While a previously proposed policy change was not implemented because of the negative response from users, it does not seem that this latest change will be halted. Instead, the developers say that it will be rectifying what it regards as poor wording, and goes to some lengths to explain the reasons for the changes in an attempt to justify them. While the type of data collected is nothing particularly out of the ordinary, the arrival of telemetry is not something that is welcomed by fans of open source software.
Audacity adds that it is working with its legal team to produce a revised version of the policy:
Until this is done, the team says "we would like to clarify what seem to be the major points of concern":
- Selling Data & Sharing - We do not and will not sell ANY data we collect or share it with 3rd parties. Full stop.
- Data Collection - Data we collect is very limited.
- IP address - which is pseudonymised and irretrievable after 24 hours.
- Basic System Info - OS version and CPU type.
- Error Report Data (Optional) - Sent manually by users as part of an Error Report.
- Additional Data - We do not collect any additional data beyond the points listed above for any purpose.
- Compliance with Law Enforcement - We will not collect or provide any information other than data described above with with any government entity or law enforcement agency.
- Compelled by Court - Data is not shared upon an agency request; we will do so only if compelled by a court of law in a jurisdiction that we serve.
- Limited Window - After 24 hours the IP address being collected is irretrievably lost.
- Jurisdiction Requirements - We operate in many countries around the world and this is a standard policy requirement for providing services in many jurisdictions, regardless of the depth of data collected or nature of service.
The post concludes by saying:
Not that this will be of much consolation to those who are concerned, of course.