Skip Navigation

Selfhosted @lemmy.world

Sips' @slrpnk.net

3mo ago

Plex staff leaving review on Play Store for Plex

In todays episode of "Plex enshittifies" Plex employee breaks ToS.

Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736

You're viewing a single thread.

292 comments

Leaving this completely unrelated link to a better alternative here: https://jellyfin.org/
- Leaving this for people to realize that there's a literal chapter's worth of book of security issues that haven't been fixed and seems to keep getting the can kicked down the road... for over 4 years now.
  https://github.com/jellyfin/jellyfin/issues/5415
  I love Jellyfin... people need to implement it sensibly knowing the potential risks.
  Edit: Ah yes! I MUST be a shill for saying "Implement it sensibly".
  Here, let me "de-shill" myself.
  You have several options to make Jellyfin serviceable to users outside of your literal LAN network.
  setup a VPN. Pray you don't have a user on a device that doesn't have a VPN app that you can work with.
  setup whitelisting on your server. Pray that IP addresses don't change.
  setup fail2ban or crowdsec. Pray that you users don't piss off either by doing user things and getting locked out.
  If anything above fails... you're likely on the hook for support. Hope you plan for that!
  Obfuscate your paths (change /movies/title (year)/title.ext to something like /9ZHBrvNH4dKQDYFa2parH32qqSFpjsWTataVkjy4NqPxpVktT55PkEee5YSVRvUQ/movies/title (year)/title.ext). MD5 is now much harder to generate/guess... pray that there isn't some other vulnerability. Gotta go back and reconfigure and organize your shit. Oh and make sure that your docker mounts aren't crushing the path!
  Am I still a Plex shill? BTW I run Jellyfin AND Plex. Literally side by side. Different uses for different cases because Jellyfin just can't compete with Plex for sharing with dumb-ass relatives.
  
  If your use case is to have a nice media sever at home and while traveling (via tailscale or similar) without exposing your private data, Jellyfin is great.
  If your use case is running a pirate tv service for other people, then you probably want something else.
  
  If you're support ANYONE other than yourself who isn't technical, it's a hurdle. And likely a significant one.
  I would not be able to educate my wife properly on the times when she would need to enable wireguard on her phone to use it properly (and when to disable it for other scenarios).
  This has nothing to do with running a pirate service.
  
  Setup a wireguard client so it’s always connected but is used only for a certain IP (the address of your server). If you’re interested, I can help you with that.
  
  It's not me that's the problem. I have a permanent tunnel back to my house/infrastructure (straight wireguard). It's communicating how to use it to my users that the problem... I already do enough support that I'm just not opening that can of worms to non-tech people.
  
  everybody downvoting your comment has zero experience being the go-to family tech guy for relatives in their 80s and 90s who can't reliably distinguish between windows, dialog boxes, menus, and buttons
  
  Great!
  How do I set up WireGuard specifically on my AppleTV? How about my Roku? My friend’s LG TV? My other friends Samsung TV?
  
  I feel like you’re not asking for help, but rather trying to prove a point. I get it, but for Apple TV you can use https://passepartoutvpn.app/, for others, I don’t know, I have no experience.
  
  I think they're meaning exposing it to the public for the pirate tv use case. In my personal experience (1 non savvy user using the roku app, no vpn), it's not much support. I had to talk them through initial sign on, and through re-sign-on after that latest update that forced it. Of course ymmv, but two 5 minute tech sessions with grandma over 2 years of consistent usage ain't that bad.
  
  through re-sign-on after that latest update that forced it
  I've racked my brain to determine WHY that happened, but the only thing I can guess is Roku saw the channel differently because I packaged it instead of the previous person, so the config didn't port over /shrug
  Never had that happen before.
  
  I figured it was the enforcing of the trusted proxy mechanism mentioned in the release notes (only noticed because of an earlier thread here, thanks!). Once I updated my server and set the proxy settings all my clients needed to be signed again.
  
  And I'm talking about the reverse problem. That you would need to expose it in order for it to work with other users... OTHERWISE be on the hook to support users via VPN + Jellyfin, or in the case of TV apps, Router+VPN+Jellyfin. That doesn't scale up well the moment you have someone not in your house that uses your stuff. It doesn't have to be pirate TV. Could just be a kid at college.
  
