anarchiddy

So the Google login could be a problem by itself, and the Plex data gathering would be a much bigger problem by itself, but both together would just mean you are exactly as screwed as with just one.

That's almost exactly what I was saying, except that using both actually increases your risk just by capturing more detailed logs of your server activity and the associated accounts. Your users could use anonymous usernames or share login credentials if they wanted to without it, but being forced to use google SSO means each user is personally identifiable even if they're protecting themselves otherwise. It's the same reason I would never use google's SSO for another web service if I had an alternative, even if for something completely innocuous. Why give them extra information about my web activity and tie it directly to my verified account, even if it's something trivial like what plex servers i use or how I'm watching my media and on what devices?

But mostly my point was that using google's SSO by itself, with your own self-hosted server is dumb because it unnecessarily exposes you where you otherwise would have been fine. That was the whole point of this conversation - not that plex was specifically bad because they used it, but that it isn't a desirable feature for plex or for a self-hosted alternative. Maybe you just misunderstood that, idk.

cosplay

Where I am people are being black bagged for less than just breaking DRM. I could be disappeared on my way to work tomorrow just for saying something silly like "from the river to the sea". Maybe you're privileged enough to feel secure in your legal standing, but that's not one that I share. Like I said, i've gotten burned for using napster when I was young and dumb, and I thought I was safe then, too.

For most people this side of the pacific, ripping DVD's for personal use is not legal, and streaming them to others is even less so. Any service hosted within the US is subject to that law. You being outside the US but using a private service hosted within it puts you squarely within that jurisdiction, but since you fancy yourself a lawyer, and since IDGAF anyway, i'll let you mull it over for yourself. If all you're afraid of losing is access to your plex account then all the power to ya. I just don't agree with that value judgement.

I'm honestly not sure why you feel so cavalier about your data privacy. If you're really one of those 'i've got nothing to hide' folks, I have a larger gripe with you than what a silly 'plex vs jellyfin' debate can cover. It's incredibly shortsighted and normalizes apathy and complacency. There's no reason to be exposing your private server usage data to private for-profit companies, especially when that activity is already borderline legal at best. My actual fear is that plex gains mainstream attention and comes under legal scrutiny. we go through another tightening of the screws because our bloated media market is bleeding and dragging the rest of the stock market down with it. That's what happened with napster and the record industry, and it'll happen with streamers and plex if we're not a little more discrete.

Yes, rip your dvds. Yes, share them with whoever you want. Go pirate some animes or download a car, IDGAF. But don't pretend like you're somehow safe from punitive copyright action just because you're off in Greenland or whereverthefuck. You'll end up teaching normies bad habits and poor judgement when it comes to protecting their data privacy.

Again, just don't be a dumbass about it.

I do care about self-hosting as a viable commercial alternative

Well there you go. I would really rather self-hosting not even be commercial.

I am not ready to give up on the changes required to get there just to feel cool on the Internet

Lmao yes look at me and my data hygiene, you'll never be as cool as me. It's clear that you have some misgivings about FOSS as a concept, I guess you can feel good about donating your money to a for-profit entity as a way to stick it to those hippies. God forbid I had tried selling you on linux in this thread, that could have really snowballed.

There are a lot of people here who simply cannot be bothered to figure out remote access

A weird one i saw today was actually "jellyfin took too many resources scanning my library" and 'if it doesn't have an SSO my family won't use it'

I think a lot of people just enjoy plex better and will accept any minor inconvenience as justification. That's fine though. I'll swear up and down that apple products are not worth the convenience, either, but there will always be people who simply like them more than others, and thats fine

Also, me using Plex to host copies of my own software legally is not the same as operating a P2P service.

I'm not explaining this to you again. What you described is not legal on a US hosted service like Plex, and even most other countries with DRM exceptions for personal use do not include sharing outside your immediate household. Even if it's perfectly legal in your country, and the US can't touch you where you are, Plex is still obligated to abide by US restrictions. Good enough if that doesn't bother you, but it isn't completely without risk and you should be well aware of it.

if your concern is the govenrment overreach implications of having a portion of your data leaked, worrying about a smaller leak along the way of actively generating a larger leak is entirely pointless.

What exactly does "government overreach" mean in this context?

Using Google SSO independently is bad. Plex independently is bad. Using both together is worse. Using either while also breaking the law, when there's a perfectly acceptable way to do neither of those things and still just as easily break the law is a whole lot better.

