this post was submitted on 13 Feb 2024
501 points (97.2% liked)

Technology

59358 readers
6724 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] wewbull@feddit.uk 51 points 9 months ago (3 children)

I thought audacity was tarnished with spyware or something these days. Is it safe again?

[–] xor@infosec.pub 89 points 9 months ago (3 children)

after looking into it:
it's not and it never was.
a) it's open source, so nobody's putting that shit in there without getting caught
b) it had an opt-in error reporting feature that would send data back... that was the entire thing...

[–] drislands@lemmy.world 22 points 9 months ago (3 children)

What? You must be joking. Really? The entire thing was about opt-in error reporting?

.... seriously, that can't be it, can it?

[–] eager_eagle@lemmy.world 32 points 9 months ago* (last edited 9 months ago) (1 children)

Not really that simple, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.

https://github.com/audacity/audacity/issues/1213

Changes were eventually reverted or revised.

[–] doctorcrimson@lemmy.world 6 points 9 months ago* (last edited 9 months ago)

Were they reverted? I'll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I'm not downloading it, Open Source projects generally don't need telemetry to begin with.

[–] xor@infosec.pub 10 points 9 months ago

yep... really just that...

i've used it forever with a very restrictive firewall and i've never seen it do anything unexpected... or any phoning home at all...

[–] books@lemmy.world 6 points 9 months ago (3 children)

Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn't malicious? I can barely read my coworkers code... Let alone a strangers.

[–] xor@infosec.pub 6 points 9 months ago

people are definitely going through the code on a project as popular as audacity...
less well known stuff is much less scrutinized, of course

[–] aidan@lemmy.world 3 points 9 months ago

Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.

[–] lemmeee@sh.itjust.works 2 points 9 months ago

If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.

[–] InfiniWheel@lemmy.one 74 points 9 months ago

It was a pull request to add opt-out analytics that got blown out of proportion, where the real issue was the EULA and how tonedeaf of a move it was considering the community around Audacity. IIRC, they ended up replacing it with opt-in analytics.

[–] RmDebArc_5@lemmy.ml 11 points 9 months ago

Not really, but there is a fork called tenacity which fixes this