In todays episode of “Plex enshittifies” Plex employee breaks ToS.
Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736
In todays episode of “Plex enshittifies” Plex employee breaks ToS.
Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736
If you’re support ANYONE other than yourself who isn’t technical, it’s a hurdle. And likely a significant one.
I would not be able to educate my wife properly on the times when she would need to enable wireguard on her phone to use it properly (and when to disable it for other scenarios).
This has nothing to do with running a pirate service.
Seriously it baffles me how so many advocates of Jellyfin don’t recognize the huge gulf of technical knowledge needed to set up plex vs Jellyfin. It doesn’t even compare.
Seriously. Someone tried convincing me that it would be an easy lift to send my MIL across the country a preconfigured Pi so that she could have web browser access to Jellyfin. She only has a computer for doing taxes, and watches everything on her TV.
Not only would she get confused every step of the way, even if it was just plug & play, she would also blame me if ANYTHING happened on her network and want me to fly out to fix it.
I’m not about to take that responsibility just so she can watch the latest episode of 90 day fiance. I have enough pain when she needs to sign into Plex.
Yeah I did jellyfin for a while but last time the lifetime pass went on sale for Plex I just said “fuck it,” bought it, bought a cheap beelink, booted elementary OS on it, and set several friends/family up on it. I check the beelink maybe once a month for updates/adding stuff. Easy peasy.
Setup a wireguard client so it’s always connected but is used only for a certain IP (the address of your server). If you’re interested, I can help you with that.
Great!
How do I set up WireGuard specifically on my AppleTV? How about my Roku? My friend’s LG TV? My other friends Samsung TV?
It’s not me that’s the problem. I have a permanent tunnel back to my house/infrastructure (straight wireguard). It’s communicating how to use it to my users that the problem… I already do enough support that I’m just not opening that can of worms to non-tech people.
everybody downvoting your comment has zero experience being the go-to family tech guy for relatives in their 80s and 90s who can’t reliably distinguish between windows, dialog boxes, menus, and buttons
My wife has no problem starting the tailscale app and then starting the jelkyfin app. Its really that simple.
She also uses the tailscale exit node I run whenever she is on a public wifi. Its really a well designed simple to use app.
Would you like to explain to my MIL about how to set up tailscale for her entire network so she can stream to her TV?
Download file from Google Drive link
Download OpenVPN app
Pick file in OpenVPN app
Enter password
Share WiFi from phone to TV
Done
Too hard, she can’t even open a PDF file on her own.
Does she drive or open bank accounts?
If the answer is yes, why is that so much harder?
And I work in tech support. With medical non-technical folks. Guiding them through the control panel oblindly on the phone.
I know what I am dealing with on the regular!
Because computers (to older folks) are a magical black box that they’re afraid to break but still manage to do so.
Can you wire a network cable? If the answer is yes, why can’t you build a night table from scrap wood?
You can’t because having proficiency in one area doesn’t translate to proficiency in another.
Good question, I’m also in tech. She does drive and of course opens bank accounts, but it’s like it all goes out the window when she needs to do anything remotely technical. I would say that most of the users I’ve encountered are not that bad, but she is unique in that way.
You want to run an internet tv service for your MIL then do it. Thats just not want Jellyfin is for. Its a home media server.
Is this that hard to understand?
Then it’s not a drop in replacement for Plex, is it?
No shit. Is that not exactly what I have been saying over and over?
My first comment in this thread says clearly that if you want to run a pirate tv service for other people then you’ll want something other than Jellyfin.
You replied to someone and said “my wife has no problem using tailscale”. Is your wife not another person? Sure, same household, but if you’re not running a pirate TV service, why does she need tailscale, and how is that different than sharing with my MIL?
Also, why do you keep using the terminology of “pirate tv service”? Why is it suddenly not a home media server if I want my mother in law to be able to use it? I don’t share with people outside of my family.
You seem to think that because you’re using Jellyfin, it’s automatically not piracy. But you certainly can do piracy with it, it has tools purpose built for it like Jellyseerr. So how is that not a “pirate tv service”?
Do you not know that you can also upload your own media rips to Plex? Is that still a “pirate tv service”? At what point do you assign the (fairly negative, at least legally) connotation of piracy to a service someone is hosting out of their homelab?
Awesome… cool for you. The average person doesn’t even understand or even know what a VPN is.
I taught undergrad and grad college level IT courses. Many students there didn’t even understand what a VPN actually is.
Edit: It works for you… great… it could even work for many… Awesome. There are legit use cases for the majority that VPN just doesn’t work.
Jellyfin is a home media server. it is great for that use case. It is easy to setup and use. Most importantly its not sending data about everything we watch to some company.
Stick to plex if you want to run a free internet tv service for your cousin and their kids and whoever else and you aren’t concerned with their or your privacy.
I’m into self-hosting because data privacy is my primary concern.
Ok, then why do they offer remote connectivity?
What evidence of privacy problems do you have against Plex?
I’ve wiresharked, splunked, checked literally everything that I sent to Plex not all that long ago… Turns out it a whole fuckton of nothing and generic metadata pulled from the media agent. Turns out that as long as you turn off the dumb features, you’re not sending all that much. It’s much easier for me to tell people to turn that shit off than it is to convince them to install apps and configure everything.
Privacy won’t matter if a major studio catches wind of this type of vulnerability and decides to start scanning for jellyfin instances. The subpoenas will come shortly after.
