1---
  2title: "Audacity and the telemetry pull request"
  3author: ["Amolith"]
  4cover: ./cover.png
  5lastmod: 2023-01-27T13:00:37-05:00
  6tags: ["Open source culture", "Audio editing", "Music", "Drama"]
  7categories: ["Technology"]
  8draft: true
  9---
 10
 11Five days ago at the time of writing, [Dmitry Vedenko](https://github.com/crsib)
 12opened a Pull Request (PR) in [Audacity's GitHub
 13repository](https://github.com/audacity/audacity/pull/835) entitled [_Basic
 14telemetry for the Audacity_.](https://github.com/audacity/audacity/pull/835)
 15About two days later, all hell broke loose. That PR now has over 3.3 thousand
 16downvotes and more than one thousand comments from nearly 400 individuals. I
 17started reading the posts shortly after they began and kept up with them over
 18the following days, reading every single new post. I recognise that few people
 19are going to feel like wading through over 1k comments so this is my attempt to
 20provide a summary of the PR itself using the community's code reviews along with
 21a summary of the various opinions conveyed in the comments.
 22
 23When I reference comments, I'll provide a footnote that includes a link to the
 24comment and a link to a screenshot just in case it's removed or edited in the
 25future.
 26
 27## Audacity's acquisition
 28
 29I haven't been able to find _much_ information in this area so forgive me if I'm
 30scant on details.
 31
 32On 30 April, a company called [Muse Group](https://mu.se/) acquired
 33[Audacity.](https://www.audacityteam.org/) According to [their
 34website](https://mu.se), Muse is the parent company behind many musical
 35applications and tools. It was founded by Eugeny Naidenov just days before it
 36acquired Audacity. Before all of this, Eugeny Naidenov founded [Ultimate
 37Guitar](https://www.ultimate-guitar.com/) (UG) in 1998. The service grew rather
 38quickly and now has over 300 million users. UG acquired [Dean Zelinsky
 39Guitars](https://deanzelinsky.com/) in 2012, [Agile
 40Partners](http://agilepartners.com/) in 2013,
 41[MuseScore](https://musescore.org/) in 2017, and
 42[Crescendo](http://trycrescendo.com/) in 2018. Muse Group was established in
 432021 and it seems as if all of the services UG acquired were (or will be)
 44transferred to Muse Group, as well as UG itself. Immediately following its
 45establishment, Muse not only acquired Audacity but also
 46[StaffPad.](https://www.staffpad.net/)
 47
 48I say 30 April because that's when Muse published their [press
 49release](https://mu.se/newsroom/tpost/6dhedma301-muse-group-acquires-audacity-expanding-c)
 50and when Martin Keary (Tantacrul) published a video entitled [_I’m now in charge
 51of Audacity. Seriously._](https://www.youtube.com/watch?v=RMWNvwLiXIQ) According
 52to his comment,[^fn:1] Martin will help with proposing Audacity's roadmap and
 53many of its future features as well as working with the community. This has been
 54his role with MuseScore since he joined that project and he will be continuing
 55it here.
 56
 57`-----BEGIN PERSONAL OPINION-----`
 58
 59Looking at [his website,](https://www.martinkeary.com/) I also suspect he will
 60play a large role in redesigning Audacity's interface. Considering that he was
 61instrumental in designing [the best mobile interface I've ever had the absolute
 62pleasure of experiencing,](https://www.martinkeary.com/#/ubuntu-touch-os/) I
 63have high hopes that this is the case.
 64
 65`------END PERSONAL OPINION------`
 66
 67## Telemetry implementation
 68
 69### Implementation Basics
 70
 71A few days after the acquisition, a PR was opened that adds _Basic telemetry for
 72the Audacity_. This implementation collects "application opened" events and
 73sends those to Yandex to estimate the number of Audacity users. It also collects
 74session start and end events, errors for debugging, file used for import and
 75export, OS and Audacity versions, and the use of effects, generators, and
 76analysis tools so they can prioritise future improvements. Sending this data
 77would be optional and the user would be presented with a dialogue the first time
 78they launch the application after installation or after they update to the
 79including release. This description was mostly copied directly from [the PR
 80description
 81itself.](https://github.com/audacity/audacity/pull/835#issue-629891447)
 82
 83### Frontend Implementation
 84
 85This is fairly straightforward and a pretty standard UI for prompting users to
 86consent to analytics and crash logging. This section is included because the
 87community has strong opinions regarding the language used and its design, but
 88that will be discussed later. The screenshot below is copied directly from the
 89PR.
