Right, but that's just boilerplate you'll find on any such agreement. It means that they may be compelled legally to provide whatever information they collect and that you should be aware of that fact. It's not like they're secretly plotting ways to steal your secrets.
Count me on Team Crash Report, for sure. Anyone who's worked on any kind of project like this knows how valuable live user telemetry is. These features make software better for all of us. If you really don't like them don't use them and carefully audit the opt-out mechanism to make sure it works. Don't throw poop on the walls.
It is not about steal secrets. In almost every single privacy focused discussion, one side always built up this argument about "stealing secrets" in order to provide counter arguments.
Software should not collect information in the first place if it may get necessary for law enforcement, litigation and authorities to demand it. If the information is interesting for a third-party then the collection filter is not fine grained.
Live user telemetry does not have to mean Personal Data. If I know that 80% of users who download version 1.2.3 got a crash within 5 minutes, which living person can I identify with it? If I however get download logs of IP addresses, browser identity tags, file names, windows profile names, user directory names (and so on), then that cash report is providing unnecessary personal data.
If I have access to the crash reports, can I do business intelligence gathering? Can I discover information which gives stock market insights? If the answer is yes, then you are collecting too much information.
The only reason to not publish all crash reports openly on the web for anyone to download should be undiscovered security vulnerabilities. The data itself should be inert.
I assume you have not read these type of privacy policies before, but it's extremely common for web sites and online services to disallow children under 13, at least in the US because of COPPA compliance. In general, it is illegal for commercial entities operating in the US to collect data on children under 13 (although in some cases there are some exceptions). See for example the Github privacy policy which includes a similar clause: https://docs.github.com/en/github/site-policy/github-privacy...
This is a perfect example of how the less money you charge, the worse your users will behave. Audacity is collecting crash reports. Plenty of software collects crash reports. Crash reports are necessary for building reliable desktop software.
For some reason free (gratis) software attracts the most entitled users ever. If I were in charge of Audacity I'd be inclined to charge a $1 "distribution fee" just to weed these users out.
I don't think this is an example of entitled users.
I think rather it is rather an example of an external company (Muse group) not understanding the community behind the piece of software they have taken over.
Why is the crash report collecting information about children, and not filtering out the information so only information about the software is collected?
I'm not sure what you mean, these laws aren't strictly concerning telemetry. Did you mean that telemetry is bad because children under 13 years old could accidentally use it? If so, that's the purpose of the law -- to prevent that. You can sue a company that is found to be unlawfully collecting data on children.
I'm not sure what you mean. It can still be operated offline, in which case there is no telemetry sent. The analytics is just another service that you can use.
Audacity is not a website or online service. It's a completely offline audio editing program that has worked fine without telemetry for over twenty years. My kids were using it just fine, and now they're suddenly not allowed to and the only difference is the telemetry.
Yeah I’m kinda confused with the huge amount of anger surrounding this. Yes the text is scary, and it’s scary because being made aware that governments do have the power to make pretty much everyone turn over information they have on you isn’t fun. But this really isn’t Audacity’s problem specific.
This still requires the adversary to coerce your friends/family members into snitching on you - it involves effort and risk for them and doesn't scale.
Compromising a telemetry server is a one-off operation, would work at scale and is much less risky as the targets have no way to detect it.
With that, I would say good luck troubleshooting your server if you don't collect any logs whatsoever. I wonder how you would even protect against bruteforcing and DDOS attacks if you never stored IP addresses for any amount of time.
The issue here is that the server you downloaded the desktop app from is. You can reduce the amount of this you have to deal with by shipping a native app, but you can't get rid of it entirely as long as you plan to host a web site or a download of something, or if you plan to let users communicate useful things back to you (such as their hardware specs, OS version, crash reports, usage patterns, etc).
I'm personally not confused, just disappointed. Sadly I've seen far too many FOSS discussions that become overrun with irrationally paranoid rhetoric, sometimes bordering on the reactionary. This stuff is nothing new. You'd think that with the ability to quickly check the code and recompile it to get rid of any unwanted bits, that would make this kind of attitude go away, but for whatever reason it only seems to make it worse.
It's usually what happens when a software project has a lawyer involved. Copy left spooks people, anonymous contributions that may or may not be licensed spook people, lack of a privacy policy spooks people, etc.
In my opinion, if it's desired to have FOSS driven by individual contributors, the legal education aspect for each contributor is just as important as the contributors knowing how to code. Sadly I think some projects are way behind on that.
The division happened when they added telemetry to Audacity. Forking it is the only move forward. Time will judge the projects on their own merits. In the meantime, we can all at least rest well knowing the chance to defend against greed is available to us because of FOSS.
Complacency about these things is how our freedoms get eroded. At some point these organizations need to be called out for such behavior to send a message to the rest of the corporate world looking to sink their claws into OSS acquisitions.
This specific complaint seems to be about data privacy, not about a freedom being eroded.
Also, since you can fork it, as has been previously mentioned, there seems to be no purpose in objecting to this type of FOSS acquisition. Worst case, the project ends as it was before the acquisition, with no corporate support or funding whatsoever, at which point it seems it won't make any difference whether there was a complaint or not.
> When do we share your information with others? ...When the law requires it. We follow the law whenever we receive requests about you from a government or related to a lawsuit.
Maybe I'm nitpicking here, but isn't Mozilla saying they will share any data they've already collected with law enforcement (which should be just basic telemetry stuff) while the Audacity EULA says it will actively collect data if compelled by law enforcement ? Doesn't that imply collecting any other type of data LE wants? Again maybe the exact wording makes no real difference but the way it is phrased can make it enough of a valid concern to "justify' a fork imo.
Count me on Team Crash Report, for sure. Anyone who's worked on any kind of project like this knows how valuable live user telemetry is. These features make software better for all of us. If you really don't like them don't use them and carefully audit the opt-out mechanism to make sure it works. Don't throw poop on the walls.