Conversely, I’d argue that if you have a dozen users and are terrified that the cops are going to come and raid the… I’m gonna say meth lab you’re running on the side, we’re back to the conversation about how cool you are with that dozen users having their Jellyfin clients running on a bunch of Android devices, Smart TVs, Windows boxes or whatever else.

I'm just not a dumbass. Having a dozen users log in without any of them publicly pointing at me or my server IP is a hell of a lot safer than letting a private service log every sign-in and stream event of the server, and then letting a separate private service link those users to accounts with detailed personal information. Those people can install jellyfin on their phones and tablets all they want - google wouldn't know what servers those clients are connecting to anyway. And even if they did, my server is not associated with my personal details or ISP-assigned IP address. Maybe you just didn't know that, idk.

I came into this argument from the UX angle, you guys are increasingly convincing me that a significant disincentive for self-hosting to become mainstream

Using a google SSO isn't a prerequisite for self-hosting becoming mainstream. Maybe SSO generally is, but there are a dozen other ways to achieve the same thing. Maybe I don't care if it becomes mainstream? Maybe what I actually want is for people to learn tech self-sufficiency so that we're not indefinitely reliant on SAAS. Maybe i'm content with my special little hobby and I'd rather point and laugh at people who get fucked over by services they delude themselves into believing won't ever screw them, just because they can't be bothered to learn a new skill.

you guys are increasingly convincing me that a significant disincentive for self-hosting to become mainstream is that its entire community is convinced that they are doing something wrong, apparently

If you're as concerned with self-hosting becoming as mainstream as you claim you are, then I'd imagine you'd be more concerned with the late-stage capitalist reality of media distribution and the increasingly restrictive laws surrounding its use. Where I live, the legal structure that protects the right to self sufficiency is very much under question, and continues to get worse. I got burned several times in the napster/limewire days, before it was established precedent that sharing digital copyright material was illegal, and unheard of still that anyone actually got punished for it. I know better than most that you can't count on those protections indefinitely.

But as an anarchist, I think a little bit of crime is good, actually. More people should be doing crime. But if you're gonna do it, do the rest of us a favor and don't be a dumbass about it.

You can’t argue that the guy saying he has a problem with Google’s sign-in specifically has a point and also say that the data mining happening within Plex is WAY more intrusive.

Those are not mutually exclusive statements. In fact, mostly it just makes you an idiot for not having a problem with either.

It is worse than an auth method that isn't maintained by a known data whore like google. It's substantially worse when you're using it with another data whore service. For those of us who administrate remote services and care about not being beholden to google's data addiction, it is absolutely not a good thing to provide it as the default auth method, which is what the OP was saying. Even if jellyfin included it, I would immediately disable it. Especially since, as a server administrator, I have a vested interest in keeping the activity of that server private. Even if the specific details of the media on it aren't exposed, I don't want any party with conflicting interests to my own to know what users are associated with my server. Just having a dozen or so users connected through jellyfin to my IP would be enough for a motivated legal entity to look at me, and I have more than just a private media server to worry about. Is it likely to happen? Probably not. But why would I even risk it?

If you have a source for how apparently US law is directly applicable to any country they have a trade agreement with feel free to point me to this insane new paradigm of international law, though.

I don't have a source for you, but typically using a US-based platform can give US authorities a jurisdictional hook, especially if the rights holders are US-based or can show commercial harm. That is why US based web services are extraordinarily strict with all of their users, even those who live outside the US. I'm not even saying it's common, just that it could happen. I seem to remember operators of p2p services getting nabbed at customs while traveling back in the day - it wasn't illegal where they were, but it sure as fuck was in the US and they were extremely interested in putting the kabash on it.

No question that plex is a more convenient service, but if you have the tech literacy to manage something that's completely private that is only marginally more complicated, why the fuck wouldn't you? Then again, maybe if you think you're more tech literate than you are, it doesn't seem all that simple.

Lmao, just fuck off. I don't have time to be your therapist.

Are you saying that the problem is the SSO or Plex?

There's a problem with SSO's and there's a problem with Plex. Go back and read the conversation - that's not the problem with plex, it's a problem. Someone said they don't trust google login, and you were indignant about why that might be, and I was exceedingly patient with explaining why it's a problem. I like that jellyfin does not provide a google SSO, because I can choose a better, less invasive one as a server admin. I've not said anything contradictory here, you've just been willfully misreading shit.

