Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
If they adhered to somewhat modern security principles for their Backend I wouldn’t mind hosting it behind a reverse proxy. But since large parts of the API is unauthorized and unprotected, I wont.
And I do not plan on supporting family and friends in setting up vpns on all of their devices
What are the worries behind it? Last time someone was worried about the security it was about knowing filenames of the stuff you host by brute forcing iirc
The issue is their approach to security. I don’t trust them to properly secure their software, since they have proven to prefer client compatibility over security.
Knowing (guessing) the file path allows them to access and stream the content. Meaning worst case scenario… Sony (the people known for putting malicious stuff on CDs) can probe your server, and prove the content is there because your server will return the movie file itself.