[evgpbfhnr]

Speaking of which, how did that "audacity isn't FOSS" fuss end up? A quick search shows tenacity is still active ( https://codeberg.org/tenacityteam/tenacity ) but I have no idea how much the projects kept interacting after the initial debate

[Conscat]

Tenacity is distinct in more fundamental ways that just not being copyright infringement (for one, it uses a different GUI toolkit and is way slower and buggier), so its appeal at this point isn't closely related to whether people like Muse or not.

[actionfromafar]

Would be nice with a fork which followed Audacity closely but without the telemetry. (Like VS Codium I suppose.)

[LWinterberg]

This fork exists and it's called Audacity. Audacity doesn't have any telemetry, the PR never got merged. And any online functionality it does have (automatic update checking, crash reporting) can be turned off.

[nyanpasu64]

Perhaps remove the "Share Audio" ~~ad~~ button in the toolbar?

[LWinterberg]

Feel free to! View > Toolbars > Share Audio toolbar disables it. Compiling from source has it disabled by default.

[Eduard]

Auditorium :)

[LWinterberg]

It's complete BS. Audacity never stopped being open source and currently has update checking and crash reporting - it does not have any telemetry.

[didntcheck]

And telemetry isn't even a bad thing. Firefox has had more extensive telemetry than Audacity for years. This idea that it's evil and nefarious to collect voluntary statistics on program usage to better target (limited) development resources is quite eye-rolling

[mlry]

How about calling it evil and nefarious to speak about voluntary statistics when it is not opt-in, but opt-out? There are users out there who will agree to anything. But I doubt those are the ones that really should direct the evolution of a piece of software. And almost no users will agree to telemetry when openly asked what we are talking about. And I have yet to be convinced that telemetry is actually as useful as proclaimed. I don't really see Firefox moving in a direction that enhances user experience based on gathered data. Windows, anyone?

[LWinterberg]

In the context of Audacity, telemetry already would have been useful: A previous version removed the cut/copy/paste buttons, thinking that people normally used ctrl+x/c/v. However, in practice this turned out to only be half-true: while cutting in the context of cut-and-paste may have been used with shortcuts, a fairly significant number of Audacity users actually used "the scissors" to cut (as in: delete) content and came to the forum to complain because their core workflow was broken.

This sort of situation is bad for everyone: People get their workflow broken, devs need to do work to remove and later reinstate a feature, and privacy-minded people who want to complain need to share name and email to sign up on a forum for an account. In addition, it is hard to gauge what significance the forum posts have: If 100 people are complaining, are they a vocal minority of the millions of users Audacity has, or are they representative of most people?

This is especially true considering Audacity is the sort of casual "useful toolbox USB stick" program for many people - they're not going to closely follow development and updates or participate in polls or surveys, simply because it's not a part of their life they care about that much. This situation is different for something like Blender in which the tool tends to be a major part of your hobby or job if you use it at all. Although, saying that: This is a hypothesis based on my perception which cannot be verified as neither Blender nor Audacity track this data.

With telemetry (which for Audacity would have been a "do you want telemetry yes/no"-type dialog on first launch) the question "does anyone actually use the cut/copy/paste buttons?" would have been answered with "actually, yes", things would have been done differently, nobody's workflows would have been broken, and privacy-minded folks would not have needed to put emails on a forum which may or may not get hacked in the future.

In some sense, even people who disable telemetry benefit from telemetry being an option - assuming that their needs are in aggregate otherwise similar to the average user.

[nemetroid]

They did introduce a mandatory CLA which allows for using the code in non-GPL ways, even noting that this was the purpose of introducing the CLA.

https://github.com/audacity/audacity/discussions/932

[LWinterberg]

Indeed:

> Audacity's source code is currently released under the GNU General Public License version 2 (GPLv2). We intend to update the license to GPLv3 to enable support for new technologies not compatible with GPLv2 (i.e. - VST3, which is compatible with GPLv3).

VST3 is dual licensed with some Steinberg license and GPLv3. The purpose of the CLA was to be able to migrate Audacity binaries to GPLv3 with VST3 support. This has happened as of Audacity 3.2.

Other uses for the CLA are to publish the thing in app stores down the road. It's not stopping Audacity being open source, unless you consider Apache software not open source.

[nemetroid]

Migrating to GPLv3 and publishing in app stores was clearly not the only purpose. The linked page says as much.

> The CLA also allows us to use the code in other products that may not be open source, which we intend to do at some point to support the continued development of Audacity.

I am well aware that you're allowed to do this with permissively licensed code, too.

[0cf8612b2e1e]

I recently needed to do some sound editing, and I had a dreadful experience with Tenacity. Running on PopOS, I encountered many crashes doing simple manipulations. Even trying to scroll while playing audio ostensibly resulted in a crash. Small favor, the restore-unsaved-work functionality did save me several times.

Eventually, I held my nose and ran Audacity in a VM, and not a single crash.

[nine_k]

Running in a VM is drastic. I'd go for bubblewrap, or a plain container. Can cut network access all right.

[0cf8612b2e1e]

Indeed, there are other options, but a VM is the only one in which I feel safe that I do not screw up the configuration somehow. Docker can punch through a firewall, what other “obvious” settings exist in whatever lockdown option I pick?