 90
 91{{< figure src="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png" link="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png" >}}
 92
 93### Backend Implementation
 94
 95Many of the code reviews include the reviewer's personal opinion so I will
 96summarise the comment, provide the code block in question, and link directly to
 97the comment in a footnote.[^fn:2]
 98
 99```c
100  if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n")))
101    return false;
102```
103
104[Lines 199-200 of
105TelemetryManager.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/libraries/lib-telemetry/TelemetryManager.cpp#L199-L200)
106save the user's unique client ID to a file.[^fn:3] This allows the analytics
107tool (in this case, Google Analytics) to aggregate data produced by a single
108user.
109
110```c
111  def_vars()
112
113    set( CURL_DIR "${_INTDIR}/libcurl" )
114    set( CURL_TAG "curl-7_76_0")
115```
116
117[Lines 3-6 of
118CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L3-L6)
119"vendor in" libcurl.[^fn:4] This is when an application directly includes
120sources for a utility rather than making use utilities provided by the system
121itself.
122
123```c
124  ExternalProject_Add(curl
125     PREFIX "${CURL_DIR}"
126     INSTALL_DIR "${CURL_DIR}"
127     GIT_REPOSITORY https://github.com/curl/curl
128     GIT_TAG ${CURL_TAG}
129     GIT_SHALLOW Yes
130     CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS}
131  )
132```
133
134[Lines 29-36 of
135CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L29-L36)
136add curl as a remote dependency.[^fn:5] This means that the machine building
137Audacity from its source code has to download curl during that build.
138
139```c
140  S.Id (wxID_NO).AddButton (rejectButtonTitle);
141  S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault ();
142```
143
144[Lines 93-94 of
145TelemetryDialog.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/src/telemetry/TelemetryDialog.cpp#L93-L94)
146add buttons to the dialogue asking the user whether they consent to data
147collection.[^fn:6] `SetDefault` focuses the button indicating that the user does
148consent. This means that if the user doesn't really look at the dialogue and
149presses Spacebar or Enter, or if they do so accidentally by simply bumping the
150key, they unintentionally consent to data collection. If the user desires, this
151can later be changed in the settings menu. However, if they weren't aware what
152they were consenting to _or that they did consent_, they won't know to go back
153and opt out.
154
155There are other problems with the code that include [simple
156mistakes,](https://github.com/audacity/audacity/pull/835#discussion_r628816050)
157[styling that's inconsistent with the rest of the
158project,](https://github.https//github.com/audacity/audacity/pull/835#discussion_r628774985)
159[unhandled return values resulting in skewed
160data,](https://github.com/audacity/audacity/pull/835#discussion_r628500849) [use
161of inappropriate
162functions,](https://github.com/audacity/audacity/pull/835#discussion_r628792423)
163and [spelling errors in the
164comments.](https://github.com/audacity/audacity/pull/835#discussion_r628818054)
165I believe these are less important than those above so they won't be discussed.
166
167## Community opinions
168
169There were many strong opinions regarding both the frontend and backend
170implementations of this PR, from the wording of the dialogue and highlighting
171the consent button to devices running something other than Windows and macOS not
172being able to send telemetry and thus skewing the data that _was_ collected.
173
174### Opinions on the frontend
175
176Really, the only frontend here is the consent dialogue. However, there are
177_many_ comments about it, the most common of which is probably that the wording
178is not only too vague[^fn:7] but also inaccurate.[^fn:8] The assertion that
179Google Analytics are not anonymous and any data sent can be trivially
180de-anonymised (or de-pseudonymised) is repeated many times over. Below are a few
181links to comments stating such. I searched for the term _"anonymous"_, copied
182relevant links, and stopped when my scrollbar reached halfway down the page.
