Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn’t malicious? I can barely read my coworkers code… Let alone a strangers.
Comment on Audacity adds AI audio editing capabilities thanks to free Intel OpenVINO plugins
xor@infosec.pub 9 months agoafter looking into it:
it’s not and it never was.
a) it’s open source, so nobody’s putting that shit in there without getting caught
b) it had an opt-in error reporting feature that would send data back… that was the entire thing…
books@lemmy.world 9 months ago
xor@infosec.pub 9 months ago
people are definitely going through the code on a project as popular as audacity…
less well known stuff is much less scrutinized, of courseaidan@lemmy.world 9 months ago
Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.
lemmeee@sh.itjust.works 9 months ago
If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.
doctorcrimson@lemmy.world 9 months ago
That’s not entirely true, Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.
xor@infosec.pub 9 months ago
i don’t believe you
doctorcrimson@lemmy.world 9 months ago
And thats fair, you should always do your own research and make your own informed decisions.
drislands@lemmy.world 9 months ago
What? You must be joking. Really? The entire thing was about opt-in error reporting?
… seriously, that can’t be it, can it?
eager_eagle@lemmy.world 9 months ago
Not really, it was an apparent change to the privacy policy that vaguely anticipated collection of arbitrary user data, which shook the confidence of the open source community on the project. The fact this happened right after audacity was sold was the cherry on top.
github.com/audacity/audacity/issues/1213
Changes were eventually reverted.
doctorcrimson@lemmy.world 9 months ago
Were they? I’ll have to check later, but an official statement from Muse Group stated they provided the data they collected to third parties so idk. If the telemetry is still there then I’m not downloading it, Open Source projects generally don’t need telemetry to begin with.
xor@infosec.pub 9 months ago
yep… really just that…
i’ve used it forever with a very restrictive firewall and i’ve never seen it do anything unexpected… or any phoning home at all…
doctorcrimson@lemmy.world 9 months ago
in 2021 Audacity was acquired by a company called MuseGroup who added unnecessary telemetry and they admit that they do provide the data the collect to third parties. It’s spyware as far as I’m concerned.
StereoTrespasser@lemmy.world 9 months ago
If opt-in telemetry is spyware then the FOSS community truly is off the rails.
doctorcrimson@lemmy.world 9 months ago
If it was truly opt in, then why did the community feel the need to create forks removing the telemetry? Plus, a lot of FOSS don’t need telemetry to start with. They get tons of voluntary high quality feedback without automated collection.
Klear@sh.itjust.works 9 months ago
I’ve read this exact or very similar comment from you for the fourth time at least. You’re a spambot as far as I’m concerned.
doctorcrimson@lemmy.world 9 months ago
Lmao
Pot says the Kettle exagerates.