Once again, the biggest issue with those hypotheticals is that Plex boots me out… of Plex.

just fucking read the words I so kindly found for you in the TOS (not that it fucking matters if it's a tos or a eula anyway). It's also not a fucking hypothetical, Plex has already been exercising this. But I don't give a fuck if you're concerned about it, i'm just telling you why so many people are taking issue with it. And given that they've already demonstrated that they collect detailed data about your personal library and watching habits, it is certainly not out of the question that they could now sell that data as a part of their new privacy policy.

In addition, Plex shall have the right to take appropriate administrative and/or legal action in the event of breach or (alleged) criminal activity, including alerting legal authorities, as it deems necessary in its sole discretion.

Unless you live in a country without a copyright agreement with the US, you are absolutely liable under this. I have no idea if you do or not, but I'd venture a guess that most people here do. Good for you if it doesn't apply.

I don't give a shit what software you use.

a one week test run I did a while ago on a piece of software that didn’t do what I wanted.

Ok, well then why the fuck are you insisting that it's evidence of poor software design? Are you really bitching about it slugging your system without even looking at what the default settings were, let alone looking to see if they were appropriate for your setup? Like jesus christ, you can't even play a typical PC game without tweeking your video settings these days, and yet somehow a self-hosted open-source app is supposed to just guess what your setup is?

I’m not going back to Jellyfin just to verify that you’re obviously wrong about it all having been perfectly fixed up to Plex’s standards

yea, lowkey fuck plex standards. I'd sooner use a cheese grater as a razor than go back to that POS

No, the bans stem from the EULA.

Take another look bud.

But maybe you don't care about any of that shit, either? Idk man the list of things you're dismissing as unimportant is really adding up.

Plex already knows the stuff you are worried about. The SSO has nothing to do with it. Plex doesn’t need data from Google to know, they already have your personal information.

Jellyfin has zero idea who I am or what accounts/IPs access my server, nor do they know what's a part of my media catalogue or if they are legally licensed to me. If I were to use google's SSO, then google would know which accounts/IP's are accessing my server, which isn't a huge deal by itself, but if jellyfin were to have information about my entire account and library then it would suddenly be a very big issue.

But Plex does know what's on your account, and they do limit the number of authenticated users of the account as a part of their TOS and through limitations surrounding their paid plex pass, and they have exercised their right to terminate accounts and pass personal information of infringers along to law enforcement and copyright holders. None of which is even a remote possibility with a completely self-hosted solution. But hey, if you're happy then more power to ya.

Why should it be possible for the user to erroneously set the software so that scanning a library would grind the whole thing to a halt?

You've been extremely vague about what the actual issue was, and the details you HAVE given are often contradictory. I'm getting so tired of this cat and mouse game. Fine, yea. Maybe they should have anticipated your specific use case, and everyone else just got lucky with their config not causing the issue you're so sure is their fault.

Jellyfin’s interface to add live TV channels

It isn't designed for that but nice of them to enable you to do it anyway

its overcustomizable tools for skinning (which are needed because the base skin is pretty plain)

This is an outdated complaint, but also fuck them for giving you the option to customize the look, I guess?

the convoluted requirements for remote access

That's just what remote hosting entails, bud. Nice of plex to hand hold you through the process but it comes at the cost of privacy. It's easy enough to access via VPN though, or I guess you can expose your home network but doing that without knowing what you're doing puts you and all your data at risk. Idk how you're accessing any of your other services though.

the overly strict library parsing paired with the default choice being to keep data stored within the library

I have no idea what this means but I suspect it's an outdated gripe. Setting up library scans is as straightforward as plex, or at least it is now.

I briefly tried to get books working on it

It's not designed for that but good of them to make it so you could do that anyway

You can get as condescending as you want, but those are all major UX blockers for key use cases

Lmao, what?! Weren't you just telling me some people just want something that lets them stream their media to their tv without a hard drive plugged in? And now using it for ebooks is a 'basic UX block'? GTFO lmao

You are presenting a lot of great hypotheticals and I’ll be happy to stop using Plex if and when they stop being hypotheticals.

it's not hypothetical, Plex has already been banning users for various reasons, all of which stem from them having access to data about your account, connected users, and server data.

