• wewbull@feddit.uk
    link
    fedilink
    English
    arrow-up
    61
    ·
    9 months ago

    I thought audacity was tarnished with spyware or something these days. Is it safe again?

    • xor@infosec.pub
      link
      fedilink
      English
      arrow-up
      97
      ·
      9 months ago

      after looking into it:
      it’s not and it never was.
      a) it’s open source, so nobody’s putting that shit in there without getting caught
      b) it had an opt-in error reporting feature that would send data back… that was the entire thing…

      • drislands@lemmy.world
        link
        fedilink
        English
        arrow-up
        26
        ·
        9 months ago

        What? You must be joking. Really? The entire thing was about opt-in error reporting?

        … seriously, that can’t be it, can it?

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          32
          ·
          edit-2
          9 months ago

          Not really that simple, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.

          https://github.com/audacity/audacity/issues/1213

          Changes were eventually reverted or revised.

          • doctorcrimson@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            9 months ago

            Were they reverted? I’ll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I’m not downloading it, Open Source projects generally don’t need telemetry to begin with.

        • xor@infosec.pub
          link
          fedilink
          English
          arrow-up
          14
          ·
          9 months ago

          yep… really just that…

          i’ve used it forever with a very restrictive firewall and i’ve never seen it do anything unexpected… or any phoning home at all…

        • doctorcrimson@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          9 months ago

          in 2021 Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.

            • doctorcrimson@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              9 months ago

              If it was truly opt in, then why did the community feel the need to create forks removing the telemetry? Plus, a lot of FOSS don’t need telemetry to start with. They get tons of voluntary high quality feedback without automated collection.

          • Klear@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            9 months ago

            I’ve read this exact or very similar comment from you for the fourth time at least. You’re a spambot as far as I’m concerned.

      • books@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        9 months ago

        Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn’t malicious? I can barely read my coworkers code… Let alone a strangers.

        • xor@infosec.pub
          link
          fedilink
          English
          arrow-up
          6
          ·
          9 months ago

          people are definitely going through the code on a project as popular as audacity…
          less well known stuff is much less scrutinized, of course

        • aidan@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.

        • lemmeee@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.

      • doctorcrimson@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 months ago

        That’s not entirely true, Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.

    • InfiniWheel@lemmy.one
      link
      fedilink
      English
      arrow-up
      74
      ·
      9 months ago

      It was a pull request to add opt-out analytics that got blown out of proportion, where the real issue was the EULA and how tonedeaf of a move it was considering the community around Audacity. IIRC, they ended up replacing it with opt-in analytics.