What you need to know
- Audacity's new privacy policy leaves the door open for user tracking.
- Changes suggest Audacity's new owner could share information on its users with international officials.
Popular audio editing app Audacity is at the center of a privacy storm today after changes to its privacy policy left the door open for it to track users in concerning ways.
According to a Foss Post report, Audacity was recently bought by MuseScore, triggering an update to the app's privacy page. That update includes the news that the company could hand data over to regulators in the United States, Russia, and the European Economic Area — locations where it has servers and people working.
All your personal data is stored on our servers in the European Economic Area (EEA). However, we are occasionally required to share your personal data with our main office in Russia and our external counsel in the USA.
The changes go on to note that the company could share data with entities it calls "third-party", "advisors," or "potential buyers".
The bad news continues, with real IP addresses of users being logged and in a readable format for 24 hours before they are hashed, a move that's odd for a music editing app.
Real IP addresses of users remain for 1 day on Audacity's servers before they are hashed, and hence, practical user identification is possible if one of the mentioned governments sends a data request. Things which should not have been possible with an offline audio editor.
It isn't immediately clear why these changes were made or why Audacity needs to track the IP address of its users, but it's enough to cause some users to call for a boycott of the app. That's unfortunate, with Audacity being one of the best music editing apps for Mac right now.