183
184- [r628156527](https://github.com/audacity/audacity/pull/835#discussion_r628156527)
185- [833969780](https://github.com/audacity/audacity/pull/835#issuecomment-833969780)
186- [833969933](https://github.com/audacity/audacity/pull/835#issuecomment-833969933)
187- [r627995927](https://github.com/audacity/audacity/pull/835#discussion_r627995927)
188- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022)
189- [834377549](https://github.com/audacity/audacity/pull/835#issuecomment-834377549)
190- [834382007](https://github.com/audacity/audacity/pull/835#issuecomment-834382007)
191- [834385463](https://github.com/audacity/audacity/pull/835#issuecomment-834385463)
192- [834405825](https://github.com/audacity/audacity/pull/835#issuecomment-834405825)
193- [834531779](https://github.com/audacity/audacity/pull/835#issuecomment-834531779)
194- [834546874](https://github.com/audacity/audacity/pull/835#issuecomment-834546874)
195- [834638000](https://github.com/audacity/audacity/pull/835#issuecomment-834638000)
196
197The next most pervasive comment is regarding the consent buttons at the bottom
198of the dialogue where users opt in or out.[^fn:9] Many individuals call this
199design a _dark pattern_. Harry Brignull, a UX specialist focusing on deceptive
200interface practises, describes dark patterns as [_tricks used in websites and
201apps that make you do things that you didn't mean
202to_.](https://www.darkpatterns.org/) The dark pattern in this situation is the
203opt-in button being highlighted. Many community members assert that users will
204see the big blue button and click it without actually reading the dialogue's
205contents. They just want to record their audio and this window is a distraction
206that prevents them from doing so; it needs to get out of the way and the
207quickest way to dismiss it is clicking that blue button. Below is a list of some
208comments criticising this design.
209
210- [834286641](https://github.com/audacity/audacity/pull/835#issuecomment-834286641)
211- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022)
212- [834399813](https://github.com/audacity/audacity/pull/835#issuecomment-834399813)
213- [834479968](https://github.com/audacity/audacity/pull/835#issuecomment-834479968)
214- [835250737](https://github.com/audacity/audacity/pull/835#issuecomment-835250737)
215- [835253882](https://github.com/audacity/audacity/pull/835#issuecomment-835253882)
216- [835291066](https://github.com/audacity/audacity/pull/835#issuecomment-835291066)
217- [835445481](https://github.com/audacity/audacity/pull/835#issuecomment-835445481)
218
219Another issue that was brought up by a couple of individuals was the lack of a
220privacy policy.[^fn:10] The consent dialogue links to one, but, at the time of
221writing, one does not exist at [the provided
222URL.](https://www.audacityteam.org/contact/privacy-policy/) I have [archived the
223state of the
224page](https://web.archive.org/web/20210510012924/https://www.audacityteam.org/contact/privacy-policy/)
225in case that changes in the future.
226
227### Opinions on the backend
228
229```c
230  if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n")))
231    return false;
232```
233
234The issue many individuals take with this snippet is saving the `ClientID`. Say
235an individual has an odd file that causes Audacity to crash any time they try to
236open it. Say they attempt to open it a hundred times. Without giving the client
237a unique ID, it could look like there are 100 people having an issue opening a
238file instead of just the one. However, by virtue of each installation having an
239entirely unique ID, this telemetry _is not anonymous_. Anonymity would be
240sending statistics in such a way that connecting those failed attempts to a
241single user would be impossible. At best, this implementation is _pseudonymous_
242because the client is given a random ID, you don't have to sign in with an
243account or something.
244
245```c
246  def_vars()
247
248    set( CURL_DIR "${_INTDIR}/libcurl" )
249    set( CURL_TAG "curl-7_76_0")
250```
251
252Timothe Litt's comment gives a good description of why "vendoring in" libcurl is
253a bad idea[^fn:11] and Tyler True's comment gives a good overview of the pros
254and cons of doing so.[^fn:12] Many people take issue with this _specifically_
255because it's libcurl. Security flaws in it are _very_ common and Audacity's copy
256would need to be _manually_ kept up to date with every upstream release to
257ensure none of its vulnerabilities can be leveraged to compromise users. If the
258Audacity team was going to stay on top of all of the security fixes, they would
259need to release a new version every week or so.
