Am Sonntag, 4. Juli 2021, 23:52:39 CEST schrieb Neal Gompa:

On Sun, Jul 4, 2021 at 5:28 PM Mathias Homann

wrote:

...

https://twitter.com/KrashHash/status/1411725491581587457

The openSUSE builds of Audacity are not impacted by this. We don't have those issues because that code is disabled in our builds.

Actually, I'm looking at https://build.opensuse.org/package/show/ multimedia:apps/audacity and I don't see which of the patches does that... Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

On 7/5/21 7:27 AM, Carlos E. R. wrote:

On 04/07/2021 23.27, Mathias Homann wrote:

...

https://twitter.com/KrashHash/status/1411725491581587457

The audacity audio editor?

https://en.wikipedia.org/wiki/Audacity_(audio_editor)

«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»

14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.

Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out. Cheers -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

On 7/5/21 2:36 PM, Mathias Homann wrote:

Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:

...

On 7/5/21 7:27 AM, Carlos E. R. wrote:

...

On 04/07/2021 23.27, Mathias Homann wrote:

...

https://twitter.com/KrashHash/status/1411725491581587457

The audacity audio editor?

https://en.wikipedia.org/wiki/Audacity_(audio_editor)

«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»

14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.

Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.

Cheers

but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.

I guess the question here then is more of a is the bigger priority for openSUSE as a project making political statements or useful software for our userbase -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

On 05.07.21 07:06, Mathias Homann wrote:

Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:

...

Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.

but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.

Last time I looked, you needed to explicitly enable the telemetry features during build.

In fact, without being a lawyer, I'm actually wondering if the unpatched, original version would even be legal. Definitely not in the EU.

Only the prebuilt binaries they release contain that feature by default. And it does ask before sending data. Yes, the new "Privacy notice" is crazy, but it does not really affect us right now. Once they make this harder to disable, someone will hard fork the project and everything will be fine again. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman

On 05.07.21 12:47, Carlos E. R. wrote:

I read they changed the license and demand that any change done to the

https://github.com/audacity/audacity/blob/master/LICENSE.txt GPLv2

source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. That's probably something someone in some twitter lynchmob thread implied. I canot see this when cursory glancing at LICENSE.txt -- Stefan Seyfried

"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman

On Mon, 2021-07-05 at 17:49 +0200, Stefan Seyfried wrote:

On 05.07.21 12:47, Carlos E. R. wrote:

...

I read they changed the license and demand that any change done to the

https://github.com/audacity/audacity/blob/master/LICENSE.txt

GPLv2

...

source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. That's probably something someone in some twitter lynchmob thread implied. I canot see this when cursory glancing at LICENSE.txt

https://www.audacityteam.org/about/desktop-privacy-notice/ #3 -- Atri Bhattacharya Mon 5 Jul 18:56:07 CEST 2021 Sent from openSUSE Tumbleweed on my laptop.

Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:

If we build audacity, the data collection features are not enabled, so this does not apply.

Which of the patches that are applied to the audacity package takes care of that? Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

Am 2021-07-06 07:44, schrieb Stephan Kulow:

On 7/6/21 7:24 AM, Mathias Homann wrote:

...

Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:

...

If we build audacity, the data collection features are not enabled, so this does not apply. Which of the patches that are applied to the audacity package takes care of that?

They collect the IP addresses of crash reports. Do you have an idea what all the other open source projects collect about your crash reports? I guess not, because there is no reddit thread about their policies.

If you want to be "safe", disable the crash report feature from audacity, but then the chances of getting crashes fixed is removed too.

Greetings, Stephan

The whole thing is making bigger waves now. Also, they are not only collecting your IP address: 'The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)."' Source: https://www.pcmag.com/news/audacity-is-being-called-spyware-after-privacy-po... "Data necessary for law enforcement" - that could mean name AND CONTENT of every audio file being worked on - it could be illegally copied intellectual property after all. And you still have not pointed out where exactly we make sure that the spyware parts are not compiled into the suse packages.. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org telegram: https://telegram.me/lemmy98 irc: [lemmy] on freenode and ircnet obs: lemmy04 gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

On 06.07.21 08:25, Mathias Homann wrote:

"Data necessary for law enforcement"

*Every* company will have to comply with the local legislation. At least they write it into their privacy statement ;-)

- that could mean name AND CONTENT of every audio file being worked on - it could be illegally copied intellectual property after all.

Please point out the source code where this is done. It's not like this is some closed source program that could silently start spying on you without it being easily noticeable.

And you still have not pointed out where exactly we make sure that the spyware parts are not compiled into the suse packages..

Did you check if we enable it? The relevant CMakeLists.txt snippets are: ------------------------------ set( _OPT "audacity_" ) ... cmd_option( ${_OPT}has_networking· "Build networking features into Audacity" Off) ... set_from_env(SENTRY_DSN_KEY) set_from_env(SENTRY_HOST) set_from_env(SENTRY_PROJECT) set_from_env(CRASH_REPORT_URL) cmake_dependent_option( ${_OPT}has_sentry_reporting "Build support for sending errors to Sentry" On "${_OPT}has_networking;DEFINED SENTRY_DSN_KEY;DEFINED SENTRY_HOST;DEFINED SENTRY_PROJECT" Off ) cmake_dependent_option( ${_OPT}has_crashreports "Enables crash reporting for Audacity" On "${_OPT}has_networking;DEFINED CRASH_REPORT_URL" Off ) -------------------------------- Now my CMake is weak, but https://cliutils.gitlab.io/modern-cmake/chapters/features/modules.html explains it. As I understand it: to enable "audacity_has_sentry_reporting": * audacity_has_networking needs to be "On", but defaults to "Off" * SENTRY_DSN_KEY, SENTRY_HOST, SENTRY_PROJECT need to be defined. * they are set via environment variables. to enable crash reports: * audacity_has_networking needs to be "On", but defaults to "Off" * CRASH_REPORT_URL needs to be defined from an environment variable Now please check if our package adds "-D audacity_has_networking=yes" to the cmake invocation. Then check if CRASH_REPORT_URL, SENTRY_HOST, SENTRY_PROJECT, SENTRY_DSN are exported before cmake is invoked. *IF* this is true, we can continue to discuss the issue. Until then, this is, IMVHO, RESOLVED_INVALID, to use bugzilla terminology. As I wrote before: I don't think their current privacy statement is well done, but it's also not a game changer. And calling it "spyware" is just twitter lynchmob style IMVHO. And if it is just "we need to drop this package immediately because it is from $NOW_EVIL_COMPANY!!!!!", then go ahead, drop chromium and all the libraries developed by google, facebook, the NSA,... ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman

On 06.07.21 07:24, Mathias Homann wrote:

Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:

...

If we build audacity, the data collection features are not enabled, so this does not apply.

Which of the patches that are applied to the audacity package takes care of that?

AIUI we just do not enable the feature. No patches needed. I have not looked too close at the build system, though, but their advertised intention when implementing the feature was always that this was to be only enabled on "official" github release builds, so right now I would not expect that this is enabled by default. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman

On 7/6/21 8:36 AM, Dead Mozay wrote:

Already have https://github.com/temporary-audacity/audacity Things turn fast in this: https://www.theregister.com/2021/07/07/tenacity_maintainer_quits_4chan_haras...

Greetings, Stephan