[ajross]

Right, but that's just boilerplate you'll find on any such agreement. It means that they may be compelled legally to provide whatever information they collect and that you should be aware of that fact. It's not like they're secretly plotting ways to steal your secrets.

Count me on Team Crash Report, for sure. Anyone who's worked on any kind of project like this knows how valuable live user telemetry is. These features make software better for all of us. If you really don't like them don't use them and carefully audit the opt-out mechanism to make sure it works. Don't throw poop on the walls.

[belorn]

It is not about steal secrets. In almost every single privacy focused discussion, one side always built up this argument about "stealing secrets" in order to provide counter arguments.

Software should not collect information in the first place if it may get necessary for law enforcement, litigation and authorities to demand it. If the information is interesting for a third-party then the collection filter is not fine grained.

Live user telemetry does not have to mean Personal Data. If I know that 80% of users who download version 1.2.3 got a crash within 5 minutes, which living person can I identify with it? If I however get download logs of IP addresses, browser identity tags, file names, windows profile names, user directory names (and so on), then that cash report is providing unnecessary personal data.

If I have access to the crash reports, can I do business intelligence gathering? Can I discover information which gives stock market insights? If the answer is yes, then you are collecting too much information.

The only reason to not publish all crash reports openly on the web for anyone to download should be undiscovered security vulnerabilities. The data itself should be inert.

[fartcannon]

Audacity has gone as far as banning use of it for children. If that doesn't trigger an alarm for you, what would?

[_d7dt]

I assume you have not read these type of privacy policies before, but it's extremely common for web sites and online services to disallow children under 13, at least in the US because of COPPA compliance. In general, it is illegal for commercial entities operating in the US to collect data on children under 13 (although in some cases there are some exceptions). See for example the Github privacy policy which includes a similar clause: https://docs.github.com/en/github/site-policy/github-privacy...

[fartcannon]

Yes, seems like a pretty strong indication that telemetry is bad. Which is the point. Which is why we are all going to use the fork now.

[zarzavat]

This is a perfect example of how the less money you charge, the worse your users will behave. Audacity is collecting crash reports. Plenty of software collects crash reports. Crash reports are necessary for building reliable desktop software.

For some reason free (gratis) software attracts the most entitled users ever. If I were in charge of Audacity I'd be inclined to charge a $1 "distribution fee" just to weed these users out.

[okeuro49]

I don't think this is an example of entitled users.

I think rather it is rather an example of an external company (Muse group) not understanding the community behind the piece of software they have taken over.

[belorn]

Why is the crash report collecting information about children, and not filtering out the information so only information about the software is collected?

[zarzavat]

It's just ass-covering legal boilerplate the same as how some software says that you can't use it in a nuclear power facility.

[mixmastamyk]

Users will behave? Someone missed the point of libre software. A primary tenet is trust.

[zecg]

Free as in freedom software produces even more entitled users, since we are entitled to fork the project and do it differently.

[_d7dt]

I'm not sure what you mean, these laws aren't strictly concerning telemetry. Did you mean that telemetry is bad because children under 13 years old could accidentally use it? If so, that's the purpose of the law -- to prevent that. You can sue a company that is found to be unlawfully collecting data on children.

[ginko]

Telemetry for Audacity is bad because it precludes children from using the software without any real reason.

[fartcannon]

Spyware by any name is bad, and this law acknowledges it, so far as to protect children.

[_d7dt]

Generally, no, that's not what that law in the US is acknowledging. It doesn't make any special consideration for any definition of "spyware" or any other similar concept, it talks about all kinds of data collection, including ones that would be otherwise voluntary and beneficial for an adult. There might be some other US law that talks about that, but COPPA doesn't.

[pmlnr]

> it's extremely common for web sites and online services

This - audacity - is supposed to be a bloody offline desktop app.

[_d7dt]

I'm not sure what you mean. It can still be operated offline, in which case there is no telemetry sent. The analytics is just another service that you can use.

[pmlnr]

OFFLINE.

No connection to ANY online service, including telemetry.

That is what I meant.

[stonogo]

Audacity is not a website or online service. It's a completely offline audio editing program that has worked fine without telemetry for over twenty years. My kids were using it just fine, and now they're suddenly not allowed to and the only difference is the telemetry.

[justshowpost]

Doesn't matter how common it is. There is no practical need for collecting that data and... *puff* the obstacle magically disappears.

[Spivak]

Yeah I’m kinda confused with the huge amount of anger surrounding this. Yes the text is scary, and it’s scary because being made aware that governments do have the power to make pretty much everyone turn over information they have on you isn’t fun. But this really isn’t Audacity’s problem specific.

