Free music editor Audacity will now collect and send your personal data to Russia and other ‘third parties’

IP addresses will be ‘stored in an identifiable way’ for 24 hours, the company’s new terms and conditions state

Adam Smith
Monday 05 July 2021 13:05 BST
Comments
(Muse Group)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Popular free audio editing tool Audacity has quietly updated its terms and conditions so that it can sell user data to third-party companies and share it “with our main office in Russia”.

The update, which happened on 2 July 2021, means that Audacity will now collect information about users’ operating system, their country (through their IP address), their CPU, and any other data “necessary for law enforcement, litigation and authorities’ requests”.

For “a calendar day”, IP addresses will be “stored in an identifiable way” before being hashed or made anonymous; however, an unencrypted address could be a pathway to finding a users’ name, phone number, and address, the geolocation of the computer, and in some cases further personal characteristics including “political inclinations, state of health, sexuality, [and] religious sentiments”, according to a study conducted in 2013 by the Office of the Privacy Commissioner of Canada.

Audacity will share this personal data with its staff and law enforcement and government agents, or “other third party where we believe disclosure is necessary” as well as “potential buyer[s] … in connection with any proposed purchase, merger, or acquisition”.

Users’ personal data is stored on servers in the European Economic Area, but Audacity says that it is “occasionally required to share your personal data with our main office in Russia and our external counsel in the USA”. It says that personal data “receives an adequate level of protection in accordance with the GDPR.”

Audacity also forbids users under the age of 13 from using it. “If you are under 13 years old, please do not use the App”, the new terms and conditions state; however, this appears to be in conflict with its GPL license, which states that software must be available for free to all users.

Muse Group, which purchased Audacity in May 2021, did not respond to a request for comment from The Independent before time of publication.

“It is no wonder that the latest update is being likened to spyware with the volume of data being acquired from customers. The recent sale of the software highlights how customer data is increasingly more important to software owners and it reflects the true business model of many companies”, Jake Moore, Cybersecurity Specialist at global cybersecurity company ESET, told The Independent.

“When they share, analyse and profit from personal data collection, companies take a gamble that they will only lose a small number of accounts owned by privacy conscious users. The more people realise how important it is to keep limit the sharing of their sensitive information, the more companies will be forced into thinking twice when taking such data.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in