  Yeah I don't think anyone sane would disagree. That's what forced the decision for me, to expose or not. I was not going to try talking anyone through VPN setup, so exposure + whatever hardening practice could be applied. I wouldn't really advocate for this route, but I like hearing from others doing it because sometimes a useful bit of info or shared experience pops up. The folder path explanation is news to me; time to obfuscate the hell out of that.
  
  Yeah I don’t think anyone sane would disagree.
  Exactly... But I get chastised for pointing the problem out. Called a shill because I care about security.
  I RUN JELLYFIN. I HAVE IT RUNNING. Others you recommend it to should be made aware of the risks that's all I'm trying to point out.
  The folder path explanation is news to me; time to obfuscate the hell out of that.
  You can get around the MD5 issue (a bit) by obfuscating your path. Instead of /movies/title (year)/title.ext... make it /mnt/MHhzTiM57Fv4wWQmkmb4DLDwVKoB628KBQzhBHQjGQVtsjhwRrFNU2NtRGJ4dUpg/movies/title (year)/title.ext and you'll probably be pretty damn immune to the problem as it stands now... But just blatantly telling people to use Jellyfin isn't a good answer here without that background.
  
  Awesome, thank you, this is exactly what I was thinking when you mentioned it earlier.
  
  My wife has no problem starting the tailscale app and then starting the jelkyfin app. Its really that simple.
  She also uses the tailscale exit node I run whenever she is on a public wifi. Its really a well designed simple to use app.
  
  Would you like to explain to my MIL about how to set up tailscale for her entire network so she can stream to her TV?
  
  Download file from Google Drive link
  Download OpenVPN app
  Pick file in OpenVPN app
  Enter password
  Share WiFi from phone to TV
  Done
  
  Too hard, she can't even open a PDF file on her own.
  
  Does she drive or open bank accounts?
  If the answer is yes, why is that so much harder?
  And I work in tech support. With medical non-technical folks. Guiding them through the control panel oblindly on the phone.
  I know what I am dealing with on the regular!
  
  Good question, I'm also in tech. She does drive and of course opens bank accounts, but it's like it all goes out the window when she needs to do anything remotely technical. I would say that most of the users I've encountered are not that bad, but she is unique in that way.
  
  If the answer is yes, why is that so much harder?
  Because computers (to older folks) are a magical black box that they’re afraid to break but still manage to do so.
  Can you wire a network cable? If the answer is yes, why can’t you build a night table from scrap wood?
  You can’t because having proficiency in one area doesn’t translate to proficiency in another.
  
  You want to run an internet tv service for your MIL then do it. Thats just not want Jellyfin is for. Its a home media server.
  Is this that hard to understand?
  
  Then it's not a drop in replacement for Plex, is it?
  
  No shit. Is that not exactly what I have been saying over and over?
  My first comment in this thread says clearly that if you want to run a pirate tv service for other people then you'll want something other than Jellyfin.
  
  You replied to someone and said "my wife has no problem using tailscale". Is your wife not another person? Sure, same household, but if you're not running a pirate TV service, why does she need tailscale, and how is that different than sharing with my MIL?
  Also, why do you keep using the terminology of "pirate tv service"? Why is it suddenly not a home media server if I want my mother in law to be able to use it? I don't share with people outside of my family.
  You seem to think that because you're using Jellyfin, it's automatically not piracy. But you certainly can do piracy with it, it has tools purpose built for it like Jellyseerr. So how is that not a "pirate tv service"?
  Do you not know that you can also upload your own media rips to Plex? Is that still a "pirate tv service"? At what point do you assign the (fairly negative, at least legally) connotation of piracy to a service someone is hosting out of their homelab?
  
  My wife and I hardly ever watch TV outside the home. Certainly not with our phones. The only time is when we travel However she does use tailscale daily. That was my point, that tailscale is easy for non-tech people. Sorry if that is confusing.
  
  Awesome... cool for you. The average person doesn't even understand or even know what a VPN is.
  I taught undergrad and grad college level IT courses. Many students there didn't even understand what a VPN actually is.
  Edit: It works for you... great... it could even work for many... Awesome. There are legit use cases for the majority that VPN just doesn't work.
  
