IllustratorsLeak
thelinuxgamer
thelinuxgamer

patreon


Audacity's Telemetry Kerfuffle

Added 2021-05-08 14:46:48 +0000 UTC

Oof. Did Audacity just make a big, huge no-no? I'm gonna be honest, I have a video in the works about Audacity (it will probably be out this wednesday, actually) but I had to talk about this and it couldn't wait.

So last week YouTuber Tantacrul announced that Audacity--the free and open source audio editing software--was now part of Muse Group. I had heard that Muse Group had also acquired the free and open source Musescore scorewriting software just a little while before hand and was curious about the company. So I like... did some searching and "Muse Group" was a surprisingly hard entity to learn about.

Setting aside the peculiarity of acquiring an open source project and the benefits and issues that can arise from something like that... I want to talk about the hubbub that was caused by pull request #835 on GitHub. Link in the description.

Telemetry is bad, mmmkay.

Now if you take the time to read the comments on the pull request, you'll see that there are many-a-user who balk at the idea of FOSS software collecting any amount of data collection from a users system. Indeed, of all the pull requests on the Audacity GitHub, this one takes the cake as sparking the fiercest discourse. And you know that when a discussion about software includes folks quoting scripture, things have probably gone off the rails.

We know that the Free and Open Source community really does value their privacy more than any other group. And it's easy to understand. We know how trivial it is to correlate seemingly meaningless datapoints to derive the users GPS coordinates... or have Switch disconnect them from the Matrix... or whatever. "Normies" don't understand that.

As the open source community, we have seen our fair share of abuse from proprietary software companies... and we also have seen the patterns and warning signs of surveillance.

Paranoia... and Pareidolia?

So when a FOSS project comes along and suggest "hey, we'd like to have automatic crash reports and some basic usage stats," the paranoia sets in. But fact of the matter is, this is a free software project. Let's not confuse our friends and enemies here. People are really good at recognizing patterns. In fact, we're so good at it that we sometimes see patterns where they don't exist. That's called Pareidolia. Pareidolia is when you see Bill Gate's face in a piece of toast.

Look, there's a good chance something nefarious is happening with the all-consuming telemetry of proprietary offerings, but there are legitimate reasons FOSS developers might want to have this data on hand.

Informed Decisions

After the Pull Request was issued and the backlash started rolling in, the Pull Request's comment was update.

Why have telemetry at all?Essentially, it’s to help us to identify product issues early:
Audacity is widely used across several platforms, but we have no information on the application stability.
It is difficult for us to estimate the size of the user base accurately.
We need a way to make informed decisions about which OS versions to support. For example, can we raise the minimum version of the macOS to 10.10 to update the wxWidgets to the latest version?
We have a known issue with the new file format introduced in Audacity 3.0. We found it with the great help of the community members on our forum. However, there is no way for us to estimate the impact of these issues on users. Is it just a random case? Do we need to rush the work on the recovery tool or help the users one by one? Or do we need to rethink the file format to make it safer and more easily recoverable?

In short, open source projects collecting data does have its legitimate purpose: informed decision making. And as a group of folks who pay a lot of lip service to data and objectivity, we should be the ones who understand this the best.

Informed Consent

Several times in the PR, the author stressed that the analytics is opt-in and disabled by default. And that's true. They even shared a screenshot of what the analytics prompt looks like:

Several people condemned them for this screenshot, saying that it implemented a dark pattern to trick people into unwitting consent. I, however, think this is actually one of the best consent screens I've ever seen and--if this is the final screen--shows their commitment to doing telemetry collection ethically.

First, let's look at what it actually says:

We would like to collect anonymous usage data to help us prioritize improvements and making Audacity better in the future. This includes session start and end time, errors for debugging, file formats for import and export, OS and Audacity versions, and use of effects, generators and analysis tools so we can prioritize future improvements.We do not collect any personal data or sensitive information such as location or file names or any content of your audio. <link to privacy policy>You can change this at any time in Preferences > Analytics

First, this screen tells you:

It explains to you the implications of your selecting "Send anonymous analytics data." In other words, it provides a basis for INFORMED CONSENT.

If, instead it just read:

Send anonymous usage statistics and crash reports to Audacity. Privacy Policy

With two buttons, you don't really know what's gonna be collected and can't make an informed decision.

