The brouhaha started just a few months ago when Audacity was bought by the Muse Group, the company behind equally popular music software like MuseScore, which is also open source, and Ultimate Guitar. So far, Audacity remains open source (and can’t really be changed into proprietary software in its current form), but that doesn’t mean that Muse Group can’t do some pretty damaging changes. Those changes come in the form of the new privacy policy that was just updated a few days ago, a policy that now allows it to collect user data.

As a desktop application with no core online functionality, Audacity never had any need to “phone home” in the first place. Now the privacy policy says that the new company does collect data and does so in a way that’s both over-arching and vague, most likely by design. For example, it says that it collects data necessary for law enforcement but doesn’t specify what kind of data is collected.

There are also questions regarding the storage of data, which is located in servers in the USA, Russia, and the European Economic Area. IP addresses, for example, are stored in an identifiable way for a day before being hashed and then stored in servers for a year. The new policy also disallows people under the age of 13 from using the software, which, as FOSS Post points out, is a violation of the GPL license that Audacity uses.