Made a video on this topic with some more discussion for those who do not like reading:
DISCLAIMER: This post is an example from current events in the News to bring a real world relationship. There is no evidence Audacity is collecting any data as of this post. The privacy policy changed, and decided to use it for an example.
I loved Audacity. This post in no way is meant to make Audacity look bad.
On the other hand the Privacy policy is vague and included mention of merger/sale. My recommendation is: be more explicit.
Take a look at your Desktop and/or interface. Be it MATE (desktop/laptop), Phosh (Pinephone/Librem), or KDE. We use several buttons/shortcuts to programs everyday.
Some of these need the internet.
Some do not.
Have you minimized access to programs who do not need the internet?
Did you know some programs secretly "call home" and share data/your ip address with 3rd parties (sometimes sold)?
The most ideal setup is one which is restricted wherever possible, but not up to the point where your setup becomes unusable.
Here we are going to use a Hot Off the Press News example to demonstrate how to restrict networking only to those programs requiring it (such as web browsers, encrypted messengers, etc).
Other applications like VLC Media player, GIMP (image manipulation), and Libre Office do NOT need ANY networking for full functionality.
So why do we allow it?
Because this is default behavior, we accept it.
We are going to change that today.
We can go through and edit each shortcut to EASILY block network access for every single shortcut/button for programs who do not require internet access.
This can block/prevent not only personal data sale, but also potential backdoors from communicating.
This is really important.
I want you to go through every single shortcut and decide if it needs the internet or not. Don't worry, you can always change it back later if it harms functionality. But for the programs unaffected, this will prevent your personal data from leaving via their execution.
Next we are going to look at a real world example with this EXACT issue.
I then want you to go through each and every shortcut and decide/edit it to block access to those where it is not necessary for a program to reach the internet.
EXAMPLE USING LINUX CURRENT EVENTS
(This example is a real/current problem, follow/fix this!):
Do you minimize network access only to programs which need it to function?
I have to admit, I really like using Audacity.
Those subscribed to my channels might remember my video "Your Computer Speakers Can Act As Remote Listening Devices." There I tuned into frequencies coming from my laptop, discovered my speakers were acting as a remotely transmitting microphone anytime I had sound playing from my laptop speakers (I was able to demonstrate this 15 feet away: with a more sensitive device, through walls would not be hard to imageine [see: rf retro reflecting]).
After which, I demonstrated how to remove the static from the radio signal recordings using Audacity.
It is a very nice program.
https://tube.tchncs.de/videos/watch/7abf9e1b-2971-4408-8ba4-422c666a0ef0
And also here:
https://www.youtube.com/watch?v=bK-CcnfP_ws
To anyone who has been paying attention lately, the highly popular audio editor, Audacity was recently acquired by a private company (Muse).
What this means for the long term future of Audacity, is still somewhat unknown...
Although we are starting to feel some abrasions.
Not long ago a new data google collection/analytics announcement was snuck into Audacity under this new ownership. The outcry was far reaching: https://www.msn.com/en-us/money/other/audacity-reverses-course-on-plans-to-add-opt-in-telemetry-after-outcry/ar-BB1gOOlS
After much rebuttal, this plan was scrapped.
However, there is a new equally concerning Audacity Privacy Policy.
In this new Privacy Policy there are clear implications for users and data collection.
Why we collect it Personal Data we collect Legal grounds for processing
β’ App analytics
β’ Improving our Appβ’ OS version
β’ User country based on IP address
β’ OS name and version
β’ CPU
β’ Non-fatal error codes and messages (i.e. project failed to open)
β’ Crash reports in Breakpad MiniDump formatβ’ Legitimate interest of WSM Group to offer and ensure the proper functioning of the Appβ’ For legal enforcementβ’ Data necessary for law enforcement, litigation and authoritiesβ requests (if any)β’ Legitimate interest of WSM Group to defend its legal rights and interests
Minors
The App we provide is not intended for individuals below the age of 13. If you are under 13 years old, please do not use the App.
Who does Audacity share your Personal Data with?
