To clarify (I am more-or-less copying my response to a Reddit post on this one).
Personally I am waiting to see how the situation evolves. We aren't up-to-date on Audacity, so even if they had shipped a new Audacity release with telemetry, which they haven't, we wouldn't have it at the moment. Not going to jump to any random forks regardless. The system they implemented for disabling it at built-time would be satisfactory (you can disable networking entirely, telemetry specifically, crash reporting, etc).
Personally, I am not anti-telemetry, but it needs to serve a clear purpose on how it is going to enable the product or service to actually improve over time. In the case of Firefox, it is even less of a concern given how open the data is via their telemetry dashboard and they have a clearer policy on exactly what data is used, when it is used, how long it is used for, where it goes, etc. via https://support.mozilla.org/en-US/kb/telemetry-clientid
With both Firefox and Visual Studio Code, telemetry reporting can be trivially disabled by the end user. It isn't something we need to disable at build-time. The data Audacity is collecting, based on their Privacy Policy, is not inherently harmful. The name of the operating system, the version of it, your CPU, error messages / crash reports, and what country you are from is hardly identifiable information.
However, from a technical perspective, there is absolutely no reason why they need to retain your I.P. address in a hashed form or otherwise. Especially for a year. You can trivially use the I.P. address to determine the country of the user via the open Maxmind database and discard it after. You can disable access logs on your web server so you aren't even collecting the I.P. address by virtue of any logging of requests the Audacity client is submitting. The I.P. address is not required for crash reports, the country is not relevant to that. So really it is "we want to know how many users we have and the geographical distribution of them", which is fine.
Related to age-restriction, this is just them attempting to waive liability for any incidental data they collect. It just would not be a problem if they did not implement the telemetry in the manner they did in the first place.
In regards to @Girtablulu's post, we will update Audacity at some point. The problem with Audacity is primarily related to its currently attempts to use its own wxwidgets. This can be trivially disabled per this patch, however there are other problems related to their system lib detection and rpath that haven't been resolved yet, switch to more of their own vendored in libs like sqlite, etc. and thus introducing 3.x would likely introduce regressions unless we took care to actively resolve those issues when updating the package. Doing that takes time and hasn't been a pressing concern seeing as Audacity as it stands works just fine.
