If installing wireguard and using proper opsec is hard then I guess they’re right.
Already beaten to death this argument. You get wireguard installed on a "smart" TV and then that argument will matter to me.
Saik0Shinigami
joined 2 years ago
Name email address, password, access history, and probably IP and location…
Interesting that you assume this is the list of taken things when that wasn't what was disclosed to us. And Plex has been absolutely forthcoming with this in the past.
Edit: it’s the third time in a decade Plex got hacked. Please list instances where jellyfin leaked the data of all their users.
Literally everyday since those attack vectors are actively open right now and have been open for 5+ years (jellyfins whole lifetime) and proof of concepted for the developers that whole time.
Your email, username, and password don’t matter but the fact that you have Avengers: Endgame does? Jesus Christ man, this is why people say you’re a shill for Plex.
The only "Sensitive" item is the password.. But it's hashed and salted using bcrypt. And for me personally... it's unique. Therefore non-important. Further their recommendation to replace the password is sufficient. Not sure how me pointing out this fact is "shill". but you do you.
I’m sure as shit not paying a third-party a subscription for piracy.
I bet you're wrong on this. You very likely either pay for a VPN subscription that you primarily have for torrenting content, or for usenet access to get content.
I guess you don’t care enough about your own media being yours.
LMAO. I love that the previous sentence you admit to piracy then claim it all to be yours.
and don’t just freely give my media over to a company to take care of.
Neither do I. Now you're just making shit up.
Well... I mean... you can host your spank bank materials there. Fun is what you make of it.
I'm in a thread where Plex admits, responds, then TAKES ACTION. Versus the open source project that's known about an issue for 5+ years... and sticks their fingers in their ears and tells you that you're the problem.
I guess that we'll just reward that project that's lucked itself into not having an issue rather than a product that actually is trying.
Edit: Oh... and the actual "loss" of data matters here... My email isn't special. My username isn't special... The hashed and salted password isn't special to me. None of this data matters to me in the slightest in this instance. However, potentially probing the content on my server directly DOES matter to me.
Sucks for LG tv people... and Samsung Tizen users... And all sort of other people too! But I guess you go out of your way to purchase hardware for everywhere that you go and want to watch TV then, eh?
I sure as shit am not dragging a whole Media PC setup to a hotel with me. Or to my in-laws house. Or my aunt's... But they all have a roku.
Your answer is effectively throw money and support at it... which isn't really a good answer. Especially the moment the user isn't strictly "you".
You can use Jellyfin with wireguard and still have what Plex does.
Okay... Run wireguard on a roku TV or other many other common media devices. You can't...
Unless you want to run an open streaming service (which would probably be illegal in most countries anyway).
You can use Plex and JF both without actually hosting illegal content. You should still be worried about devs who refuse to fix a basic security issue that they actively block from being merged.
90% of Plex users probably don’t need what Plex does and would be happy with Jellyfin.
probably... and 99% of users likely have no idea how to secure things properly on their own. Which makes this whole premise even more dangerous for the "typical" person.
There we go. Finally this argument came up... Plex doesn't have a list of whats on your server.
They don't. The metadata of "what you watched" recently isn't attached to what data source it was watched from. You can go a search for a movie that isn't on your server, click it and mark as watched and it will show up on that email list. You can also disable that function all together and then nothing is synced to them. You can also make a claim that they know what you have since you probably pull metadata on those items from them. Except you can pull metadata on just about anything without having the content at all.
But once again... I'd love to get off of Plex. I want to actively get off of Plex. But Jellyfin is a worse pot to jump into.