Now, the 'dark pattern' being referenced here is that 'normies' are just gonna click the blue button without reading the text being presented to them. And maybe that's the case. But, I think that this is a better choice than having a checkbox and a single button since--psychologically speaking--presenting a user with an actual choice to be made between two buttons might prompt more people to read the text in the dialog. Especially versus a single button with an unpopulated checkbox would almost certainly result in almost nobody opting in.

Verifiability

Furthermore, as an open source project, every bit of the telemetry code in this pull request can be rigorously scrutinized. There's no reason for the Audacity team to lie about what data is being collected.

We can all independently verify what is being collected, if opting-out truly prevents the telemetry from being submitted, and where it's all being sent. But that raises the final concern.

Why Google and Yandex?

See, when I first heard this, I have to admit that seeing Google Analytics and Yandex being mentioned here had me a bit upset. However, the fact of the matter is that Google Analytics is one of the most robust analytics tools--especially for app developers--and the tool is provided free of charge. Granted, it does have a privacy cost--especially across the web. But even I have had to integrate Google Analytics into several of the websites I've built.

Why? Because if you're writing software without some kind of analytics tool, you're basically going in blind. Data is incredibly important if you want to make good decisions for your product. And, as I mentioned, Google Analytics is free of charge and has mature and robust features.

There are other analytics tools out there. Plausible comes to mind. But you have to pay for those out of pocket. And most of the time pay-for alternatives just aren't in your client's budget.

It's also probably a tool that Muse Group knows very well since they have been running UltimateGuitar.com for years and there's something to be said for sticking with what you know.

Does it make it right, though? Meh. Not really. Are there better alternatives? Yes. Absolutely. And if we, as a community of mature adults can move past the pareidolia and paranoia surrounding our Mr. Mackey-esque aversion to all telemetry in any circumstance, we might actually convince them to use more ethical, privacy-respecting alternatives to Yandex and Google.

Conclusion

While I'm not sure if we can trust Muse Group to not do anything nefarious with the data they collect, I am confident Audacity won't collect more data than they need since--hey, we can actually see the telemetry code.

If I'm wrong, then I'm wrong. But there are ethical ways that free software can use telemetry and, if the infrastructure was in place to make such telemetry available for FOSS projects, we might just be able to vanquish proprietary software completely.

https://github.com/audacity/audacity/pull/835

Comments

I do believe paranoia is in good standing with the open source community and I do appreciate that. Besides, I do not implement any kind of analytics in my website.

2021-05-08 21:09:53 +0000 UTC

More Creators

potofweed

potofweed

 onlyfans
raekylesfree

raekylesfree

 onlyfans
shy_babyg8rl

shy_babyg8rl

 onlyfans
Dubuk

Dubuk

 patreon
lilyiswild

lilyiswild

 onlyfans
rachellevank

rachellevank

 onlyfans
汐王寺

汐王寺

 fanbox
yaizaxo

yaizaxo

 onlyfans
kpskillinem

kpskillinem

 onlyfans
barbeebandzoftv

barbeebandzoftv

 onlyfans
sweet_miamay

sweet_miamay

 onlyfans
Leaf (リーフ)

Leaf (リーフ)

 patreon
aaryn

aaryn

 patreon
blondestbarbie

blondestbarbie

 onlyfans
Raksshasa

Raksshasa

patreon
tendertroupe

tendertroupe

 patreon
ezrapaige

ezrapaige

 onlyfans
anastasia1087

anastasia1087

 onlyfans
christivovk

christivovk

 onlyfans
Jody Hatton

Jody Hatton

 gumroad
helen.de

helen.de

 onlyfans
icacaureis

icacaureis

 onlyfans
Najika

Najika

 fanbox
roseanna24

roseanna24

 onlyfans
brains-beauty828

brains-beauty828

 onlyfans
twinkachuu

twinkachuu

 onlyfans
castleBanx

castleBanx

 patreon
dressciii

dressciii

 onlyfans
datkofguy

datkofguy

 patreon
sweet_celina

sweet_celina

 onlyfans
femboyjammy

femboyjammy

 onlyfans
latinagrip

latinagrip

 onlyfans
심연의심연

심연의심연

 gumroad
lildeity

lildeity

 onlyfans
ridingstick

ridingstick

 onlyfans
ellelyon.exclusive

ellelyon.exclusive

 onlyfans
hung-daddy

hung-daddy

 onlyfans
TheGameBoys

TheGameBoys

 patreon
LexHanley

LexHanley

 patreon
りせ

りせ

 fanbox