Audacity 3.0 Appears to Be Spyware

Podcasters who are using Audacity should delete it and find different audio software to use instead. FOSS Post is likely the first to report that Audacity is now a possible spyware. It recommends you remove it ASAP.

According to FOSS Post, Audacity was acquired by Muse Group two months ago. Muse Group also owns Ultimate Guitar (a website for guitar musicians) and MuseScore (open source music notation software). Obviously, people who are using those may want to consider not doing that anymore.

According to FOSS Post:

The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.

Audacity recently updated its privacy policy. Personally, I found some of the information in the privacy notice to be disturbing.

For the purposes of this Notice, WSM Group with registered office at Moskovsky pr-t,40-1301, Kalingrad Russia, 236004 (“Audacity”, “us”, “we”, or “our”) acts as the data controller for the Personal Data that is collected via the App and through the App. As a data controller, Audacity is responsible for ensuring that the processing of Personal Data complies with applicable protection law, and specifically with the General Data Protection Regulation.

Personal Data Audacity will collect includes:

  • OS version
  • User country based on IP address
  • OS name and version – which they collect for app analytics
  • CPU – which they collect for “improving our App”
  • Non-fatal error codes and messages (i.e. project failed to open)
  • Crash reports in Breakpad Minidump format.
  • Data necessary for law enforcement, litigation and authorities’ requests (if any) – which Audacity will collect for legal enforcement.

Audacity’s reason for collecting the OS name and version is: Legitimate interest of WSM Group to offer and ensure the proper functioning of the app.

Audacity’s reason for collection data necessary for law enforcement is : Legitimate interest of WSM Group to defend its legal rights and interest.

The App is not intended for individuals below the age of 13. Audacity states: “If you are under 13 years old, please do not use the app.” I’ve seen some people on Twitter pointing out that it is illegal to collect data about minors.

Here’s who Audacity will share your personal data with:

  • Their staff members
  • Any competent law enforcement body, regulatory body, government agency, court or third party
  • Audacity’s auditors, advisors, legal representatives and similar agents
  • A potential buyer
  • Audacity states that all your personal data will be stored on their serves in the European Economic Area (EEA), “However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.”

Out of curiosity, I searched for the Audacity app on the App Store. It wasn’t there. Perhaps Apple noticed that something was a bit off about Audacity and has excluded it from the App Store. I wonder if Audacity’s newest privacy policy was intended to get around the App Store so it could grab data from OS users? If so, that’s one more reason to delete Audacity!

Audacity 2.3.2 has been Released

Podcasters who use Audacity need to know that Audacity 2.3.2 has been released. Audacity 2.3.2 replaces all previous versions for Windows, macOS and Linux.

Improvements include:

  • Audacity now includes the LAME mp3 encoder. Previously, due to now expired patents, you had to download it separately.
  • There is a new “Select” button in the track panel to select the whole track.
  • Audacity mod-script-pipe for driving Audacity from Python now comes with Audacity and can be enabled via preferences.
  • Type to Create a Label is now off by default.
  • A plug-in installer for Nyquist now provides a file browser for selecting ‘.NY’ files to install.

More details about the new improvements in Audacity 2.3.2 can be found in the Wiki Overview.

Over 20 bugs in 2.3.1 fixed, including:

  • Audacity 2.3.1 would crash if append-recording to a collapsed track.
  • Many accessibility bugs on macOS fixed.

More information about bug fixes in Audacity 2.3.2 can be found in Release Notes 2.3.2.

Audacity 2.3.0 Released with New Features

Audacity 2.3.0 has been released. It replaces all previous versions for Windows and macOS. It includes many new features and over 90 bugs fixes (since 2.2.2).

The Audacity Team started their blog post about Audacity 2.3.0 by identifying some known issues and indicating what can be done about them:

We are still compiling Audacity as 32-bit. Whilst MacOSX works with 32-bit, it would prefer a 64-bit version of Audacity. We are working on a 64-bit version for Mac for 2.3.1. On Windows, you may find that recording is disabled until you change Windows permissions for the microphone! This affects all versions of Audacity, and many other programs.

New features of Audacity 2.3.0 include:

  • New feature – “Punch and Roll Recording”
  • Pinned-play-head can now be repositioned by dragging
  • Play-at-speed now can be adjusted whilst playing
  • Toolbars controlling volume and speed can now be resized for greater precision.
  • Macros (formerly ‘Chains’) substantially extended: New Macro palette; Macros can be bound to keyboard keys
  • New commands: New ‘Tools’ menu; New ‘Scriptable’ commands
  • Nyquist gains AUD-DO command
  • Nyquist effects are now translatable and translated
  • More dialogs have help buttons now
  • Increased legibility of trackname display
  • Half-wave option for controlled tracks
  • Sliding Stretch
  • Dialog (option) for entering labels.

For more information about these new features, visit the Audacity blog post and click on the link there that leads to that information. In addition, the blog post has information on the over 90 bugs that were in 2.2.2 that have been fixed.

Audacity Downloads Briefly Infected With Malware

Audacity LogoAudacity, the free, open source multitrack digital audio workstation (DAW) that’s at the center of many podcasters’ workflows, was briefly transmitting malware via its downloadable installer for Windows earlier this week. From the Audacity team:

For about 3 hours on August 2nd 2016 our download server was serving a hacked copy of Audacity that contained malware. This was due to hackers obtaining the password of one of our developers and using it to upload the malware.

We have now replaced the 2.1.2 hacked windows installer and disabled that hacked account on FossHub.com – We are taking the incident very seriously indeed. We are working hard, in collaboration with FossHub.com, to do what we can to help prevent such an incident in future. In many ways Audacity is a soft target for hackers – and attractive as a target because of the large number of downloads.

The malware was limited to the Windows installer for Audacity. It had no impact on either the Mac or Linux versions of the software. The nature of the attack was outlined by FossHub, the website where the infected software was being hosted:

The attackers uploaded a malware file on Classic Shell page which was downloaded approximately 300 times. We removed the file in several minutes and we changed all passwords for all services we had.

They targeted the largest projects listed on FossHub: Audacity and Classic Shell. We reacted promptly for Audacity installer but for Classic Shell, several hundred users were able to download the malware infected version.

We have been in contact with Google, PNAP and other providers.

Several hours later, we noticed the attackers were able to gain access through an FTP account and we decided to shut down the main server immediately to prevent any further infection/damage.

If you have downloaded and/or installed Audacity 2.1.2 for Windows this week, it’s strongly recommended that you remove all of those files and re-download the current, non-infected installer and reinstall the program.

Audacity 2.0.6 Is Here

Audacity LogoVenerable open-source audio production software Audacity has had an official update. Now at version 2.0.6, the program used by many podcasters on Mac, Linux and Windows, has had some bug fixes along with a few changes to the UI:

  • Cut and Delete options have been moved to the top of the Edit menu.
  • Transport menu has been changed to offer a single Play/Stop button.
  • A “Play/Stop and Set Cursor” option for leaving the cursor set where playback was halted has been added.
  • Keyboard preferences have been redesigned and made searchable.
  • A new “Mix and Render to New Track” function has been added to the Track menu.
  • “Move Track to Top” and “Move Track to Bottom” options have been added to the Track drop-down menu.
  • A “Delete Label” function has been added to the context menu.
  • The “Snap To” option offers a choice of snapping to the closest or prior position.
  • The Truncate Silence effect has a new “Truncate Deleted Silence” setting.
  • The VST Effects dialog has been redesigned and VST effects now support standard FXP presets.

Continue reading