Those 13 year old may end up using audacity for the development, design, manufacture, or production of nuclear, missile, or chemical or biological weapons. Kids are up to crazy things these days.
Copyright holders have complete freedom to license tehir work under any terms they like. I believe it's actually legal to sell commercial use licenses for GPL'd code for example. Or to switch licenses for all future releases.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
I can see several possible readings. The first sentence seems to regard "use" as out of scope, and therefore, MuseScore could be well within their rights to restrict it. But the second sentence then seems to grant an unrestricted right to run the program, which this policy denies for people under 13.
edit: GPLv3 says:
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
I can't see this being allowed under GPLv3. And the GPL is pretty clear that in "GPLv2 or later" situations, it's the user who chooses.
It is beginning to look like Audacity and MuseScore were both purchased for the purpose of extending the domain of copyright-infringement to the act of using these tools in an unsanctioned manner.
To quote:
• For legal enforcement • Data necessary for law enforcement, litigation and authorities’ requests (if any) • Legitimate interest of WSM Group to defend its legal rights and interests
It is unclear from the above what kind of legal enforcement they have in mind. A telemetry advanced enough for copyright-enforcement is also advanced enough to be abused to steal the work of people without the means or knowledge required for legal recourse.
Will instruments start listening in on what's being played at the campfire to ensure that college students don't infringe on the "rights" of copyright-holders? Will construction tools start snitching on people who don't call in the appropriate union help for the job to be done?
I can use ffmpeg from sources for most use cases, but this non-privacy policy taints my impression of the project.
There was a really nice blog post and intro from the new product manager for Audacity some months ago talking about the new governance, and he seemed very earnest and positive, but looking at this privacy agreement, I'd wonder how much executive power earnest people could have in it.
Thinking the solution to this may be a privacy patch that carves out this data collection code. I really don't want to have to comb through sources or binaries for watermarking features and other spy tools.
One thing that does not appear mentioned in the table of data they collect is When they collect your OS and IP address, and what other metadata about your project files gets collected.
Let's say I am processing some sensitive media, or even analyzing politically provocative materials, do hashes of it or identifiable information about my content get sent to Audacity that can be compared online?
Given the Data Controller in that privacy agreement is regstered in Russia, if I use Audacity to do audio forensics on purported Russian propaganda media, does that mark out my IP/OS and identifiers to them? This seems like an extreme question, but the tools that are going to be used to fight deepfakes are going to (or were going to) include tools like Audacity.
Under what they collect about you:
> "Data necessary for law enforcement, litigation and authorities’ requests (if any)"
So an unspecified blob of law enforcement data, which is anything they want. This is not a privacy commitment. I can see why there was some controversy on the project.
The obvious question is, "we're a commercial service who is now responsible for this, and things are complicated, so what would you have us do?"
The answer is: facilitate completely offline, and anonymous use of the open source parts of the code, potentially by allowing users to flag privacy invading code as off at compile time.
> There was a really nice blog post and intro from the new product manager for Audacity some months ago talking about the new governance, and he seemed very earnest and positive, but looking at this privacy agreement, I'd wonder how much executive power earnest people could have in it.
IIRC the new guy wants telemetry to help improve the program; and if you grant that telemetry is a thing this seems pretty bog standard.
> Data necessary for law enforcement, litigation and authorities’ requests (if any)
I'm not sure this really tells me what "Personal Data they collect". It feels more like a restatement of the purpose for collection ("Why we collect it - For legal enforcement"), and hardly in the spirit of the "very limited types of Personal Data that we may collect"
If you're looking for a good alternative to Audacity for doing audio recording/production I recommend Ardour. (https://ardour.org/)
Sadly you have to pay to download it from their site, but if you compile it yourself on Windows/MacOS or install it through the repositories of your Linux distro, the full version is available. Or download builds here: https://archive.org/download/ardour-6-builds (I haven't tested these so proceed with caution.)
