Let's drop audacity...
https://twitter.com/KrashHash/status/1411725491581587457 -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On Sun, Jul 4, 2021 at 5:28 PM Mathias Homann <Mathias.Homann@opensuse.org> wrote:
The openSUSE builds of Audacity are not impacted by this. We don't have those issues because that code is disabled in our builds. -- 真実はいつも一つ!/ Always, there's only one truth!
Am Sonntag, 4. Juli 2021, 23:52:39 CEST schrieb Neal Gompa:
On Sun, Jul 4, 2021 at 5:28 PM Mathias Homann
<Mathias.Homann@opensuse.org> wrote:
The openSUSE builds of Audacity are not impacted by this. We don't have those issues because that code is disabled in our builds.
Actually, I'm looking at https://build.opensuse.org/package/show/ multimedia:apps/audacity and I don't see which of the patches does that... Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 04/07/2021 23.27, Mathias Homann wrote:
The audacity audio editor? https://en.wikipedia.org/wiki/Audacity_(audio_editor) «In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]» 14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 7/5/21 7:27 AM, Carlos E. R. wrote:
On 04/07/2021 23.27, Mathias Homann wrote:
The audacity audio editor?
https://en.wikipedia.org/wiki/Audacity_(audio_editor)
«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»
14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out. Cheers -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:
On 7/5/21 7:27 AM, Carlos E. R. wrote:
On 04/07/2021 23.27, Mathias Homann wrote:
The audacity audio editor?
https://en.wikipedia.org/wiki/Audacity_(audio_editor)
«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»
14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.
Cheers
but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws. In fact, without being a lawyer, I'm actually wondering if the unpatched, original version would even be legal. Definitely not in the EU. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 7/5/21 2:36 PM, Mathias Homann wrote:
Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:
On 7/5/21 7:27 AM, Carlos E. R. wrote:
On 04/07/2021 23.27, Mathias Homann wrote:
The audacity audio editor?
https://en.wikipedia.org/wiki/Audacity_(audio_editor)
«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»
14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.
Cheers
but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.
I guess the question here then is more of a is the bigger priority for openSUSE as a project making political statements or useful software for our userbase -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On 05/07/2021 07.06, Mathias Homann wrote:
Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:
On 7/5/21 7:27 AM, Carlos E. R. wrote:
On 04/07/2021 23.27, Mathias Homann wrote:
The audacity audio editor?
https://en.wikipedia.org/wiki/Audacity_(audio_editor)
«In July 2021, Audacity updated its privacy policy to include a clause that allowed Muse Group to collect "data necessary for law enforcement, litigation and authorities’ requests".[14] The change was met with controversy.[15][16]»
14 "Desktop Privacy Notice". Audacity ®. Retrieved July 4, 2021. 15 "Audacity may collect "Data necessary for law enforcement, litigation" and more | Hacker News". news.ycombinator.com. Retrieved July 4, 2021. 16 "Audacity may collect "Data necessary for law enforcement, litigation and authorities' requests (if any)" according to new privacy notice". reddit. Retrieved July 4, 2021.
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.
Cheers
but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.
In a way, it would. They don't get the data they love. Signalling: "you don't own that software". -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 05.07.21 07:06, Mathias Homann wrote:
Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.
but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.
Last time I looked, you needed to explicitly enable the telemetry features during build.
In fact, without being a lawyer, I'm actually wondering if the unpatched, original version would even be legal. Definitely not in the EU.
Only the prebuilt binaries they release contain that feature by default. And it does ask before sending data. Yes, the new "Privacy notice" is crazy, but it does not really affect us right now. Once they make this harder to disable, someone will hard fork the project and everything will be fine again. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
On 05/07/2021 12.35, Stefan Seyfried wrote:
On 05.07.21 07:06, Mathias Homann wrote:
Am Montag, 5. Juli 2021, 06:06:51 CEST schrieb Simon Lees:
Or as Neal suggested because it is open source nothing stops us from continuing to ship a version with that "feature" patched out.
but that "patched out" version would not send a clear, strong "f*ck you" to the people behind such violation of privacy laws.
Last time I looked, you needed to explicitly enable the telemetry features during build.
In fact, without being a lawyer, I'm actually wondering if the unpatched, original version would even be legal. Definitely not in the EU.
Only the prebuilt binaries they release contain that feature by default. And it does ask before sending data.
Yes, the new "Privacy notice" is crazy, but it does not really affect us right now. Once they make this harder to disable, someone will hard fork the project and everything will be fine again.
