Audacity: Is YOUR computer's data safe?
I’ve been pretty fascinated by this whole situation.
My Dad was the go to tech person in our school district when I was growing up, so when it comes to talking about data, it’s something I’m really comfortable with.
I’m not a data security expert, BUT based on what I already know plus a bunch of research over the last couple days… the video is UP and there is really important info here.
Time stamps below the intro.
The big news on everybody’s lips is AUDACITY and what their new terms of service means your computer’s security. Should you Save it or Trash it? And WhatShould REALLY be the takeaway this teaches us? And how can you protect yourself? Finally, we’ll end on an upnote, and I’ll share how you can keep your podcast on the free internet? I’ll tell you about the website that will get you set up on the Podcast 2.0 database.
Disclaimer: This is my opinion based on an interpretation of facts. Do with it what you will.
Audacity’s No Good Very Bad Day
This weekend Audacity updated their terms of service and it set podcast users of the open source Digital audio Workspace up in arms. “It’s Spyware” read one website, a headline which has quickly gained momentum and dominated headlines since.
Audacity users had already been huffing since May when Muse, the group which recently bought it out, attempted to set up Google Indexing and “Yandex” to track and analyse events in Audacity. Before backing on it’s plans. They also backed off from adding “basic telemetry” to the app, which set off the ire of users. Red flags had already been raised before this came up.
So, is this fear all the huff? Should you Save it? Or Trash it?
What does the Agreement Say?
First, lets take a look at the agreement There are a few things here:
Things like data for crashes, OS types etc.. and “Data necessary for law enforcement, litigation and authorities’ requests (if any)”. It then calls it “personal data” in the section of who it shares it with.
That statement is one that has left folks a little concerned. What kind of data? What does this mean??
And.. it mentions it’s head office in Russia is where it’s kept. Which.. is definitely eye raising. Not to mention one of the most concerning elements at play here.
Alright, how do they get this data? Are they going to take our recordings?
To investigate this, we need to look at the kind of information our computer sends into the world, and how we are tracked online. Starting with our IP address, which is what tells the world where our exact computer is in the world at that exact moment.
How does an IP work
Lets look at what an IP address is and how it works.
Lets imagine you want to go want go on vacation, in the days before internet. You would go to a travel agent who would make the connection to book flights, hotels etc. Computers connecting to the internet act the same way. To connect, they need to contact different gatekeepers, essentially. Just like you travel agent, when they send mail, they include a return address.
So as your computer is connecting you to different website, etc.. it’s communicating and signing with it’s return address..
Your IP. That IP is connected to where you live.
But it’s important to know, they don’t know exactly where you live. They know where your Internet Service Provider Lives. And that’s about all the ISP tells us about you personally. And your Computer is sharing it’s IP to yoru travel agent, your ISP, and then they’re talking to the resort, sharing their IP as your return address.
EVERY TIME they go to a website, they’re sharing your IP address.
So Before you say, how dare you Audacity, you have to ask yourself: Were you upset when logged on to check your email this morning that your email provider was given your IP?
So, lets accept that your IP is being share all time.
But what kind of data can they collect? Can they do this if they don’t know our exact IP?
Well, your IP really is the gateway for your computer to share information. And it’s not something you want hackers to get ahold of because they can then control your computer etc. But as we learned above, it’s not exactly hard to find. ,
What is hard to do is to collect your audio. Think about this:
If you are someone who currently records, have you ever moved your file somewhere else after recording? What happens when you re-open that DAW? It can’t find it. Audacity is not a cloud based app. So they do no have have access to the source files for your program. They’re not stored in the program itself. It’s frankly too much data. That being said, it may still feel uncomfortable to you this is being shared. That’s valid.
Now, lets take look at what OTHER companies are doing.
How companies collect and communicate IP address sharing
First, is it legal for companies to access your IP? Yes.
Do most companies have a data policy? Yep you bet
Audacity is NOT alone. In fact, they’re late to the game. In fact, as one example, Discord has a nearly identical statement about disclosing the information if required by law.