  Jellyfin is a home media server. it is great for that use case. It is easy to setup and use. Most importantly its not sending data about everything we watch to some company.
  Stick to plex if you want to run a free internet tv service for your cousin and their kids and whoever else and you aren't concerned with their or your privacy.
  I'm into self-hosting because data privacy is my primary concern.
  
  Jellyfin is a home media server.
  Ok, then why do they offer remote connectivity?
  
  Stick to plex if you want to run a free internet tv service for your cousin and their kids and whoever else and you aren’t concerned with their or your privacy.
  What evidence of privacy problems do you have against Plex?
  I've wiresharked, splunked, checked literally everything that I sent to Plex not all that long ago... Turns out it a whole fuckton of nothing and generic metadata pulled from the media agent. Turns out that as long as you turn off the dumb features, you're not sending all that much. It's much easier for me to tell people to turn that shit off than it is to convince them to install apps and configure everything.
  I’m into self-hosting because data privacy is my primary concern.
  Privacy won't matter if a major studio catches wind of this type of vulnerability and decides to start scanning for jellyfin instances. The subpoenas will come shortly after.
  
  Plex clearly scans your media collection and does upload the metadata and they can add more data collection any time they want.
  Privacy won't matter if a major studio catches wind of this type of vulnerability and decides to start scanning for jellyfin instances. The subpoenas will come shortly after.
  How are they going to scan a server on my network thats behind my firewall with nothing open to the internet?
  
  Plex clearly scans your media collection and does upload the metadata and they can add more data collection any time they want.
  No. The local metadata agent requests the data, it doesn't upload a list of what you have but requests the metadata it's missing. And you could say that a log collection of what data it retrieves is risky... except now they cram so much nonsense on the home page that all of that is fluff that would obfuscate that heavily...
  
  But you can configure the meta-agent. You can not request it at all.
  How are they going to scan a server on my network thats behind my firewall with nothing open to the internet?
  So then you agree with my initial statement that I start with of "people need to implement it sensibly knowing the potential risks."?
  If so... then why get into a hissy fit over this when my statement was clear? People shouldn't implement Jellyfin without understanding the risks... it's not innately secure and requires additional solutions to make it use-able. And thus, should be recommended only when that is disclosed.
  
  Where did I disagree with you?
  I've repeatedly pointed out that Jellyfin is great for a self-hosted home media server. If you use it as intended then its security is not an issue.
  Its not for running an internet tv service for others.
  I don't really understand why this causes some people to go off on a rant about how hard it is to explain a vpn to their grandmother. That's not something I've ever suggested.
  
  What evidence of privacy problems do you have against Plex?
  Well there was that one time that Plex emailed your friends and shared your viewing habits.
  https://www.404media.co/plex-users-fear-discover-together-week-in-review-feature-will-leak-porn-habits-to-their-friends-and-family/
  
  Turns out that as long as you turn off the dumb features, you’re not sending all that much.
  Those users kept the feature turned on. I spoke out against that shit when it happened on Reddit. But turns out users who disabled the dumb features in their profile never had those emails sent. I never saw the email as an example... and my subset of 5-6 users that I think I had at the time... I distinctly remember 2 of them talking about how they never got one either... Turns out that I could reliably use that email to show the other 2-3 users that they need to turn off those flags.
  
  and
  
  Were the big sections I believe... But that was a couple years ago at this point and I might be misremembering.
  
  I’d still say it qualifies as a huge example of “evidence of privacy problems with Plex.” It certainly informs the community on Plex the company’s perspective on privacy and what a user’s expectations should be.
  They chose to make that email and feature opt-out and after the fact.
  
  Me wondering how many security issues the completely proprietary Plex has that they won't tell us about.
  
  Honestly this is something that needs to talked about more. I frequently see people roasting on foss but in reality the proprietary vendors have all sorts of dumb security issues.
  
  The difference being, that the Plex devs weren't confronted with a list of security issues and basically shrugged and dragged their feet for 5 years
  
  How do you know that? Development happens behind closed doors.
  The Jellyfin devs are "dragging their feet" because they do not want to break existing clients.
  
  Fair concern... But I can tell you unauthenticated endpoints aren't one. I haven't tested any others personally.
  
  Unauthenticated endpoints aren't one as far as you can tell.
  
