• For legal enforcement • Data necessary for law enforcement, litigation and authorities’ requests (if any) • Legitimate interest of WSM Group to defend its legal rights and interests
It is unclear from the above what kind of legal enforcement they have in mind. A telemetry advanced enough for copyright-enforcement is also advanced enough to be abused to steal the work of people without the means or knowledge required for legal recourse.
Will instruments start listening in on what's being played at the campfire to ensure that college students don't infringe on the "rights" of copyright-holders? Will construction tools start snitching on people who don't call in the appropriate union help for the job to be done?
Where does this end?
It could maybe be ended in the bugtracker if enough people complain - there is an entry for this already:
In the context of Audacity, wherever a community-managed fork begins (à la LibreOffice)—at least until it gets bought out (à la CentOS).
This is farcical.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
edit: GPLv3 says:
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You just cannot revoke existing license terms.
It may mean you can’t distribute at all if you can’t comply with the law and the license.
There was a really nice blog post and intro from the new product manager for Audacity some months ago talking about the new governance, and he seemed very earnest and positive, but looking at this privacy agreement, I'd wonder how much executive power earnest people could have in it.
Thinking the solution to this may be a privacy patch that carves out this data collection code. I really don't want to have to comb through sources or binaries for watermarking features and other spy tools.
One thing that does not appear mentioned in the table of data they collect is When they collect your OS and IP address, and what other metadata about your project files gets collected.
Let's say I am processing some sensitive media, or even analyzing politically provocative materials, do hashes of it or identifiable information about my content get sent to Audacity that can be compared online?
Given the Data Controller in that privacy agreement is regstered in Russia, if I use Audacity to do audio forensics on purported Russian propaganda media, does that mark out my IP/OS and identifiers to them? This seems like an extreme question, but the tools that are going to be used to fight deepfakes are going to (or were going to) include tools like Audacity.
Under what they collect about you:
> "Data necessary for law enforcement, litigation and authorities’ requests (if any)"
So an unspecified blob of law enforcement data, which is anything they want. This is not a privacy commitment. I can see why there was some controversy on the project.
The obvious question is, "we're a commercial service who is now responsible for this, and things are complicated, so what would you have us do?"
The answer is: facilitate completely offline, and anonymous use of the open source parts of the code, potentially by allowing users to flag privacy invading code as off at compile time.
IIRC the new guy wants telemetry to help improve the program; and if you grant that telemetry is a thing this seems pretty bog standard.
Did you confuse the project or they are related somehow?
Sadly you have to pay to download it from their site, but if you compile it yourself on Windows/MacOS or install it through the repositories of your Linux distro, the full version is available. Or download builds here: https://archive.org/download/ardour-6-builds (I haven't tested these so proceed with caution.)
Some Linux distros allow you to install Ardour from their package manager.
On Gentoo it's as simple as typing "emerge ardour"
But now its goes further.
"Audacity uninstall complete.
Some elements could not be removed. These can be removed manually."
Anyone aware of what elements and where? I see it left some configs in AppData.
I'm not sure this really tells me what "Personal Data they collect". It feels more like a restatement of the purpose for collection ("Why we collect it - For legal enforcement"), and hardly in the spirit of the "very limited types of Personal Data that we may collect"