• wewbull@feddit.uk
    link
    fedilink
    English
    arrow-up
    60
    ·
    9 months ago

    I thought audacity was tarnished with spyware or something these days. Is it safe again?

    • xor@infosec.pub
      link
      fedilink
      English
      arrow-up
      95
      ·
      9 months ago

      after looking into it:
      it’s not and it never was.
      a) it’s open source, so nobody’s putting that shit in there without getting caught
      b) it had an opt-in error reporting feature that would send data back… that was the entire thing…

      • drislands@lemmy.world
        link
        fedilink
        English
        arrow-up
        26
        ·
        9 months ago

        What? You must be joking. Really? The entire thing was about opt-in error reporting?

        … seriously, that can’t be it, can it?

      • books@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        9 months ago

        Point a has always me me wonder, is that accurate? Are there actually people going through the code to make sure open source isn’t malicious? I can barely read my coworkers code… Let alone a strangers.

        • xor@infosec.pub
          link
          fedilink
          English
          arrow-up
          6
          ·
          9 months ago

          people are definitely going through the code on a project as popular as audacity…
          less well known stuff is much less scrutinized, of course

        • aidan@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          Its way less work than going through the code to check for telemetry unless it is an intentionally hidden attack- just use Wireshark and check if there is network traffic other than checking for an update on program start.

        • lemmeee@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          If a project is popular people will make changes to it every day. But you can look at the repo and judge for yourself.

    • InfiniWheel@lemmy.one
      link
      fedilink
      English
      arrow-up
      72
      ·
      9 months ago

      It was a pull request to add opt-out analytics that got blown out of proportion, where the real issue was the EULA and how tonedeaf of a move it was considering the community around Audacity. IIRC, they ended up replacing it with opt-in analytics.