[Nextgrid]

> governments do have the power to make pretty much everyone turn over information they have on you isn’t fun

Unless you do not collect said information in the first place.

[pjmlp]

There are plenty of ways to collect said information, it isn't a couple of log files that are going to save anyone.

Try to live in a society where everyone, including your closest family members, might collect such information.

https://en.wikipedia.org/wiki/PIDE

[Nextgrid]

This still requires the adversary to coerce your friends/family members into snitching on you - it involves effort and risk for them and doesn't scale.

Compromising a telemetry server is a one-off operation, would work at scale and is much less risky as the targets have no way to detect it.

[pjmlp]

Some never needed to be coerced, that is the whole issue.

[_d7dt]

With that, I would say good luck troubleshooting your server if you don't collect any logs whatsoever. I wonder how you would even protect against bruteforcing and DDOS attacks if you never stored IP addresses for any amount of time.

[Nextgrid]

But unlike a server, a desktop app isn't vulnerable to any of those issues that would require logs to defend against.

[_d7dt]

The issue here is that the server you downloaded the desktop app from is. You can reduce the amount of this you have to deal with by shipping a native app, but you can't get rid of it entirely as long as you plan to host a web site or a download of something, or if you plan to let users communicate useful things back to you (such as their hardware specs, OS version, crash reports, usage patterns, etc).

[_d7dt]

I'm personally not confused, just disappointed. Sadly I've seen far too many FOSS discussions that become overrun with irrationally paranoid rhetoric, sometimes bordering on the reactionary. This stuff is nothing new. You'd think that with the ability to quickly check the code and recompile it to get rid of any unwanted bits, that would make this kind of attitude go away, but for whatever reason it only seems to make it worse.

[duped]

It's usually what happens when a software project has a lawyer involved. Copy left spooks people, anonymous contributions that may or may not be licensed spook people, lack of a privacy policy spooks people, etc.

[zxzax]

In my opinion, if it's desired to have FOSS driven by individual contributors, the legal education aspect for each contributor is just as important as the contributors knowing how to code. Sadly I think some projects are way behind on that.

[fartcannon]

They are! They've forked it. Now you and like-minded folks here can use the spyware version, and the rest of us will use the clean one.

[_d7dt]

Please don't do this, this is needlessly divisive. You don't have to make these (incorrect) assumptions about me and what I will use.

[fartcannon]

The division happened when they added telemetry to Audacity. Forking it is the only move forward. Time will judge the projects on their own merits. In the meantime, we can all at least rest well knowing the chance to defend against greed is available to us because of FOSS.

[_d7dt]

I understand that you feel upset that they added something that you didn't want, but you don't have to continue adding to the division and cynicism. Forking is not the only move, and I would actually suggest against it -- what you want is simply a build with the telemetry disabled. I don't think you want to throw away any other new features that aren't related to the telemetry (and in fact, you may still be able to indirectly benefit from it that way if it leads to some valuable product insights from them). So characterizing this as greed seems to not make so much sense. If they were getting super rich off this and not making any other improvements then maybe you could say that, and I would join you in saying hey, something's not right here, but that doesn't seem to be the case.

[kevin_thibedeau]

Complacency about these things is how our freedoms get eroded. At some point these organizations need to be called out for such behavior to send a message to the rest of the corporate world looking to sink their claws into OSS acquisitions.

[_d7dt]

This specific complaint seems to be about data privacy, not about a freedom being eroded.

Also, since you can fork it, as has been previously mentioned, there seems to be no purpose in objecting to this type of FOSS acquisition. Worst case, the project ends as it was before the acquisition, with no corporate support or funding whatsoever, at which point it seems it won't make any difference whether there was a complaint or not.

[kevin_thibedeau]

It's about using legal threats to bully others and justify unethical behavior.

[_d7dt]

Specifically, which legal threats and unethical behavior are you referring to?

[xtanx]

> Right, but that's just boilerplate you'll find on any such agreement.

Do you have any examples for OSS? Because i do not believe that to be true.

[veeti]

https://www.mozilla.org/en-US/privacy/

> When do we share your information with others? ...When the law requires it. We follow the law whenever we receive requests about you from a government or related to a lawsuit.

[mardifoufs]

Maybe I'm nitpicking here, but isn't Mozilla saying they will share any data they've already collected with law enforcement (which should be just basic telemetry stuff) while the Audacity EULA says it will actively collect data if compelled by law enforcement ? Doesn't that imply collecting any other type of data LE wants? Again maybe the exact wording makes no real difference but the way it is phrased can make it enough of a valid concern to "justify' a fork imo.