Audacity responds to concerns about its controversial privacy policy
Following yet another vocal backlash against a new privacy policy, the makers of open-source audio editor Audacity have responded to concerns, blaming "unclear phrasing" in its policy update.
While a previously proposed policy change was not implemented because of the negative response from users, it does not seem that this latest change will be halted. Instead, the developers say that it will be rectifying what it regards as poor wording, and goes to some lengths to explain the reasons for the changes in an attempt to justify them. While the type of data collected is nothing particularly out of the ordinary, the arrival of telemetry is not something that is welcomed by fans of open source software.
See also:
- Audacity branded 'possible spyware' after controversial privacy policy update
- Audio editor Audacity has the audacity to add telemetry collection -- and users are not happy
- Audacity bows to public pressure and says it will NOT collect telemetry data from users
When the changes were unveiled a few days ago, people were invited to post any questions they had on GitHub -- and this is where the Audacity team has itself posted its "clarification of privacy policy". In what is described as a "quick statement to address the concerns around our new Privacy Policy", the teams says: "We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying".
Audacity adds that it is working with its legal team to produce a revised version of the policy:
We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.
Until this is done, the team says "we would like to clarify what seem to be the major points of concern":
- Selling Data & Sharing - We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.
- Data Collection - Data we collect is very limited.
- IP address - which is pseudonymised and irretrievable after 24 hours.
- Basic System Info - OS version and CPU type.
- Error Report Data (Optional) - Sent manually by users as part of an Error Report.
- Additional Data - We do not collect any additional data beyond the points listed above for any purpose.
- Compliance with Law Enforcement - We will not collect or provide any information other than data described above with with any government entity or law enforcement agency.
- Compelled by Court - Data is not shared upon an agency request; we will do so only if compelled by a court of law in a jurisdiction that we serve.
- Limited Window - After 24 hours the IP address being collected is irretrievably lost.
- Jurisdiction Requirements - We operate in many countries around the world and this is a standard policy requirement for providing services in many jurisdictions, regardless of the depth of data collected or nature of service.
- Offline Use - The Privacy Policy does not apply to offline use of the application.
The post concludes by saying:
In the meantime, the Privacy Policy doesn't actually come into force until the next release of Audacity (3.0.3). The current version (3.0.2) does not support data collection any data of any kind and has no networking features enabled.
Not that this will be of much consolation to those who are concerned, of course.