260
261```c
262  ExternalProject_Add(curl
263     PREFIX "${CURL_DIR}"
264     INSTALL_DIR "${CURL_DIR}"
265     GIT_REPOSITORY https://github.com/curl/curl
266     GIT_TAG ${CURL_TAG}
267     GIT_SHALLOW Yes
268     CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS}
269  )
270```
271
272The problem with downloading curl at build-time is that it's simply disallowed
273for many Linux- and BSD-based operation systems. When a distribution builds an
274application from source, its build dependencies are often downloaded ahead of
275time and, as a security measure, the build machine is cut off from the internet
276to prevent any interference. Because this is disallowed, the build will fail and
277the application won't be available on those operation systems.
278
279Note, however, that these build machines would have the option to disable
280telemetry at build-time. This means the machine wouldn't attempt to download
281curl from GitHub and the build would succeed but, again, telemetry would be
282disabled for anyone not on Windows or macOS. This defeats the whole purpose of
283adding telemetry in the first place.
284
285```c
286  S.Id (wxID_NO).AddButton (rejectButtonTitle);
287  S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault ();
288```
289
290There was a lot of feedback about the decision to highlight the consent button
291but that was mentioned up in the frontend section; I won't rehash it here.
292
293### Broader and particularly well-structured comments
294
295These are simply some comments I feel deserve particular attention.
296
297From SndChaser...
298
299- [834037351](https://github.com/audacity/audacity/pull/835#issuecomment-834037351)
300-
301
302## The Audacity team's response
303
304---
305
306## The privacy policy modification
307
308<https://github.com/audacity/audacity/issues/1213#issuecomment-875274890>
309
310[^fn:1]:
311    [Link to the
312    comment](https://github.com/audacity/audacity/pull/835#issuecomment-836069326)
313    and [link to the screenshot](/assets/pngs/audacity-pr/tantacrulrole.png)
314
315[^fn:2]:
316    Note that because I am not a C programmer, these reviews might not be
317    entirely accurate and I wouldn't be able to catch the reviewer's error. I am
318    relying on other community members to catch issues and comment on them; none
319    of the reviews I link to have such comments so I'm assuming they are
320    correct.
321
322[^fn:3]:
323    [Link to the
324    review](https://github.com/audacity/audacity/pull/835#discussion_r627993755) and
325    [link to the screenshot](/assets/pngs/audacity-pr/writeanalyticsid.png)
326
327[^fn:4]:
328    [Link to the
329    review](https://github.com/audacity/audacity/pull/835#discussion_r628005925) and
330    [link to the screenshot](/assets/pngs/audacity-pr/vendorcurl.png)
331
332[^fn:5]:
333    [Link to the
334    review](https://github.com/audacity/audacity/pull/835#discussion_r628008821) and
335    [link to the screenshot](/assets/pngs/audacity-pr/externaldependency.png)
336
337[^fn:6]:
338    [Link to the
339    review](https://github.com/audacity/audacity/pull/835#discussion_r628124998) and
340    [link to the screenshot](/assets/pngs/audacity-pr/defaultconsentbutton.png)
341
342[^fn:7]:
343    [Link to the
344    comment](https://github.com/audacity/audacity/pull/835#discussion_r627756976)
345    and [link to the screenshot](/assets/pngs/audacity-pr/vaguedialogue.png)
346
347[^fn:8]:
348    [Link to the
349    comment](https://github.com/audacity/audacity/pull/835#discussion_r627764300)
350    and the screenshot is the same as previous
351
352[^fn:9]:
353    [Link to the
354    comment](https://github.com/audacity/audacity/pull/835#issuecomment-834286641)
355    and [link to the screenshot](/assets/pngs/audacity-pr/darkpattern.png)
356
357[^fn:10]:
358    [Link to the
359    comment](https://github.com/audacity/audacity/pull/835#discussion_r627762185)
360    and [link to the screenshot](/assets/pngs/audacity-pr/missingprivacypolicy.png)
361
362[^fn:11]:
363    [Link to the
364    comment](https://github.com/audacity/audacity/pull/835#issuecomment-834451187)
365    and [link to the screenshot](/assets/pngs/audacity-pr/privatelibcurl.png)
366
367[^fn:12]:
368    [Link to the
369    comment](https://github.com/audacity/audacity/pull/835#issuecomment-834010117)
370    and [link to the screenshot](/assets/pngs/audacity-pr/vendorproscons.png)