Skip to Main Content

Is Audacity Really Spyware?

Audacity 3.0 will start collecting limited personal data for sharing with law enforcement and third parties.
Close up shot of a computer screen showing a waveform sound visualization in an audio editing software.
Credit: Hernan E. Schmidt - Shutterstock

Audacity is an open-source audio editor popular among podcasters and musicians. In May 2021, Audacity was acquired by Muse group, and this is where the story begins.

On July 2, Muse Group quietly updated Audacity’s privacy policy with new terms copied straight from the Muse Group’s own privacy policy. The new privacy policy states that the app will collect limited personal information to improve the application, and notes the company may share your personal data with law enforcement and sell it to potential buyers.

According to FossPost:

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

Audacity doesn’t have accounts or profiles, so it doesn’t know your name, email address, or other personal information. But it will collect things like your IP address, OS version, OS name, CPU details, error codes, and crash reports.

In the “For Legal Enforcement” section, the policy says “Data necessary for law enforcement, litigation and authorities’ requests (if any).” This is ambiguous and up for interpretation. Real IP addresses are stored for one day, and then they are hashed. But that may be enough for local governments to find your location using a data request.

The data is stored in European Economic Area, but personal data might be occasionally shared to the group’s head office in Russia and external counsel in the United States. This means the company will have to comply with data requests from both Russia and the United States.

Another concerning part is how Audacity outright says minors under the age of 13 should not use the application, because minors can’t consent to privacy policies in GDPR regions.

As it stands, there’s no evidence to suggest Audacity is leaking your private information, or the audio that you’re using in Audacity, to any third parties or governments. But just the fact that Audacity has this new privacy policy (without an opt-out) is upsetting news for many users who feel an offline, open-source audio editor developed and supported by volunteers shouldn’t be collecting user data.

If that is your stance, it would be best to discontinue using Audacity, or to use an older version (the new privacy policy kicks in with the 3.0 update). You can also try switching to another audio editor like Reaper, or Dark Audacity (which is based on an older version of Audacity, with a more modern interface).

[VIA: Fosspost]