  Just the same that we don't know if the jellyfin ones don't have further issues that people just haven't found yet. What's your point? One is known for 4+ years now and is a wontfix... the other is unknown and no evidence to suggest otherwise.
  
  Without authentication; it's possible to randomly generate UUIDs and use them to retrieve media from a jellyfin server. That's about the only actually concerning issue on that list, and it's incredibly minor IMO.
  With authentication, users (ie, the people you have trusted to access your server) can potentially attack each other, by changing each others settings and viewing each other's watch history/favorites/etc.
  That's it. These issues aren't even worth talking about for 99.9% of jellyfin users.
  Should they be fixed? Sure, eventually. But these issues aren't cause to yell about how insecure jellyfin is in every single conversation, and to go trying to scare everyone off of hosting it publicly. Stop spreading FUD.
  
  <admits there are problems>
  <Stop spreading FUD>
  It's not FUD if it's real. I could say the same shit for people screaming Jellyfin at literally every chance they get when the topic is Plex. Instead I further the discussion rather than telling other people they're spreading FUD.
  it’s possible to randomly generate UUIDs
  It's an MD5 hash of the file path. Not randomly generated, and not a proper UUID.
  Edit: for others that might not understand... Docker files will standardized the path side... *arr suites and general human nature will standardize the file name.
  So a generally guessable file path exists for a LOT of users out there... It's absolutely possible to guess that many people running jellyfin would store their version of bigbucksbunny as /movies/bigbuckbunny (2008)/bigbuckbunny.mkv or similar conventions and I've probably already nailed the path to generate the MD5 for a lot of people running Jellyfin just now.
  
  You shouldn't expose it publicly
  There are better ways to do things in 2025
  
  Imagine downvoting "Be careful what you expose to the internet". I thought I'd got away from Reddit.
  
  The core message is (to me) fine.
  What I kind of dislike is the delivery.
  Btw: Can someone tell me why he path-guessing is so dangerous?
  I don't care if someone can guess the path for the.rise.of.the.linux.ISO.720p.DD.H264.mp4 and wants to download it.
  Not like any damage or (interactive) intrusion was made into my network
  
  Btw: Can someone tell me why he path-guessing is so dangerous?
  Cause organizations like Sony have already done things like installed rootkits on people's computer. Now imagine they realize this is a flaw in some media setups the their legal departments start actioning on it. (generate a rainbow table of common names for files, and common paths used in linux/docker containers... running 10000 http requests on a server over a few minutes is child's play)
  All it takes it one thing to parse on a list that never had a physical release and now your whole server will be subject to discovery at the court case.
  If you have literally no illegal content on your server, no problem... other than that you'll be on the hook to provide proof of rights to have the content... and possibly at worst rights to distribute (they accessed it without authentication, so literally anyone else could have too).
  Edit: Oh but hold on! I hear you say that it would be illegal for them to scan your computer like that...
  Except it isn't. There's no law that says you can't try to navigate to a URL. There are laws that say that you can't bypass attempts to authenticate/protect content... but remember the endpoint isn't behind authentication.
  
  Except it isn't. There's no law that says you can't try to navigate to a URL. There are laws that say that you can't bypass attempts to authenticate/protect content... but remember the endpoint isn't behind authentication.
  Assuming I am from the US?
  Because if so, it doesn't apply
  But I appreciate your time for the explanation.
  
  Assuming I am from the US?
  I mean... I'd like to see any law that can be construed that directly accessing a URL that's unprotected is illegal. I'm not an expert in EU law on this for sure... but I've read many things pertaining to EU law and never found one that would lead me to believe otherwise.
  
  Did you read them? somebody is spreading fear for no reason. It almost feels like they want people to use something else.
  
  I'm betting most of it is because some terminally online folks here have seen me post similar things before (the last time was like a month ago though... so I dunno)... So they think I'm some misinformation campaign or something. I don't know. Anywhere I go on the internet it seems I trigger people by pointing out obvious things regularly. I just accept that society is fucked at this point.
  Edit: Yup, went and doublechecked. Last post I posted about plex in was 1 month and 5 days ago... https://lemmy.ml/post/28376589
  The before that... https://beehaw.org/post/19228632
  https://beehaw.org/post/19211350
  All over a month ago... So I guess I must be a super shill to not even talk about plex for a whole month! I hope they don't cancel my checks.
  
