Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
Jellyfin is hardly a no-brainer. I set it up out of curiosity a few weeks ago and my first question was how do I give access to my friends and family. So I searched, and all of the results were talking about setting up a VPN or a reverse proxy or whatever. Man, I just want to tell my mom “install this app on your tv and log in”, which is exactly what Plex does.
I get that Plex is enshittifying, but pretending Jellyfin is a drop-in replacement is delusional.
Jellyfin is a no-brainer. Publishing services on the Internet is complex.
spoiler
askldjfals;jflsad;
Yeah, but then you’re not self-hosting, you’re paying or using their free services to manage that for you.
spoiler
askldjfals;jflsad;
Yup. And letting them collect data on what goes through their service is the cost.
spoiler
askldjfals;jflsad;
If they adhered to somewhat modern security principles for their Backend I wouldn’t mind hosting it behind a reverse proxy. But since large parts of the API is unauthorized and unprotected, I wont.
And I do not plan on supporting family and friends in setting up vpns on all of their devices
What are the worries behind it? Last time someone was worried about the security it was about knowing filenames of the stuff you host by brute forcing iirc
The issue is their approach to security. I don’t trust them to properly secure their software, since they have proven to prefer client compatibility over security.
Knowing (guessing) the file path allows them to access and stream the content. Meaning worst case scenario… Sony (the people known for putting malicious stuff on CDs) can probe your server, and prove the content is there because your server will return the movie file itself.
Since you need to self-host Jellyfin, then you are responsible for making the service public.
This is why I use Yunohost. It makes all of that just a “click buttons” affair. Then you can tell your Mom the same thing. Only the domain is yours so Jellyfin can’t hold it over your head.
The best thing is, you can’t use a reverse proxy with it, it doesn’t even support it.