Barring a VM escape exploit, I know that my private data is not getting exposed.

[Intralexical]

Ardour's pro-grade, isn't it? Maybe not as easy to start with as Audacity, but surely easier and more useful to set up than Audacity in a VM.

[djur]

If you don't trust Audacity, why would you trust Ardour?

[djur]

Why would you run Audacity in a VM?

[Arnavion]

FWIW it was never an issue for Linux distribution packages of Audacity. It was behind a compile-time flag so distro build scripts could have been changed to disable the telemetry. In fact the flag was disabled by default, so distro build scripts didn't even need to change and would've continued producing telemetry-free binaries.

Only binaries from Audacity themselves had the telemetry, which (as usual) is why you should never use upstream binaries.

[RockRobotRock]

seems like its because they tried to add basic telemetry?

[KMnO4]

Yes, they updated their privacy and data collection policy.

That’s kinda the blessing and the curse of FOSS. You absolutely can fork the repo, remove the telemetry, and republish it as a new app.

But fragmentation is confusing, requires a lot of maintenance, and really I’m not sure it was worth it. Those who are particularly conscious about the telemetry can block it with a single line in /etc/hosts.

[saint_yossarian]

Looks like there's also a build flag to disable all networking, which the Debian package sets: https://salsa.debian.org/multimedia-team/audacity/-/commit/1...

[bscphil]

As does Arch Linux: https://gitlab.archlinux.org/archlinux/packaging/packages/au...

Distributions and open source maintainers looking out for their users, once again.

[radarsat1]

Sure, but it's not even enabled by default in the upstream repository. Maybe that's a result of all the fuss about it, but nonetheless..

https://github.com/audacity/audacity/blob/6c2e8a2377542d6722...

[djur]

The primary network activity Audacity does is checking for updates, which you don't want in a distro-packaged binary in any case. I don't know if it's "looking out for users".

[swyx]

seriously, people who get outraged over telemetry should temper their anger. most of the time the telemetry isn't used to sell your data or something nefarious (its quite useless if you dont even have a login, like audacity does), its just being used to try to improve the product for you.

i write this as someone who's been involved in one too many debates about the perils of introducing telemetry to a commercial open source thing because "HN would tear us apart"

[0cf8612b2e1e]

The problem is you never know what they will share. Today, they just want to track which buttons get clicked. Tomorrow, maybe some eager PM wants to upload all of my environment variables.

If it can fully run locally on my machine, I do not want it sending anything external.

Lastly, as an abused Firefox user, it seems that telemetry is only ever used to justify removing features I like.

[saintmatthieu]

> it seems that telemetry is only ever used to justify removing features I like

If the removed features are only features you like, then they probably aren't doing things right... The one most relevant purpose for telemetry I see for Audacity is precisely preventing this from happening, meanwhile fostering a more vigorous growth of the repo by cutting off dead branches. Audacity is over 20 years of development of features, some of which we every now and again wonder if they're still used. Not knowing, we try our best maintaining these, which slows down Development, QA and Design in delivering features that are relevant now.

[djur]

The problem with this argument is that there's no reason to believe a slippery slope exists. It's just as easy to go from "no tracking" to "digital colonoscopy" as it is when your starting point is "anonymized crash reporting". Any new release of any software could start spying on you.

[mehlmao]

The developers who acquired Audacity had previously threatened to have someone deported to China and tortured over their API. https://www.theregister.com/2021/07/20/muse_group_deportatio...

[averageRoyalty]

I did some basic digging and this is at best a misrepresentation[1].

The original email appears to indicate they intended to contact CCP authorities. The inference I took is that they believed the developer was in China.

Later they stated that violation of law in Canada could result in revocation of visa.

So "threated to have someone deported" is maybe a stretch, "tortuted" is pretty untrue.

The github issue appears to show a pretty reasonable attempt by both parties to move forward.

1. https://github.com/Xmader/musescore-downloader/issues/5#issu...

[mehlmao]

Musegroup's head of strategy posted the following and removed it later after backlash:

"If found in violation of laws, residency may be revoked and he may be deported to his home country. This becomes even further complicated given another repo of his – 'Fuck 学习强国', which is highly critical of the Chinese government. Were he deported to China, who knows how he may be received."

Hard to take that as anything but a threat. My point stands that Musegroup has proven that they should not be trusted with any information about users.

[sneak]

It’s a consent violation. That always warrants anger. The purpose for violating consent is irrelevant.

Using a user’s computer to spy on them when they don’t want it to is extremely rude, in all cases, even if the surveillance data is thrown away and never used.

Developers who implement such features should be named and highlighted and should have trouble finding new jobs. It’s shady and unethical to make such software, doing so should be a black mark on one’s professional record, just like stealing. It is literally malware.

Your assumption that violating consent is ok as long as it isn’t “nefarious” is the problem.

[nemetroid]

The reason for the "non-FOSS" accusations was not related to the introduction of telemetry, but the new CLA. But they did this around the same time they tried to add (but backed out) telemetry, so people tend to confuse the two events. Which I guess is helpful for Muse.

https://github.com/audacity/audacity/discussions/932

[actionfromafar]

And marking it PG-13 :-D