Free music editor Audacity will now collect and send your personal data to Russia and other ‘third parties’
IP addresses will be ‘stored in an identifiable way’ for 24 hours, the company’s new terms and conditions state
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Popular free audio editing tool Audacity has quietly updated its terms and conditions so that it can sell user data to third-party companies and share it “with our main office in Russia”.
The update, which happened on 2 July 2021, means that Audacity will now collect information about users’ operating system, their country (through their IP address), their CPU, and any other data “necessary for law enforcement, litigation and authorities’ requests”.
For “a calendar day”, IP addresses will be “stored in an identifiable way” before being hashed or made anonymous; however, an unencrypted address could be a pathway to finding a users’ name, phone number, and address, the geolocation of the computer, and in some cases further personal characteristics including “political inclinations, state of health, sexuality, [and] religious sentiments”, according to a study conducted in 2013 by the Office of the Privacy Commissioner of Canada.
Audacity will share this personal data with its staff and law enforcement and government agents, or “other third party where we believe disclosure is necessary” as well as “potential buyer[s] … in connection with any proposed purchase, merger, or acquisition”.
Users’ personal data is stored on servers in the European Economic Area, but Audacity says that it is “occasionally required to share your personal data with our main office in Russia and our external counsel in the USA”. It says that personal data “receives an adequate level of protection in accordance with the GDPR.”
Audacity also forbids users under the age of 13 from using it. “If you are under 13 years old, please do not use the App”, the new terms and conditions state; however, this appears to be in conflict with its GPL license, which states that software must be available for free to all users.
Muse Group, which purchased Audacity in May 2021, did not respond to a request for comment from The Independent before time of publication.
“It is no wonder that the latest update is being likened to spyware with the volume of data being acquired from customers. The recent sale of the software highlights how customer data is increasingly more important to software owners and it reflects the true business model of many companies”, Jake Moore, Cybersecurity Specialist at global cybersecurity company ESET, told The Independent.
“When they share, analyse and profit from personal data collection, companies take a gamble that they will only lose a small number of accounts owned by privacy conscious users. The more people realise how important it is to keep limit the sharing of their sensitive information, the more companies will be forced into thinking twice when taking such data.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments