Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
Jellyfin is hardly a no-brainer. I set it up out of curiosity a few weeks ago and my first question was how do I give access to my friends and family. So I searched, and all of the results were talking about setting up a VPN or a reverse proxy or whatever. Man, I just want to tell my mom “install this app on your tv and log in”, which is exactly what Plex does.
I get that Plex is enshittifying, but pretending Jellyfin is a drop-in replacement is delusional.
Jellyfin is a no-brainer. Publishing services on the Internet is complex.
spoiler
askldjfals;jflsad;
Yeah, but then you’re not self-hosting, you’re paying or using their free services to manage that for you.
spoiler
askldjfals;jflsad;
Yup. And letting them collect data on what goes through their service is the cost.
spoiler
askldjfals;jflsad;
If they adhered to somewhat modern security principles for their Backend I wouldn’t mind hosting it behind a reverse proxy. But since large parts of the API is unauthorized and unprotected, I wont.
And I do not plan on supporting family and friends in setting up vpns on all of their devices
What are the worries behind it? Last time someone was worried about the security it was about knowing filenames of the stuff you host by brute forcing iirc
Knowing (guessing) the file path allows them to access and stream the content. Meaning worst case scenario… Sony (the people known for putting malicious stuff on CDs) can probe your server, and prove the content is there because your server will return the movie file itself.
The issue is their approach to security. I don’t trust them to properly secure their software, since they have proven to prefer client compatibility over security.
Since you need to self-host Jellyfin, then you are responsible for making the service public.
I mean, if I didn’t know better, I’d start to suspect that the large multimedia corporations building walled gardens of apps in closed Smart TV ecosystems don’t really want you to be able to easily tell your mom how to watch shit for free. I mean they’ll let you, if you really insist on having that app available, but someone will have to pay THEM money instead first (and probably let them spy on you). That’s their racket.
The reason Plex can do it is because they do make money, doing shitty stuff like this to their users, so they can use that money to open these doors into SmartTV-land. The root of the problem is that your SmartTV itself (and your mom’s) is a locked down proprietary piece of shit, designed exclusively for shoving all proprietary content these media companies develop down your throat, and there are few convenient workarounds that are available to us, because of course they make workarounds as inconvenient as possible.
Unless you’re willing to ditch everything proprietary and insist on open technology for everything, which is hard on its own, you’re going to end up with a janky mix of proprietary and open systems that always require some compromises, because the proprietary stuff forces us to compromise. It’s literally a “this is why we can’t have nice things” situation.
Or… You know… Jellyfin could make it so I don’t have to setup elaborate VPN schemes and have every user install that on every one of their devices. For example they could fix their security issues to make it safer to expose JF through a reverse proxy, bug they refuse to not break client compatibility
This is why I use Yunohost. It makes all of that just a “click buttons” affair. Then you can tell your Mom the same thing. Only the domain is yours so Jellyfin can’t hold it over your head.
The best thing is, you can’t use a reverse proxy with it, it doesn’t even support it.
Odd, since my Jellyfin sits behind a reverse proxy.
Oh, right, it was basic auth (behind a reverse proxy, or even in general) that Jellyfin doesn’t support and isn’t planned to support IIRC.
Here is a GitHub issue where they said they don’t plan on supporting it: https://github.com/jellyfin/jellyfin-android/issues/123