It’s not clear whether any of that is actually true. Certain other clauses that users were up in arms about—like one stating that its program “is not intended for individuals below the age of 13"—were only included to comply with data-collection rules like COPPA that puts a tight cap on any data collected from the pre-teen set. This includes personal data, but also so-called “anonymous data” like the hashed IP addresses Audacity collects, in part because those nuggets can still be traced back to the user it originated from.
Ray adds that its data collection is “very limited” and only includes “pseudonymized” IP addresses that are “irretrievable after 24 hours,” system information that includes “OS version and CPU type,” and optional error report data—not users’ microphone recordings or personal details. For context, in the majority of cases, this is the sort of data that cops will request from companies like Apple, Microsoft, or Facebook, since even so-called “anonymous” signals can be tied back to the device that generated it. But even in cases where authorities asked for user data, Ray added, this data won’t be shared immediately upon request; it would only be shared “if compelled by a court of law in a jurisdiction” in which the company operates.
Also worth mentioning here is that some of the other products under the Muse Group umbrella—like the music notation software MuseScore—feature nearly identical privacy policies, which suggests the parent company just updated Audacity’s policies for some consistency across its catalog. But that doesn’t excuse the piss-poor wording on its original draft, which Ray swears will be “revised” soon enough.
So, by all means, be up in arms about Audacity’s update. And we should all be angry about the constant erosion of privacy by apps and services of all kinds—not to mention the godawful data protection laws we have here in the U.S. But we’re going to need a hell of a lot more pitchforks.