Audacity is an open-source audio editor popular among podcasters and musicians. In May 2021, Audacity was acquired by Muse group, and this is where the story begins.
According to FossPost:
The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines.
Audacity doesn’t have accounts or profiles, so it doesn’t know your name, email address, or other personal information. But it will collect things like your IP address, OS version, OS name, CPU details, error codes, and crash reports.
In the “For Legal Enforcement” section, the policy says “Data necessary for law enforcement, litigation and authorities’ requests (if any).” This is ambiguous and up for interpretation. Real IP addresses are stored for one day, and then they are hashed. But that may be enough for local governments to find your location using a data request.
The data is stored in European Economic Area, but personal data might be occasionally shared to the group’s head office in Russia and external counsel in the United States. This means the company will have to comply with data requests from both Russia and the United States.
Another concerning part is how Audacity outright says minors under the age of 13 should not use the application, because minors can’t consent to privacy policies in GDPR regions.
Source link: lifehacker.com