• xor@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    ·
    9 months ago

    after looking into it:
    it’s not and it never was.
    a) it’s open source, so nobody’s putting that shit in there without getting caught
    b) it had an opt-in error reporting feature that would send data back… that was the entire thing…

    • doctorcrimson@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      That’s not entirely true, Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.

    • books@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn’t malicious? I can barely read my coworkers code… Let alone a strangers.

      • xor@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        people are definitely going through the code on a project as popular as audacity…
        less well known stuff is much less scrutinized, of course

      • aidan@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.

      • lemmeee@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.

    • drislands@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 months ago

      What? You must be joking. Really? The entire thing was about opt-in error reporting?

      … seriously, that can’t be it, can it?

      • Eager Eagle@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        9 months ago

        Not really that simple, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.

        https://github.com/audacity/audacity/issues/1213

        Changes were eventually reverted or revised.

        • doctorcrimson@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          9 months ago

          Were they reverted? I’ll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I’m not downloading it, Open Source projects generally don’t need telemetry to begin with.

      • xor@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        yep… really just that…

        i’ve used it forever with a very restrictive firewall and i’ve never seen it do anything unexpected… or any phoning home at all…

      • doctorcrimson@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        in 2021 Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.

        • Klear@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          9 months ago

          I’ve read this exact or very similar comment from you for the fourth time at least. You’re a spambot as far as I’m concerned.

          • doctorcrimson@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            If it was truly opt in, then why did the community feel the need to create forks removing the telemetry? Plus, a lot of FOSS don’t need telemetry to start with. They get tons of voluntary high quality feedback without automated collection.