all.
  10. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    Okay here's the latest: a groveling apology from the Audacity/Muse gang.
    We drafted the original privacy policy as a legal text. We appreciate that for our community, as well as our users, much of phrasing in the policy produced more questions than answers. From now on we will provide context for changes we make to the policy in a user friendly way. Part of the problem with the original privacy policy is terminology. There are terms we are legally required to use in order to ensure compliance with the GDPR and the CCPA. The best example is the catchall phrase ‘personal information’, a non-specific term that understandably raises concerns for regular readers. While that term must still appear in the new privacy policy, we have tried to be a lot more specific about the actual information we are referring to wherever possible.
    The most unclear and damaging part of the original document stated that we collect personal information “…necessary for law enforcement, litigation and authorities' requests (if any)”. This was interpreted to mean that we intended to collect and store unspecified additional information on top of the basic system information mentioned elsewhere in the privacy policy. This is not true, as could be seen through inspection of the source code and network analysis of the release binaries. However, we agree that the wording used in the old privacy policy made it sound like it might be true. We have now changed the wording to remove this source of confusion. To be clear, any organisation, if ordered by the court, is required to cooperate with an investigation, and doing otherwise is considered to be an obstruction of justice. These are not the rules we create, these are the requirements we must follow. However, we would only be able to provide the specific information mentioned in the privacy policy (outlined below) and nothing more. In addition, the steps we have taken to anonymise all stored data means that it would be of extremely limited use to anyone.
  11. Tuckerfan

    Tuckerfan BMF

    Joined:
    Oct 13, 2007
    Messages:
    79,024
    Location:
    Can't tell you, 'cause I'm undercover!
    Ratings:
    +159,517
    Yeah, I'll still look at moving away from the software
  12. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    You sound like an anti-vaxxer.... :spock:
  13. Tuckerfan

    Tuckerfan BMF

    Joined:
    Oct 13, 2007
    Messages:
    79,024
    Location:
    Can't tell you, 'cause I'm undercover!
    Ratings:
    +159,517
    Save for the fact that there's good reason to believe that Putin's tied to everything in Russia that makes money.
  14. MikeH92467

    MikeH92467 RadioNinja

    Joined:
    Mar 29, 2004
    Messages:
    13,595
    Location:
    Boise, Idaho
    Ratings:
    +24,106
    Well, I won't disagree with that, simply because I believe it as well. That said, I haven't figured out yet what the hell they could do with anything that I've ever recorded on Audacity. At any rate, there are plenty of alternatives...both fee and paid...God knows I've tried enough of them...
  15. Tuckerfan

    Tuckerfan BMF

    Joined:
    Oct 13, 2007
    Messages:
    79,024
    Location:
    Can't tell you, 'cause I'm undercover!
    Ratings:
    +159,517
    I'm having some odd glitches with Audacity, despite the fact that I haven't updated it recently (though it might have updated itself without my knowing about it). It might not have anything to do with Audacity, and might be tied to something with a Windoze update. Still, one can see how this might compel someone to update to a newer version, even if Audacity did nothing to cause the issues.