Almost every company has a policy for sharing their data, what kind of data they keep and for how long. For Audacity , it specifies that it will keep track of your IP addresses for one day, in a form of data encryption called Salt, which is contained within another layer of data encryption known as Hash, which is kept for one year. Then it also share WHO it is sharing with(we’ll come back to this). These are long and overly complicated policies that, in a NY Times in depth report on these policies, noted that “a vast majority” were beyond a College reading level.
It’s confusing. You’re not stupid. And you are right to be looking closer at these documents.
From Twitter, to Discord, Google to Amazon, your Internet Service Provider is sharing that IP. Leaves you feeling a bit uncomfortable eh? This isn’t exactly good news…
Is this Spyware?
Lets jump back a bit to the article that claimed that Audacity was spyware. Before I share my Trash it Save it and some solutions.. Lets clear that up quickly.
Thanks to Daniel J Lewis who simply shared the definition of spyware.
Sorry folks, the whole definition of spyware is that you don’t know it was installed on your computer.
They spelled it right out for you. That’s not spyware.
Save it Trash it
So.. Do we Save it Or Trash It?
Friends… we’re going to Save it.
But.. with a couple options for what to do next.
and a warning…
1.Accept your fate: Your IP address is public knowledge across the internet. Suck it up(I kid- there are better options)!)
2. Choose another Audacity clone. Because Audacity is open source, anyone can create the program themselves if they have the resources. Dark Audacity is one such version. Be aware, nothing is stopping Dark Audacity to do this eventually too. And there are already conversations of an Audacity “fork”, essentially allowing a division of the program. One route that continues past today from the no data culling version and one that does, which Muse owns.
3. Don’t update your current version, thus not accepting the new terms of service.
4. Use the opportunity to explore OTHER DAWS. Trust, there is so much you can do with your show in other DAWS. Part of the journey of a producer is trying out new things. Free DAWS still exist, like Pro Tools Lite, Ableton Lite, or the free trial of bargain basement priced Reaper at $65 for life. Or get to know a paid DAW like Audition or Hindenburg,
5. If you REALLY want to protect yourself, set up a VPN for your IP. And set up a firewall for your computer. These will hide your identity and keep ANY websites from tracking what you are doing on the internet. This is the best option and the only one that will really protect you. Click here for a great article on options for your internet safety
6. Your last option is to quit the internet all together. And I’m guessing that isn’t why you’re creating a podcast.
Below all those options would have been the option to trash Audacity. Because I would need to trash Google while I was at it. And I still need to check my emails.
Our new reality in cyber data
These days cyber attacks are something we should all keep in mind as a possibility moving forward, so lets use this lesson as a wake up call to our options for real internet privacy.
THIS is the true take away here.
INSTEAD of cancelling Audacity for doing this.
It’s not going to make your IP safer.
A warning: There is one reason I DO think we should be concerned and frankly.. it’s the Russian ties.
After the election controversies, the one very legitimate concern here is that we’re dealing straight away with a company with a base in Russia. While it’s not weird to have data out there, it’s totally fair to question whether you want this to be tied to a country that tried to overthrow our elections.
This is not a political blog, so going deeper isn’t quite appropriate.
Is this why you’re saying, I want out? If it is, I don’t blame you.
What this new SHOULD be alerting us to
Let’s be honest… we are not doing enough to protect our computers. Whatever DAW you use(I use multiple-and per client request have learned Audacity for teaching purposes), you should be protecting your identity online.
If you’re concerned about using Audacity, it likely means you AREN’T yet. And yet you SHOULD be.
If you want to delete the program, I say go for it!
But please.. also set up your VPN and a firewall so that NOBODY is getting access to your data.
Lets end on a postive note today with a plug for Podcast 2.0
The initiative from the “Pod Father” to reclaim our freedom on RSS continues. If you want to submit to the Podcasts Index it’s easy. Go to http://www.thepodcasthost.com and join the movement.
Want to read more? No problem, check out my backlog of article at http://www.grittybirds.com
Friends don’t let friends sit a lone at the lunchtable! Come join our community of podcasters over at The Podcasters Forum’s Free Facebook community. See you there!