PR #835: Basic telemetry for the Audacity

Feedback and bug reports for Audacity 3.0.3 alpha
Forum rules
This forum is only for feedback and bug reports for the specified version of Audacity.

All bug reports must include the following information:
  • Exact version number of Audacity
  • Operating system version
  • Brief description of the problem
  • Detailed, step by step instructions for how to reproduce the problem
Bug reports that do not include the above information will be deleted

Additional information and / or screenshots should be included as necessary to adequately describe the problem.
steve
Site Admin
Posts: 81361
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: PR #835: Basic telemetry for the Audacity

Post by steve » Sun May 09, 2021 7:18 pm

jahway603 wrote:
Sun May 09, 2021 7:12 pm
Audio applications do not use network functionality.
It's a different issue, but we have lots of requests for features such as "automatic update", "export to cloud", "collaborative projects", which require network functionality.

We have previously steered away from such features, largely because we've never had the resources to invest in the necessary security hardening that they would require.
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)

jahway603
Posts: 18
Joined: Sun May 09, 2021 12:04 am
Operating System: GNU/Linux other

Re: PR #835: Basic telemetry for the Audacity

Post by jahway603 » Sun May 09, 2021 7:24 pm

steve wrote:
Sun May 09, 2021 7:14 pm
jahway603 wrote:
Sun May 09, 2021 7:00 pm
As-it-is right now, the code is using Google and Yandex, which is totally unacceptable.
For sake of argument, how would you feel if the data being transferred was encrypted so that although Google / Yandex have the IP address (which they can probably get from elsewhere anyway), they have no way to associate the IP with the data that is being sent, and the data, stripped of anything that could help de-anonymise (such as time sent/received) is made public domain?
I think it's very clear from my other posts as well as the massive amounts of comments at Audacity's GitHub PR #835 that I am not the only user that does not want telemetry in Audacity or in any other piece of software they use. The fact that this is even being debated right now after the massive opposition to it is just going to push a large part of the Audacity community away which hurts the community as a whole.

jahway603
Posts: 18
Joined: Sun May 09, 2021 12:04 am
Operating System: GNU/Linux other

Re: PR #835: Basic telemetry for the Audacity

Post by jahway603 » Sun May 09, 2021 7:32 pm

steve wrote:
Sun May 09, 2021 7:18 pm
jahway603 wrote:
Sun May 09, 2021 7:12 pm
Audio applications do not use network functionality.
It's a different issue, but we have lots of requests for features such as "automatic update", "export to cloud", "collaborative projects", which require network functionality.

We have previously steered away from such features, largely because we've never had the resources to invest in the necessary security hardening that they would require.
I will be polite, but that makes me *cringe*.

But on a good note, I am very grateful to have been a long term Audacity user. It's a great application.

Now I get that not everyone installs software thru their Linux package manager (I don't have Win/Mac), but that is how most, if not all, of the Linux users update all the software on their system, so Audacity is always updated for that userbase.

I would argue that keeping software updated is solely an operating system function, which already exists, so it would definitely be out of scope for an audio application. I'm happy that it does audio very well & that it does it without using the interwebz. Again, some of ya'll want a web browser in your audio application and that would just slow it down - let's keep it purely audio :)

steve
Site Admin
Posts: 81361
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: PR #835: Basic telemetry for the Audacity

Post by steve » Sun May 09, 2021 7:39 pm

jahway603 wrote:
Sun May 09, 2021 7:24 pm
does not want telemetry in Audacity or in any other piece of software they use
OK, thanks. I'll count that as a vote for "no telemetry at any price".
jahway603 wrote:
Sun May 09, 2021 7:32 pm
I would argue that keeping software updated is solely an operating system function
I would agree
jahway603 wrote:
Sun May 09, 2021 7:32 pm
which already exists
On Linux only, (unless we offload to a third party update service, which would be much worse than doing it ourselves imo).
The vast majority of Audacity users are on Windows 10.
jahway603 wrote:
Sun May 09, 2021 7:32 pm
Again, some of ya'll want a web browser in your audio application
Really? Where did you see that?
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)

jahway603
Posts: 18
Joined: Sun May 09, 2021 12:04 am
Operating System: GNU/Linux other

