Plex now want to SELL your personal data
-
"Hashed emails". Besides the fact that they can match up a hash from one source to a hash from another source to link them to the same person (they never said they'd salt them), emails often have enough predictability to break the hash. Assuming they all end in "@gmail.com", "@outlook.com", or "@yahoo.com" will get you the vast majority of emails out there. Unlike a good password scheme, people don't shove a lot of random data into their email addresses.
Was about to say this.
I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.
In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)There is no option where someone did not either knowingly do or provoke this.
-
I would simply click I Do Not Agree and then throw the computer in the trash
wrote last edited by [email protected]I just hit no, and everything still works fine afaik
-
I am a die-hard Jellyfin user, but I still haven't found a proper way to index and stream my music library with it. As far as i know, Plex is still better at that.
I've recently had really good luck with Finamp on Android at least. With the recent support of time lyrics in Jellyfin and Finamp's redesign I've been using that to stream my Flac audio files. Works quite well with separate collections as well. Though, to this day I still have to force close it more times than I like to get the UI to refresh after closing it. Plexamp was tough to lose when I swapped many years ago, but the third party space has slowly been closing that gap over the years.
-
I have absolutely not been willfully misreading. You can't argue that the guy saying he has a problem with Google's sign-in specifically has a point and also say that the data mining happening within Plex is WAY more intrusive. If the point is whether giving Google this data is a problem it must be worse than using any of the other sign-in options. But it isn't. Your data is as widely available one way or the other. It is reasonable to think Plex's visibility over your server is too much, I accept that, particularly if your use case runs afoul of their EULA...
...but then you can't tell me "I don't trust Google", unless your argument is you trust Plex more for some reason. Which you shouldn't. It just doesn't follow.
Oh, and they do sell your data for advertising. There's an opt-in for it, though. Since we're talking about legality, it'd be a punishable offense for them to sell your data without your consent, which is why that's there, and they do need to tell you what data they collect if you request it.
And no, I am not liable under US law. There is a treaty that requires both parties to meet those requirements, but US law isn't directly applicable over here. What is applicable is our own legislation made to comply with those trade agreements. Which includes exemptions for private copy.
As far as I and every piece of legal advice I've seen about this knows, anyway. If you have a source for how apparently US law is directly applicable to any country they have a trade agreement with feel free to point me to this insane new paradigm of international law, though.
You can’t argue that the guy saying he has a problem with Google’s sign-in specifically has a point and also say that the data mining happening within Plex is WAY more intrusive.
Those are not mutually exclusive statements. In fact, mostly it just makes you an idiot for not having a problem with either.
It is worse than an auth method that isn't maintained by a known data whore like google. It's substantially worse when you're using it with another data whore service. For those of us who administrate remote services and care about not being beholden to google's data addiction, it is absolutely not a good thing to provide it as the default auth method, which is what the OP was saying. Even if jellyfin included it, I would immediately disable it. Especially since, as a server administrator, I have a vested interest in keeping the activity of that server private. Even if the specific details of the media on it aren't exposed, I don't want any party with conflicting interests to my own to know what users are associated with my server. Just having a dozen or so users connected through jellyfin to my IP would be enough for a motivated legal entity to look at me, and I have more than just a private media server to worry about. Is it likely to happen? Probably not. But why would I even risk it?
If you have a source for how apparently US law is directly applicable to any country they have a trade agreement with feel free to point me to this insane new paradigm of international law, though.
I don't have a source for you, but typically using a US-based platform can give US authorities a jurisdictional hook, especially if the rights holders are US-based or can show commercial harm. That is why US based web services are extraordinarily strict with all of their users, even those who live outside the US. I'm not even saying it's common, just that it could happen. I seem to remember operators of p2p services getting nabbed at customs while traveling back in the day - it wasn't illegal where they were, but it sure as fuck was in the US and they were extremely interested in putting the kabash on it.
No question that plex is a more convenient service, but if you have the tech literacy to manage something that's completely private that is only marginally more complicated, why the fuck wouldn't you? Then again, maybe if you think you're more tech literate than you are, it doesn't seem all that simple.
-
I think people feel loyalty to Plex and I understand why. I even understand why they're charging for self-hosting considering their costs of delivering the dynamic DNS, software development, content info, etc. But being closed source, VC funded, and with their core product an increasingly small part of their business, it's all a powerful recipe for enshittification. Tech Altar has talked before about how enthusiast brands often betray their users. Jellyfin was not a trivial set up for remote access, but I've really been happy with it, and I like having the peace of mind of having control over how it works
Jellyfin was not a trivial set up for remote access
So, forwarding a port on your router was a difficult process?
