Under the new policy, Audacity will collect information such as OS version, CPU type, error codes and the location of the user. The document also states that Muse Group, owner of Audacity, will collect “data necessary for law enforcement, litigation and authorities’ requests”.
Speaking to the BBC, Muse Group sought to allay these concerns and clarify the reasons for the policy update.
“We don’t know anything about our users,” said Daniel Ray, Head of Strategy at Muse Group. “We don’t want users’ personal information – that doesn’t help us.”
According to Ray, the changes were designed to allow the company to notify users of planned updates to Audacity, which will supposedly now take place every few weeks.
“If you don’t have ways of informing users about updates they might miss, then you put the burden on the user to keep up with the pace of change,” he explained.
Ray attributed the confusion to the fact the policy was “written by lawyers, to be understood by lawyers rather than the average person”, although this will be cold comfort for users’ concerned about data privacy.
Ever since Muse Group acquired Audacity earlier this year, relations between the company and the open source community have been strained.
First, the software firm had to backtrack on plans to introduce an option to collect telemetry data after a backlash from contributors. The company put the incident down to an error of communication.
Later, Muse Group ruffled feathers with a new Contributor License Agreement (CLA) for Audacity, which contributors were required to sign if they wanted to continue to work on the project. This new agreement also stipulated that Muse Group must be given unrestricted rights to all contributions.
A significant portion of the community felt the new CLA compromised the values of the open source ecosystem, built around the concepts of transparency and collaboration, by allowing Muse Group to use code submitted by contributors in other non-open source projects.
As reported by The Register, a yet-to-be named project published by GitHub user cookieengineer effectively rolls back Audacity to a build that preceded the controversial changes. The code can be made to compile but, lacking the polish of the original, is not yet accessible for non-technical users.