Especially because we’ve moved from “oh, maybe get your family to not use Google to log in” to “actually, get them to move to F-droid or install from source and do so under proper DNS filtering to stop telemetry gathering”.

• someone suggested they didn't trust google SSO
• you said 'why does that matter, they don't collect much info from it'
• I pointed out that it's still a big deal because of the potential abuses it enables
• you said 'why should you care, they'll know you use it from downloading the client app'
• I pointed out that there are ways to use it without them necessarily knowing, and...
• anyway the real risk is associating your identity with a specific host server, not that you have plex on your phone or tv

You're the only one making this complicated bud.

Oh, and while I get that you get a kick of repeating what your understanding of US law is at me, over here backing up to additional media is explicitly supported by the right to private copy. As is, implicitly breaking DRM.

I was simply telling you that the US has a similar carve out for breaking DRM, but that it didn't include the use case you are describing. Just giving you a heads-up that it's a common misconception here, and it could be misunderstood wherever you are too. Chill out. BUT, even if it IS legal where you are, Plex is bound to US law and can and will ban you for breaking it.

Not that it matters because nobody is enforcing these at individuals for private use anyway

Except Plex is enforcing it because it is excplicitly against their terms of service, and have already done so.

but don’t act like anything else is insanity. It’s kind of obnoxious.

I'm not saying it's insanity you dipshit, i'm saying there are good and valid reasons to avoid a cloud-hosted service not within your control. You're free to disagree but fuck off with this incredulousness

You're free to find me annoying, I wouldn't try to deny that anyway.

You pointed to a 'technical issue', and i've been pretty upfront about why that isn't necessarily a problem with the software and more likely a user error. You're free to not use jellyfin for whatever reason you want but I don't think it's accurate to portray that as an issue with the software. Sorry if you disagree.

I haven't seen any issues with UX design personally, and honestly I haven't seen anyone making a detailed case here about it, but if all you need is "to be able to open your media without having to plug in a physical drive do your thing" I don't see anything wrong with jellyfin. Maybe if you really really like your google SSO and can't figure out how to implement that yourself, great. Use plex, go nuts.

Well, if you have an issue with people knowing you use Plex at all, then… tough luck, because I hate to tell you this, but a media server needs a client and it’s a vanishingly small group of people that will use either Plex or Jellyfin clients and not let Apple, Google, LG, Samsung or whatever other device is running the client software that this is happening.

First:

• not if you install these applications through fdroid or install from source
• not if you block dns queries that report to those servers
• not if you access the service via webURL

but also, it's not just that they know you use plex or jellyfin, it's that they know which plex server you use and from what devices you stream from. If, for example, plex decides they want to limit the number of households can stream from a single server (like they've already done), all they'd have to do is lock or limit people's google SSO to that server. They could also report which users are associated with servers engaged in illegal activity when requested, or they could region lock their services or specific media IP's by request from copyright holders..... There's a ton of abuses that are made possible by even that tiny bit of information they share/collect.

You might not care about it, but a lot of us do. Nobody is trying to convince you to stop using Plex, we're just trying to explain why we really do not want to use it ourselves

And for the record I do not live in the US and the way their absolutely idiotic copyright loopholes apply here is very much in question. It doesn’t get tested in court much because the times it has been it didn’t go particularly great for copyright holders. Private copying owned media is a right regulated by law here and I will continue to do so.

I have no idea where you live, but plex is an american company. Plex will 100% be forced to comply with copyright takedown requests, and could absolutely penalize you for infringing on american copyright law. Could you be arrested? Maybe not. But there are still a ton of ways you could get fucked because Plex has enshittified their service and has made zero commitments to protecting you or your identity.

we are allowed to back up movies

small thing, but in the US this is technically allowed, but as soon as you format-shift the media (e.g. rip a dvd into a digital format) it is no longer protected. It's assumed that 'backing up movies' is literally 'duplicate the media in exactly the same format it was originally purchased in'. On top of that, it's also doubly illegal to then share that media, even as a direct stream via a home server. Idk where you live but I'm actually am not aware of any country who allows for your stated use (unless you're somewhere without extradition or trade relations with the US like Russia or Cuba, because they don't give a fuck about US legal claims). Not that it's commonly prosecuted even in the US, but US companies routinely get takedown requests for that shit and Plex will absolutely throw you under the bus.