Audacity says it is 'deeply sorry' for privacy policy fiasco, publishes lengthy update and explanation
The development team behind Audacity learned the hard way that people do not take kindly to the introduction of telemetry, particularly when communication is poor.
Over the last few months, there has been a very public debacle involving Audacity's proposed changes to its privacy policy. It resulted in the software being branded "possible spyware" and led to explanations, apologies and backtracking. Now the team behind the open source audio editor has published its updated privacy policy along with a lengthy explanation about various elements of it and an apology for the "significant lapse in communication".
See also:
- Audacity responds to concerns about its controversial privacy policy
- Audacity branded 'possible spyware' after controversial privacy policy update
- Audacity bows to public pressure and says it will NOT collect telemetry data from users
In its apology, the Audacity team blames the fact that the privacy policy was prepared as a legal text which resulted in the use of phrasing that was unclear to many people. Learning from this, the developers say: "From now on we will provide context for changes we make to the policy in a user friendly way".
In the introduction to fairly lengthy post that apologies and explains without either grovelling or patronising, the team says:
We are introducing a revised privacy policy to address the concerns raised with the previous privacy policy published earlier in July. The original policy, which was drafted in anticipation of the release of Audacity 3.0.3, received a large amount of media attention due to the inclusion of a few key provisions that appeared to some to violate promises we had previously made. We want to address the issues that were raised, give assurances about our intentions, and provide verifiable proof of what information is actually sent from Audacity. The new privacy policy uses clearer language that we hope will explain our intentions more accurately this time. We are deeply sorry for the significant lapse in communication caused by the original privacy policy document.
There is quite some detail given about the meaning of what is mean by different elements of the new policy and the telemetry involved. The Audacity team is eager to be seen as being open with its users, and keen to make it clear that there is nothing untoward going on.
The posting is summarized as:
- Phrasing has been adjusted to remove ambiguity or aid in transparency, in particular that we do not collect any additional information for law enforcement or any other purpose
- We have explained the purpose of the two networking features, error reporting and update checking
- We have removed the provision that discourages children under 13 years old from using Audacity
- We have taken steps to ensure that we never store a full IP address (we now truncate it before hashing or discard it entirely) and have reflected this change in the privacy policy document
- We have made some changes to how we process error reports to ensure that we never store any potentially identifiable information
Addressing some of the accusations that have been leveled at it in recent times, Audacity says:
It is verifiably untrue that we hid the exact data being collected. As noted by journalists who investigated the issue, Audacity is free and open source software, and an inspection of its source code shows that the data it shares is extremely limited. This was already the case at the time the original privacy policy was published and has not been changed since, as can be confirmed from the commit history in our repository and in others.
The post concluded by reiterating the apology, and inviting questions to be posted from anyone with concerns.
You can read through the full posting over on GitHub, while the updated privacy policy is available here.