Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
Sharing it with people outside your house. Added hardships if behind CGNAT.
I’ll edit this…sharing it securely outside of your house. Just port forwarding to the box and saying have at it isn’t really a great idea.
UpNp or port forwarding is the same way both Plex and Jellyfin work.
I don’t know what makes Jellyfin less secure since they both work the same way for this as far as I can tell…
Can you be more specific about what makes Jellyfin less secure when it comes to UpNp/port forwarding?
In the case of port forwarding at least Jellyfin is open source and has more eyes on it so it’s less likely for someone to zero day it and have at it unless I have misunderstood how each can connect off-network.
Furthermore the hash for your password is stored along with many others at a single (or relatively few) attack point/s on a Plex business server since it’s a centralized business whereas this is never the case for Jellyfin.
Also this thread is about Plex literally selling your personal data so I don’t really consider Jellyfin worse for exposing your personal data.
I’ll take my chances with a single idiot who want’s to compromise my poor asses tiny network versus an actual hacker who wants to compromise an enterprise businesses network that is storing thousands or hundreds of thousands of user credentials, data, and payment information (Which Jellyfin doesn’t store even half of).
If someone hacks Jellyfin on my network -> They have my… media files? Maybe the hash of the one password I use there?
If somone hacks Plex on my network or anywhere - or the people they sold that data to -> They have my password hash, credit card number and probably my name that is associated to it, personal data that Plex is selling, etc.
TL:DR I think Plex is more likely to be hacked rather than myself and the outcome of Plex getting hacked is worse than if my personal Jellyfin server gets hacked.
With a fresh install of Plex you can still connect to it remotely…with no ports open. It will use Plex’s relay service to make the connection. That has limited bandwidth so it’s rarely anybody’s long term choice but it works right out of the box.
If you do choose to open a port then Plex partnered with Let’s Encrypt and Digicert to setup and maintain all the certs for you. So at least your connections are encrypted provided you use one of the many apps that support secure connections.
Is that the most secure way to run Plex? No. But it’s a couple steps in the right direction for basically zero effort on the server admin and users part.
You might not like the centralized auth of Plex but I don’t have to manage user accounts/passwords for people and deal with distributing them. Just send an invite to their email, they set it all up, and I never need to know about it. They forgot a password?…I never need to know about it.
I see, thanks.