Is Audacity safe to use after the Muse Group changes and recent privacy updates?

1. What sparked the safety concerns — and what the company said

The uproar began when Muse Group updated Audacity’s privacy policy to describe data collection for “app analytics,” updates and legal requests, language that some users read as broad and invasive; coverage noted collection of IP addresses, OS version and processor type and cited the policy language about sharing data for law enforcement or potential buyers, prompting calls to fork the project ^{[7] [3] [8]}. Muse Group responded that the wording was unclear, that the actual data collected would be “very limited” (IP address stored anonymized for 24 hours, OS and CPU info, and opt‑in crash/error reports), and that they would revise the policy to be clearer ^{[1] [2] [9]}.

2. Is there evidence Audacity is malware or secretly spying on users?

Reporting across the tech press repeatedly distinguishes telemetry/telemetry-policy controversy from malware: outlets and Muse Group insisted Audacity is not spyware in the sense of malicious code or hidden backdoors, and the company denied selling or broadly sharing user data ^{[10] [3] [2]}. Independent explainers and later company privacy material characterize the data collected as limited and tied to new online features (automatic updates and optional error reporting), not continuous background surveillance ^{[2] [11] [4]}.

3. What practical privacy risks remain, according to coverage

Critics focused on vague clauses — notably “data necessary for law enforcement” and potential transfers to other jurisdictions — and on Muse Group’s corporate ties and licensing changes, which eroded trust even if technical risk was limited ^{[12] [13] [5]}. Several outlets stressed that the initial policy wording and contributor-license discussions damaged goodwill in the open-source community, leading some users to prefer older offline builds or to propose forks to avoid future telemetry ^{[8] [13] [6]}.

4. What the Audacity privacy notice and later fixes say

Audacity’s documented Desktop Privacy Notice (as of later updates) describes “very limited” collection, explains why update checking/optional crash reporting need network activity, emphasizes user control (options to disable update checking and opt into error reports), and references compliance with GDPR/CCPA; outlets recorded that Muse Group published revised wording and an apology after the backlash ^{[4] [14] [9]}. Multiple reports also pointed out that the disputed policy text did not go into force until a future release (3.0.3), and earlier offline versions lacked networking features ^{[6] [3]}.

5. How users can reduce risk right now (options reported)

Coverage notes straightforward mitigations: stay on an earlier offline release that has no networking features, disable automatic update checking in preferences when the feature appears, avoid opt‑in crash reporting, or use a forked version if available — all practical steps if you distrust the vendor ^{[6] [11] [3]}. Several outlets and discussions recommended monitoring the updated privacy policy text and the project’s community governance moves before trusting future releases ^{[9] [13]}.

6. Conflicting perspectives and unresolved trust issues

Journalists and Muse Group framed the incident differently: outlets like Gizmodo and PCMag emphasized that the policy’s wording and timing caused reasonable alarm but argued the technical reality was limited telemetry comparable to many modern apps ^{[12] [3]}. Community critics and voices on GitHub/Hackaday viewed the change as a deeper departure from Audacity’s open-source norms (CLA/licensing concerns) and warned that corporate ownership decisions — not just telemetry — undermined trust ^{[13] [6]}. Available sources do not mention definitive evidence that Muse Group sold user data or covertly exfiltrated content beyond what the published policy and company statements permitted (not found in current reporting).

Bottom line (reported facts you can act on)

If your concern is malware: reporting consistently says Audacity itself was not found to be malicious ^{[10] [15]}. If your concern is telemetry and corporate policy: the controversy was real, Muse Group admitted unclear wording and revised the policy, and practical options exist (use offline builds, disable updates, skip crash reports, or use community forks) — choose based on whether you prioritize absolute offline guarantees or convenience from updated features ^{[6] [4] [14]}.