I read they changed the license and demand that any change done to the source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 05.07.21 12:47, Carlos E. R. wrote:
I read they changed the license and demand that any change done to the
https://github.com/audacity/audacity/blob/master/LICENSE.txt GPLv2
source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. That's probably something someone in some twitter lynchmob thread implied. I canot see this when cursory glancing at LICENSE.txt -- Stefan Seyfried
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
On 2021-07-05 17:49, Stefan Seyfried wrote:
On 05.07.21 12:47, Carlos E. R. wrote:
I read they changed the license and demand that any change done to the
https://github.com/audacity/audacity/blob/master/LICENSE.txt
GPLv2
source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. That's probably something someone in some twitter lynchmob thread implied. I canot see this when cursory glancing at LICENSE.txt
I think this is all about https://github.com/audacity/audacity/discussions/889 And the previous PR https://github.com/audacity/audacity/pull/835 I am wondering if i am just to blue-eyed or too trusting to not (yet) see the problem. Or maybe i miss more recent changes to the source that actually DO enable the telemetry code - and not only propose it
On Mon, 2021-07-05 at 17:49 +0200, Stefan Seyfried wrote:
On 05.07.21 12:47, Carlos E. R. wrote:
I read they changed the license and demand that any change done to the
https://github.com/audacity/audacity/blob/master/LICENSE.txt
GPLv2
source will belong to them, and prohibit kids younger than 13 from using it. All that is against the GPL. That's probably something someone in some twitter lynchmob thread implied. I canot see this when cursory glancing at LICENSE.txt
https://www.audacityteam.org/about/desktop-privacy-notice/ #3 -- Atri Bhattacharya Mon 5 Jul 18:56:07 CEST 2021 Sent from openSUSE Tumbleweed on my laptop.
On 05.07.21 18:57, Atri Bhattacharya wrote:
https://www.audacityteam.org/about/desktop-privacy-notice/ #3
This has nothing to do with the license the software is released under. That the privacy notice is not compatible with GPL is mostly out of question. However, the reason for this "#3" is probably that "apps" that collect data are not allowed for minors in the app stores. So they added that clause. If we build audacity, the data collection features are not enabled, so this does not apply. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:
If we build audacity, the data collection features are not enabled, so this does not apply.
Which of the patches that are applied to the audacity package takes care of that? Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) telegram: https://telegram.me/lemmy98 keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 7/6/21 7:24 AM, Mathias Homann wrote:
Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:
If we build audacity, the data collection features are not enabled, so this does not apply. Which of the patches that are applied to the audacity package takes care of that?
They collect the IP addresses of crash reports. Do you have an idea what all the other open source projects collect about your crash reports? I guess not, because there is no reddit thread about their policies. If you want to be "safe", disable the crash report feature from audacity, but then the chances of getting crashes fixed is removed too. Greetings, Stephan
Am 2021-07-06 07:44, schrieb Stephan Kulow:
On 7/6/21 7:24 AM, Mathias Homann wrote:
Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:
If we build audacity, the data collection features are not enabled, so this does not apply. Which of the patches that are applied to the audacity package takes care of that?
They collect the IP addresses of crash reports. Do you have an idea what all the other open source projects collect about your crash reports? I guess not, because there is no reddit thread about their policies.
If you want to be "safe", disable the crash report feature from audacity, but then the chances of getting crashes fixed is removed too.
Greetings, Stephan
The whole thing is making bigger waves now. Also, they are not only collecting your IP address: 'The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)."' Source: https://www.pcmag.com/news/audacity-is-being-called-spyware-after-privacy-po... "Data necessary for law enforcement" - that could mean name AND CONTENT of every audio file being worked on - it could be illegally copied intellectual property after all. And you still have not pointed out where exactly we make sure that the spyware parts are not compiled into the suse packages.. Cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org telegram: https://telegram.me/lemmy98 irc: [lemmy] on freenode and ircnet obs: lemmy04 gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
On 7/6/21 8:25 AM, Mathias Homann wrote:
The whole thing is making bigger waves now.
Also, they are not only collecting your IP address: 'The data collected includes OS version and name, user country based on IP address, the CPU being used, data related to Audacity error codes and crash reports, and finally "Data necessary for law enforcement, litigation and authorities' requests (if any)."'
The windows desktop app might have additional code, but the audacity open source software for linux does two things: check for updates and offer crash report uploads. Greetings, Stephan
On 06.07.21 08:25, Mathias Homann wrote:
"Data necessary for law enforcement"
*Every* company will have to comply with the local legislation. At least they write it into their privacy statement ;-)
- that could mean name AND CONTENT of every audio file being worked on - it could be illegally copied intellectual property after all.
Please point out the source code where this is done. It's not like this is some closed source program that could silently start spying on you without it being easily noticeable.