Re: PR #835: Basic telemetry for the Audacity

Post by jahway603 » Sun May 09, 2021 8:15 pm

steve wrote:
Sun May 09, 2021 7:39 pm
jahway603 wrote:
Sun May 09, 2021 7:32 pm
which already exists
On Linux only, (unless we offload to a third party update service, which would be much worse than doing it ourselves imo).
The vast majority of Audacity users are on Windows 10.
jahway603 wrote:
Sun May 09, 2021 7:32 pm
Again, some of ya'll want a web browser in your audio application
Really? Where did you see that?
Fair enough, there's a free package manager solution for Win10 people called "Chocolatey". There's even another member of the community already maintaining a Chocolatey Audacity package. The Win10 userbase could use the Chocolatey GUI version (or you can run it at the command line too, choco install audacity). This solution then does away with having to put "auto update" code into Audacity (less code is good) as this Win10 package manager would take care of that. Honestly, I'm iDumb when it comes to Macs as I don't ever use them, but I do remember a friend telling me about brew.sh, so that might be the Mac solution.

Well I used a web browser as an example as it's a piece of software which everyone has used before and is familiar that it connects to the internet. Web browsers have some of the largest attack surface when it comes to a system, so it is an exaggeration on my part. I'll clarify and say currently Audacity is only an "audio application" but that this PR is turning it into an "audio application which gives someone else data about you", so while it may not be an actual "web browser" it using the internet and your network where-as it was not doing this as JUST an "audio application" before PR #385.

steve
Site Admin
Posts: 81361
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: PR #835: Basic telemetry for the Audacity

Post by steve » Sun May 09, 2021 8:21 pm

jahway603 wrote:
Sun May 09, 2021 8:15 pm
there's a free package manager solution for Win10 people called "Chocolatey".
Do you trust them? What guarantees do you have that your data is secure with them?
I doubt that we could officially endorse them as they are a private company using closed source software which we cannot audit.
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)

jahway603
Posts: 18
Joined: Sun May 09, 2021 12:04 am
Operating System: GNU/Linux other

Re: PR #835: Basic telemetry for the Audacity

Post by jahway603 » Sun May 09, 2021 8:31 pm

steve wrote:
Sun May 09, 2021 8:21 pm
jahway603 wrote:
Sun May 09, 2021 8:15 pm
there's a free package manager solution for Win10 people called "Chocolatey".
Do you trust them? What guarantees do you have that your data is secure with them?
I doubt that we could officially endorse them as they are a private company using closed source software which we cannot audit.
I do trust them as their source code is on Github here with it being currently maintained and the earliest version release of Dec 12, 2013. Good thing it is open source so now you could audit it if you wanted to. And here's that GUI too.

steve
Site Admin
Posts: 81361
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: PR #835: Basic telemetry for the Audacity

Post by steve » Sun May 09, 2021 10:27 pm

jahway603 wrote:
Sun May 09, 2021 8:31 pm
Good thing it is open source so now
Yes, nice that they are open source now.
I wonder how they pay for all the bandwidth for their "free" package downloads. Perhaps I'll do a bit of digging.
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)

steve
Site Admin
Posts: 81361
Joined: Sat Dec 01, 2007 11:43 am
Operating System: Linux *buntu

Re: PR #835: Basic telemetry for the Audacity

Post by steve » Sun May 09, 2021 10:43 pm

steve wrote:
Sun May 09, 2021 10:27 pm
I wonder how they pay for all the bandwidth for their "free" package downloads.
Hmm, unless you have more recent information, it looks like they leech bandwidth from other organisations: https://www.reddit.com/r/sysadmin/comme ... stop_with/
9/10 questions are answered in the FREQUENTLY ASKED QUESTIONS (FAQ)

Post Reply