Well there was that one time that Plex emailed your friends and shared your viewing habits.
https://www.404media.co/plex-users-fear-discover-together-week-in-review-feature-will-leak-porn-habits-to-their-friends-and-family/
Those users kept the feature turned on. I spoke out against that shit when it happened on Reddit. But turns out users who disabled the dumb features in their profile never had those emails sent. I never saw the email as an example… and my subset of 5-6 users that I think I had at the time… I distinctly remember 2 of them talking about how they never got one either… Turns out that I could reliably use that email to show the other 2-3 users that they need to turn off those flags.
and
Were the big sections I believe… But that was a couple years ago at this point and I might be misremembering.
I’d still say it qualifies as a huge example of “evidence of privacy problems with Plex.” It certainly informs the community on Plex the company’s perspective on privacy and what a user’s expectations should be.
They chose to make that email and feature opt-out and after the fact.
I understand and agree.
However it’s far easier for me to tell people how to setup their plex profile than it is for me to support infrastructure that they’d have to use to access jellyfin securely.
But to be frank on both jellyfin and plex, the end user never had privacy from the server owner. So talking about user’s expectations is completely different world of discussion than a server owners expectation of privacy.
Plex clearly scans your media collection and does upload the metadata and they can add more data collection any time they want.
How are they going to scan a server on my network thats behind my firewall with nothing open to the internet?
No. The local metadata agent requests the data, it doesn’t upload a list of what you have but requests the metadata it’s missing. And you could say that a log collection of what data it retrieves is risky… except now they cram so much nonsense on the home page that all of that is fluff that would obfuscate that heavily…
But you can configure the meta-agent. You can not request it at all.
So then you agree with my initial statement that I start with of “people need to implement it sensibly knowing the potential risks.”?
If so… then why get into a hissy fit over this when my statement was clear? People shouldn’t implement Jellyfin without understanding the risks… it’s not innately secure and requires additional solutions to make it use-able. And thus, should be recommended only when that is disclosed.
Where did I disagree with you?
I’ve repeatedly pointed out that Jellyfin is great for a self-hosted home media server. If you use it as intended then its security is not an issue.
Its not for running an internet tv service for others.
I don’t really understand why this causes some people to go off on a rant about how hard it is to explain a vpn to their grandmother. That’s not something I’ve ever suggested.
Because you keep missing the point that spouse or others that live with you but aren’t literally at the house are also “remote” users who are part of the same home.
I’ve never seen any Jellyfin document claim that it’s intended to be used behind a VPN or strictly in LAN operations. And actually have seen it directly advertise itself as something to share with others.
https://jellyfin.org/
Would be hard to share with family and syncplay if we’re only talking about LAN access.
https://jellyfin.org/docs/
Comparing themselves to Plex directly in usage.
https://jellyfin.org/docs/general/post-install/setup-wizard/
Not needed if this is a local only server. default configuration guide…
Lets ignored the “networking” section all together… Nearly all of that is only relevant if your exposing it to the internet directly but if outs itself as “This document aims to provide an administrator” so not meant for the typical user.
So are you right that it’s meant to be local only? Or the creators themselves that run the website and advertise it for sharing and external connecting?
I think they’re meaning exposing it to the public for the pirate tv use case. In my personal experience (1 non savvy user using the roku app, no vpn), it’s not much support. I had to talk them through initial sign on, and through re-sign-on after that latest update that forced it. Of course ymmv, but two 5 minute tech sessions with grandma over 2 years of consistent usage ain’t that bad.
I’ve racked my brain to determine WHY that happened, but the only thing I can guess is Roku saw the channel differently because I packaged it instead of the previous person, so the config didn’t port over /shrug
Never had that happen before.
I figured it was the enforcing of the trusted proxy mechanism mentioned in the release notes (only noticed because of an earlier thread here, thanks!). Once I updated my server and set the proxy settings all my clients needed to be signed again.
And I’m talking about the reverse problem. That you would need to expose it in order for it to work with other users… OTHERWISE be on the hook to support users via VPN + Jellyfin, or in the case of TV apps, Router+VPN+Jellyfin. That doesn’t scale up well the moment you have someone not in your house that uses your stuff. It doesn’t have to be pirate TV. Could just be a kid at college.
Yeah I don’t think anyone sane would disagree. That’s what forced the decision for me, to expose or not. I was not going to try talking anyone through VPN setup, so exposure + whatever hardening practice could be applied. I wouldn’t really advocate for this route, but I like hearing from others doing it because sometimes a useful bit of info or shared experience pops up. The folder path explanation is news to me; time to obfuscate the hell out of that.
Exactly… But I get chastised for pointing the problem out. Called a shill because I care about security.
I RUN JELLYFIN. I HAVE IT RUNNING. Others you recommend it to should be made aware of the risks that’s all I’m trying to point out.
You can get around the MD5 issue (a bit) by obfuscating your path. Instead of
/movies/title (year)/title.ext… make it/mnt/MHhzTiM57Fv4wWQmkmb4DLDwVKoB628KBQzhBHQjGQVtsjhwRrFNU2NtRGJ4dUpg/movies/title (year)/title.extand you’ll probably be pretty damn immune to the problem as it stands now… But just blatantly telling people to use Jellyfin isn’t a good answer here without that background.Awesome, thank you, this is exactly what I was thinking when you mentioned it earlier.