And you still have not pointed out where exactly we make sure that the spyware parts are not compiled into the suse packages..
Did you check if we enable it? The relevant CMakeLists.txt snippets are: ------------------------------ set( _OPT "audacity_" ) ... cmd_option( ${_OPT}has_networking· "Build networking features into Audacity" Off) ... set_from_env(SENTRY_DSN_KEY) set_from_env(SENTRY_HOST) set_from_env(SENTRY_PROJECT) set_from_env(CRASH_REPORT_URL) cmake_dependent_option( ${_OPT}has_sentry_reporting "Build support for sending errors to Sentry" On "${_OPT}has_networking;DEFINED SENTRY_DSN_KEY;DEFINED SENTRY_HOST;DEFINED SENTRY_PROJECT" Off ) cmake_dependent_option( ${_OPT}has_crashreports "Enables crash reporting for Audacity" On "${_OPT}has_networking;DEFINED CRASH_REPORT_URL" Off ) -------------------------------- Now my CMake is weak, but https://cliutils.gitlab.io/modern-cmake/chapters/features/modules.html explains it. As I understand it: to enable "audacity_has_sentry_reporting": * audacity_has_networking needs to be "On", but defaults to "Off" * SENTRY_DSN_KEY, SENTRY_HOST, SENTRY_PROJECT need to be defined. * they are set via environment variables. to enable crash reports: * audacity_has_networking needs to be "On", but defaults to "Off" * CRASH_REPORT_URL needs to be defined from an environment variable Now please check if our package adds "-D audacity_has_networking=yes" to the cmake invocation. Then check if CRASH_REPORT_URL, SENTRY_HOST, SENTRY_PROJECT, SENTRY_DSN are exported before cmake is invoked. *IF* this is true, we can continue to discuss the issue. Until then, this is, IMVHO, RESOLVED_INVALID, to use bugzilla terminology. As I wrote before: I don't think their current privacy statement is well done, but it's also not a game changer. And calling it "spyware" is just twitter lynchmob style IMVHO. And if it is just "we need to drop this package immediately because it is from $NOW_EVIL_COMPANY!!!!!", then go ahead, drop chromium and all the libraries developed by google, facebook, the NSA,... ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
On 06.07.21 07:44, Stephan Kulow wrote:
On 7/6/21 7:24 AM, Mathias Homann wrote:
Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:
If we build audacity, the data collection features are not enabled, so this does not apply. Which of the patches that are applied to the audacity package takes care of that?
They collect the IP addresses of crash reports. Do you have an idea what all the other open source projects collect about your crash reports? I guess not, because there is no reddit thread about their policies.
Does KDE still have drkonqi? LET'S DROP THAT, TOO!!!!11!!!!! In the past, Thunderbird also asked me if I want to send crash reports. It has not been crashing for me for a while, so I cannot say if the feature is still available ;-) -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
On 06.07.21 07:24, Mathias Homann wrote:
Am Dienstag, 6. Juli 2021, 06:39:31 CEST schrieb Stefan Seyfried:
If we build audacity, the data collection features are not enabled, so this does not apply.
Which of the patches that are applied to the audacity package takes care of that?
AIUI we just do not enable the feature. No patches needed. I have not looked too close at the build system, though, but their advertised intention when implementing the feature was always that this was to be only enabled on "official" github release builds, so right now I would not expect that this is enabled by default. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
On 7/6/21 8:36 AM, Dead Mozay wrote:
Already have https://github.com/temporary-audacity/audacity Things turn fast in this: https://www.theregister.com/2021/07/07/tenacity_maintainer_quits_4chan_haras...
Greetings, Stephan
On 2021/07/04 14:27, Mathias Homann wrote: Subject:
let's drop audacity...
On 2021/07/04 14:52, Neal Gompa wrote:
The openSUSE builds of Audacity are not impacted by this. We don't have those issues because that code is disabled in our builds.
In case no one remembers, before the dist that was openSuSE, the Suse distro shipped, perhaps among others, transmission binaries that had certain anon, peer-to-peer capabilities/protocols disabled in deference to German data and ID preservation requirements. If you wanted the full ability to join higher protection swarms, *you*, the end user, had to unpatch, reconfigure and rebuild transmission et al, that deferred to "State" requirements. One sees similar corruption of legal values and principles via various requirements of "so called" "freedom and liberty"-loving governments as corrupted by their own corporate-bought and owned legal requirements.
participants (11)
-
Atri Bhattacharya -
Carlos E. R. -
Dead Mozay -
dominique@leuenberger.net -
L.A. Walsh -
Mathias Homann -
Mathias Homann
-
Neal Gompa -
Simon Lees -
Stefan Seyfried -
Stephan Kulow