-
Don’t be smug.
I'll take any chance, even one involving docker
-
I don't know why everyone in the selfhosting community still even mentions Plex or uses it.
It's closed source, not free; Jellyfin is a no brainer yet people still go to Plex??
I don't know why people use dishwashers. It's in the kitchen. A lawn mower is a no brainer, yet people still use dishwashers??
-
You seem a little out of touch with how people think.
I doubt they're thinking at all if writing a web address is too much lol
"Facebook dot what? Stop the tech speak, nerd!"
-
I just hit no, and everything still works fine afaik
Perhaps. The issue I perceive is that, for corporations, evil deeds are only illegal if you get caught and the government actually pursues you. Then, the most the corpos face is a fine, and remember: if the penalty for doing something illegal is a flat fine, then it isn't a punishment, it's a price.
Thus, this corporation has indicated its clear intent to sell me to the highest bidder. I would not give them a chance to do so. A "do not agree" button is just that: a "do not agree button".
-
Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in
Account Settings or using this page.Soure: https://www.plex.tv/vendors/
(Might have to clear cache)Can also read about the changes here:
https://www.plex.tv/about/privacy-legal/I’ve had a lifetime plex pass for several years. Once I tried Jellyfin a few months ago it was all over. My “I’ll run both just in case” period lasted a week or two.
The downside is that Jellyfin will take more setup on your end, especially if you want to let other people connect securely to your server.
The upside is performance and responsiveness. Once I started using it I decided Plex had to go, even if I have to drive to each family member’s house to fix their shit. It was like moving between Linux and Windows, as far as one being designed to work and the other being designed to satisfy dozens of corporate KPIs.
Fortunately the setup for the end user is just as simple once your server is good to go. They just need URL, login, and password.
And since it’s all open source, there’s some fun diversity in clients. I use Finamp specifically for music, and there are audiobook focused ones.
-
It's this old link, eh?
Well, just because they closed the issue (without resolving it), doesn't mean it does not speak to their views on security and client breaking changes
-
How big is that library supposed to be that it is larger than all public ones? There are some with 10'000s of videos.
We have over 15,000 videos in TV episodes, alone. Not counting movies.
So…yeah.
-
The sunken cost of buying a plexpass on sale for 39 dollars 15 years ago.
Hence the term "sunk cost fallacy".
-
Jellyfin was not a trivial set up for remote access
So, forwarding a port on your router was a difficult process?
Nginx/caddy, dynamic DNS, buying a domain, setting it up with cloudflare is well outside the capabilities of most people. Took me a few hours to figure out
-
Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in
Account Settings or using this page.Soure: https://www.plex.tv/vendors/
(Might have to clear cache)Can also read about the changes here:
https://www.plex.tv/about/privacy-legal/One of the security upsides to plex is that any number of people can log in with the same credential.
That means that while Plex can harvest information- what account, what's being watched, IP address, device and player identifier- It doesn't know who to attach that information to. So you can get dozens or maybe hundreds of users polluting the same account with watch information. Less useful information to be sure.
-
sounds like a poorly optimized system tbh. My Plex instance loads within a few seconds. on roku, android, and web.
keep in mind I'm using nginx caching and some advanced configs.
I am using the Plex app on my LG TV, to be more precise. That's the WebOS version of Plex. On my phone and on the web, it loads instantly.
-
I have absolutely no experience with Jellyfin, what does the Kodi plugin do?
Or do you mean you have the Jellyfin addon installed in Kodi, so you can accsess Jellyfin from within Kodi?
I can access my Jellyfin library just like it was native kodi
-
Not to rain on your parade, but the Plex App on my TV, with a library of almost 40TB also loads in seconds
No rain here.
️
What TV is that? I have an LG OLED TV from 2019 running WebOS, so that's the version of Plex I am using.
My Plex library loads instantly on my phone and on the web.
-
I set up tailscale for remote access and it was pretty easy and painless. Maybe not as "average user" simple as plex, but no harder than setting up lan games to play across the internet that non techy people were doing in my high school 20 years ago.
Yeah with VPN it's more straightforward. I wanted it accessible without which was more involved. Honestly the average user doesn't even know what tailscale or wireguard are, so you are already advanced using those
-
Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in
Account Settings or using this page.Soure: https://www.plex.tv/vendors/
(Might have to clear cache)Can also read about the changes here:
https://www.plex.tv/about/privacy-legal/And you can say no. Where’s the problem?
Also “personal data” is a bit of a stretch.
