This apparently only effects Audacity 3.0, but it’s a pretty major turnaround from the buyout promises back in May 2021. Audacity was purchased by Muse Group, and promised at the time to keep Audacity free and working. However, this appears to have to been changed back in June, because the privacy policy for the software has been updated to this.

The news of this first appeared on Fosspost on July 4th. The updated privacy policy page includes numerous data collection mechanisms. Any data can be handed over to state regulators, including Russia, USA, and the EEA zone.

Section 4 above this on the page, states they might share data with anyone they classify as third-party (auditors, advisors, legal representatives, etc) or potential buyers.

There’s also some information on storing IP addresses, where the IP will be stored in an identifiable way for a calendar day, then stored as a hash. The hash will be stored for one year, then deleted. Other information collected, OS version and CPU information, is not identifiable. They may also store your personal data for their own legal rights.

They have also added a Minors clause, disallowing anyone 13 years of age and younger from using Audacity. Now that they collect user data, they want to avoid COPPA laws.

There is good news, however. There is currently a fork for 2.0 on Github (https://github.com/temporary-audacity/audacity) that doesn’t have the above issues. It’s community developed, so there’s that if you want to get away from these data collection practices.

Sources:

• https://fosspost.org/audacity-is-now-a-spyware/
• https://linustechtips.com/topic/1353702-audacity-classed-as-spyware/
• https://www.audacityteam.org/about/desktop-privacy-notice/
• https://twitter.com/KrashHash/status/1411725491581587457
• https://twitter.com/JackRhysider/status/1411915293195046912