We may disclose the Personal Data listed above (your hashed IP address) to the following categories of recipients:
to our staff members. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose.
to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, or (ii) to exercise, establish or defend our legal rights;
to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose.
to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Notice;
to any other person if you have provided your prior consent to the disclosure.
THE FIX:
Thankfully we have the tools at hand to remedy data collection. One such tool is Firejail.
If you love Audacity and aren't ready to give it up, there are a few options for you.
You could:
A.) hold back Audacity updates in your package manager.
Or
B.) use Firejail to restrict Audacity's access to the internet, which will completely cut off it's ability to share your personal data.
C.) Use Bubblewrap sandboxing as another (non SUID sandbox)
D.) Run Audacity inside a network restricted Virtual Machine
E.) Run Audacity inside Whonix, Tor Router, or use torify command on your shortcut
Example Command for E:
sudo torify audacity
For option B use this command to open Audacity while restricting networking:
firejail --net=none audacity
(You can also optionally use --private to further compartmentalize the program)
F.) Run Audacity in flatpak restriction:
sudo flatpak override --unshare=network org.audacityteam.Audacity
G.) Run an older version of Audacity or use this current Telemetry/Privacy protecting fork:
Audacity Fork: https://github.com/cookiengineer/audacity
SHORTCUT EDITING:
Now replace the exec= line on all shortcuts for your devices. Be it: Linux Laptop or Pinephone or Pinebook or Pinetab, or otherwise.
If you have a Pinephone or other .desktop Linux shortcut, this means editing the Exec= line to show:
Exec=firejail --net=none audacity
line inside that .desktop file.
Example line inside
Your shortcut files may be found in .local or at /usr/share/applications.
Example Shortcut/Button directory location (each application has its own .desktop file):
/usr/share/applications/
Or:
~/.local/share/applications
You can use this same option (firejail --net=none) for ALL apps on your system which do not require networking to protect yourself from needless data collection/backdoor communication.
Now go through all your other programs and their corresponding shortcuts .desktop files. Block internet access to ALL programs which do not need the internet to prevent them from sending your data, or worse yet, communicating via backdoor.
Thank You For Sharing Any Posts You Find Helpful/Useful/Interesting
Thank you for reading/watching/comments. :)
Share with friends/family/social media.
Thank You to everyone who takes the time to Share and/or Support my videos. As all my channels/pages are completely demonetized, Sharing and/or Support/donation motivates/helps me continue (many hours can go into each video + cover: if you can simply repost/share my videos, it really helps; It is an uphill battle getting YT/other site algorithms to promote real privacy protecting content.
I believe in what I am doing: and I'm generally not here sell anyone anything at all (but do appreciate any support), but... if interested in more info on Training/Consulting, Nextcloud as Tor Hidden Service + WiFi Onion Tor Routers, or additional ethical Support, send an email.
Thank you for Sharing. I appreciate you.
----------------------------------------------------------------------
π§
π ANONYMOUS GITEA (.onion): Books, Code/Scripts, Wiki, more (make a repository)
π§
π PASTEBIN (.onion): options- password protect, zk-256bit, "Burn After Reading" + more
----------------------------------------------------------------------
π π€ SUPPORT OPTIONS (If you like to)
π EXTRAS: (bonus offers / support). Support here offers something in return.
π²CASHAPP: $HumanRightsTech
βππ Politictech Membership (monthly coffee supporter option + extra access)
π³ Politictech Main Page: (info + lists current BTC/Crypto address)
----------------------------------------------------------------------
FOLLOW:
βπMASTODON
π¦ TWITTER
πΊ π PEERTUBE
πΊ π BITCHUTE
πΊ π ODYSEE
πΊ π YOUTUBE
---------------------------------------------------------------------
β CONTACT
-------------------------------------------------------------------------
THANK YOU for Sharing this, Liking, and Subscribing.
-------------------------------------------------------------------------
If you aren't registered for Odysee I'd love to see you over there.
Use my invite link: https://odysee.com/$invite/@RTP
--------------------------------------------------------------------------
Relevant Links:
Audacity Audio Editor: https://www.audacityteam.org
Firejail: https://firejail.wordpress.com/