This is often just the directory in 'Program Files' and 'Program Files (x86)' and possibly a few files or directories under it that for some reason the uninstaller was not expecting. It might also be worth looking in ProgramData and it is possible that the uninstaller left some Registry data. In terms of impact it is not likely to be significant.
Thanks for the reply, that's kinda what I thought. I can see the advantages keeping some things around, but man I like a complete remove all option and not something vague.
36 comments
[ 4.5 ms ] story [ 68.6 ms ] threadThis is farcical.
You just cannot revoke existing license terms.
edit: GPLv3 says:
I can't see this being allowed under GPLv3. And the GPL is pretty clear that in "GPLv2 or later" situations, it's the user who chooses.It may mean you can’t distribute at all if you can’t comply with the law and the license.
To quote:
• For legal enforcement • Data necessary for law enforcement, litigation and authorities’ requests (if any) • Legitimate interest of WSM Group to defend its legal rights and interests
It is unclear from the above what kind of legal enforcement they have in mind. A telemetry advanced enough for copyright-enforcement is also advanced enough to be abused to steal the work of people without the means or knowledge required for legal recourse.
Will instruments start listening in on what's being played at the campfire to ensure that college students don't infringe on the "rights" of copyright-holders? Will construction tools start snitching on people who don't call in the appropriate union help for the job to be done?
Where does this end?
In the context of Audacity, wherever a community-managed fork begins (à la LibreOffice)—at least until it gets bought out (à la CentOS).
It could maybe be ended in the bugtracker if enough people complain - there is an entry for this already:
https://github.com/audacity/audacity/issues/1213
[0] https://old.reddit.com/r/linux/comments/od3h8b/audacity_may_...
There was a really nice blog post and intro from the new product manager for Audacity some months ago talking about the new governance, and he seemed very earnest and positive, but looking at this privacy agreement, I'd wonder how much executive power earnest people could have in it.
Thinking the solution to this may be a privacy patch that carves out this data collection code. I really don't want to have to comb through sources or binaries for watermarking features and other spy tools.
One thing that does not appear mentioned in the table of data they collect is When they collect your OS and IP address, and what other metadata about your project files gets collected.
Let's say I am processing some sensitive media, or even analyzing politically provocative materials, do hashes of it or identifiable information about my content get sent to Audacity that can be compared online?
Given the Data Controller in that privacy agreement is regstered in Russia, if I use Audacity to do audio forensics on purported Russian propaganda media, does that mark out my IP/OS and identifiers to them? This seems like an extreme question, but the tools that are going to be used to fight deepfakes are going to (or were going to) include tools like Audacity.
Under what they collect about you:
> "Data necessary for law enforcement, litigation and authorities’ requests (if any)"
So an unspecified blob of law enforcement data, which is anything they want. This is not a privacy commitment. I can see why there was some controversy on the project.
The obvious question is, "we're a commercial service who is now responsible for this, and things are complicated, so what would you have us do?"
The answer is: facilitate completely offline, and anonymous use of the open source parts of the code, potentially by allowing users to flag privacy invading code as off at compile time.
Did you confuse the project or they are related somehow?
IIRC the new guy wants telemetry to help improve the program; and if you grant that telemetry is a thing this seems pretty bog standard.
I'm not sure this really tells me what "Personal Data they collect". It feels more like a restatement of the purpose for collection ("Why we collect it - For legal enforcement"), and hardly in the spirit of the "very limited types of Personal Data that we may collect"
Sadly you have to pay to download it from their site, but if you compile it yourself on Windows/MacOS or install it through the repositories of your Linux distro, the full version is available. Or download builds here: https://archive.org/download/ardour-6-builds (I haven't tested these so proceed with caution.)
Some Linux distros allow you to install Ardour from their package manager.
On Gentoo it's as simple as typing "emerge ardour"
https://github.com/audacity/audacity
But now its goes further.
"Audacity uninstall complete.
Some elements could not be removed. These can be removed manually."
Anyone aware of what elements and where? I see it left some configs in AppData.