Many people accept that free software tends to protect your privacy better than proprietary alternatives, but they may not understand why that is. This week’s news about the Audacity project adding telemetry and the public outcry is a perfect test case to explore why free software means better privacy. If you haven’t been following the story, this piece in The Register provides a good summary. In short, Audacity (audio editing software) published a pull request to add telemetry about their users as an opt-in feature to a future release. The free software community largely balked at this change and started a debate over the change inside the pull request.
To better understand why free software protects your privacy more than proprietary software, let’s contrast a few key points in this story with how it would play out with a proprietary counterpart.
Thanks for calling out the inportance of opt in vs opt out, something so simple yet very powerful.
I didnt read the entire converstation, but wish if analytics were used that there would be a reason why options like Plausible werent chosen. If there is a need for analytics I hope to see companies move towards privacy respecting options.
as an additional explanation to the potential vast majority of our readers out there - Hello world !!! - (who may not have an account on forums/Purism) what this means is that if they (the Audacity devs/contributors) DECIDE to add such ‘features’ to the code-base then free-software - on the virtue of being LIBRE (free as in liberty but not necessarily ‘free’ of resources that need to be put into developing and maintaining and advancing the code base with quality code) - means that each person from the PUBLIC CAN READ AND MODIFY the source-code (written and distributed by devs/contributors through the internet) that concerns this particular issue - ON AN INDIVIDUAL BASIS or a community fork - (maybe people that WANT to send ‘telemetry’ back to the ‘company’ can see it and NOT touch the offending code in any way or even ENABLE the telemetry-code themselves)
there is ofc a discussion to be had still on the merits of being FOR (Aye) this issue but largely i believe there is enough literature out there for anybody interested in following Alice down the Rabbit hole …
so how do you recognize such ‘offending-code’ IF it gets added (by mistake or intentionally) in the source-code that accompanies free-software (usually by virtue of the GPL license as released by the GNU/FSF) ?
i would ask if there are any developers / contributors out there that would like / KNOW how to answer this question in an easy to understand manner for the masses …
just try your best to reveal to the GENERAL audience WHAT would they look FOR once they have the source-code open inside a text-editor ( could be Nano, Gedit, Vi/Vim, Emacs, etc. there are so many out there …) and how would they search for the ‘offending-code’ …
One problem I have with opt in is that it is usually phrased as a way for the user to help maintain the software, not as “can we target you?”. User who loves program is obviously going to say, “Yes! Let’s keep great program great!”
Anything proprietary is sort of like magic pipe (a tool for herding) that Pied Piper of Hamelin used to lure lemmings over the cliff or down into the river.
Thanks, Kyle, for doing this post. It’s another one I can forward to people who aren’t sure why software libre/free software is such a great thing. I use Audacity myself, so this affected me directly. If the Audacity developers want to get some feedback on usage, they could do it as follows. Have an opt in for Audacity to collect stats in a plain text file or other human-readable format like XML. Every month or so point you to the stats file and ask you to upload it via a browser to their site (with a common URL, not some tracking URL). Since it’s a text file, you can inspect it (and edit it) before you send it. Anything happening behind the scenes is suspect and risky, and an upload-it-yourself scheme eliminates the need to add networking code bloat to Audacity.
If (Audacity) used a self-hosted Matomo I’d be perfectly fine opting-in.
Matomo, formally Piwiki, is meant to be a drop-in replacement for GA and even allows importing to make transitioning easier. It’s also under the GPLv3.
I understand that it’s a pretty complex piece of software that competes with large companies that have millions of dollars backing their products. Having a few usage metrics can be incredibly valuable for figuring out what’s actually used and how.
If they interpret the data correctly and correctly fill in the gaps for, likely advanced or GNU/Linux & *BSD, users who likely never opt-in, then it might become easier to use for newcomers and novices.
or they could set up a system that does this by way of ‘mailing-list’ type functionality without requiring java-script or cross-site embeded elements to run amok and wreak havok on user privacy.
they seem to be on the right track as alternatives to GitHub and GitLab > https://sourcehut.org/
it’s fast, minimal and employs the older concept of ‘contributions’ as is still the case with Emacs development.
you could practically use it directly with eww in Emacs without needing a proper www browser.
email is still operable we just need to bring it up to speed with modern times and requirements/integrations.