UpNp or port forwarding is the same way both Plex and Jellyfin work.

I don’t know what makes Jellyfin less secure since they both work the same way for this as far as I can tell…

Can you be more specific about what makes Jellyfin less secure when it comes to UpNp/port forwarding?

In the case of port forwarding at least Jellyfin is open source and has more eyes on it so it’s less likely for someone to zero day it and have at it unless I have misunderstood how each can connect off-network.

Furthermore the hash for your password is stored along with many others at a single (or relatively few) attack point/s on a Plex business server since it’s a centralized business whereas this is never the case for Jellyfin.

Also this thread is about Plex literally selling your personal data so I don’t really consider Jellyfin worse for exposing your personal data.

I’ll take my chances with a single idiot who want’s to compromise my poor asses tiny network versus an actual hacker who wants to compromise an enterprise businesses network that is storing thousands or hundreds of thousands of user credentials, data, and payment information (Which Jellyfin doesn’t store even half of).

If someone hacks Jellyfin on my network -> They have my… media files? Maybe the hash of the one password I use there?

If somone hacks Plex on my network or anywhere - or the people they sold that data to -> They have my password hash, credit card number and probably my name that is associated to it, personal data that Plex is selling, etc.

TL:DR I think Plex is more likely to be hacked rather than myself and the outcome of Plex getting hacked is worse than if my personal Jellyfin server gets hacked.