  That's based on the assumption that's your only account, though. Not that I'm calling you a shill, just pointing out the obvious flaw in your logic. Any actual shill would have sockpuppets to spread out their comments and hide their history.
  
  ... Check my instance... Would be weird for me to shill for someone on my own instance that I'm an admin for, no? Wouldn't I not shill for something directly on my admin profile? Also I think there's one other mildly active user on my instance... Nobody else here to shill with.
  I suppose I could make accounts on other instances... Nothing I could do to prove that isn't the case... Just like I could say the same that all of lemmy is tankie bots.
  
  What the other guy said. I repeat, I'm not actually calling you a shill. I even agree with your point about JF, I'm just pointing out your logic is faulty.
  
  You're just ignoring the point - we wouldn't know that without doing some work, and it still doesn't mean it isn't being done.
  I believe you when you say you aren't doing it, but just like the issues with this reviewer, we just don't know the extent.
  
  Well then the obvious answer would be that if I had all these sock puppets... wouldn't I just also upvote myself? Wouldn't that make a malicious intent much more effective?
  
  This is why when people say that FOSS is more secure than closed source I always laugh. Those people seem to think that because it’s open source that not only has it been reviewed in depth by security experts who know every single possible vulnerability, but that they found every vulnerability, fixed them, put in PRs that were then approved by the creator, who then made a new release with those fixes……. every time a new potential vulnerability is discovered in the libraries etc that it’s using.
  Often it just leads to situations like this - known big vulnerabilities that are just never fixed.
  
  It cuts both ways... Closed source things can be hiding shit... or simply never testing/caring about it... Oftentimes a truly interested person can externally test it and find the flaw anyway... but not always.
  Where open source can have a lot of people who care about it... but never have the manpower to fix it.
  The best open source projects are the one that have closed source backing it seems. I've had my company throw in resources into open source projects before because we used them.
  But jellyfin and the likes would be hard to get backing for
  
  FOSS isn't always more secure than closed-source, but it absolutely can be.
  It depends on the priorities of the maintainers. It seems like Jellyfin's maintainers might not be putting a huge emphasis on security, which is very disappointing, but they are volunteers at the end of the day.
  
  My assumption isn't that they're all fixed, it's that any particularly bad ones would be known about so I know to avoid it or not. Which appears to be the case.
  
  Honestly it's news to me but having read through those most of them are not an issue.
  setup a VPN. Pray you don't have a user on a device that doesn't have a VPN app that you can work with.
  Dafuck kind of a nitpick is this? In what world does OpenVPN not have an application for every device and OS combo out there fully supported? You tryna watch it on a VCR or smth?
  
  LG tvs and rokus I know for a fact don't have vpn apps available. And I'm sure there are plenty more.
  
  Neither do Samsung, the jellyfin app works great on Samsung after the annoying process of installing it, but can't put a VPN on it that I'm aware of.
  
  WireGuard doesn’t work on AppleTV
  
  Products like Netbird and Tailscale have the ability to act as an ingress node on the network.
  Alternatively you could setup Wireguard and a simple http proxy like Caddy. Just give your relatives a box to plug into Ethernet. You could even use it as a backup target.
  
  For people who can't or don't want to run a VPN app, Tailscale has the Funnel feature, which can... Funnel traffic into your Tailscale net.
  I've only used it for light stuff so not sure how well it will work for video.
  There are other Mesh VPN solutions out there - I've used Hamachi for close to 20 years on Windows, and it just works. There's a Linux client too, though I haven't worked with it in years.
  Alternatively, you can setup a Raspberry Pi just for the Tailscale/Wireguard VPN, for say at your parents/friends houses. Cheap, simple solution, and it'll handle DNS for the devices in the Tailscale mesh. This is something I'm doing for family/friends for unrelated/slightly related reasons (I'm reproducing the Backup to Friends feature that Crashplan used to have, so all of us can have multiple backups in our own "cloud") , but they'll get the side benefit of video, which won't get backed up, just duplicated everywhere.
  
  Don't you need to set a static route in your router for that to work?
  Hamachi definitely doesn't work on TVs...
  
  This past week I switched my server to Jellyfin and migrated all my users over to it after I just happened across a thread a month ago about Plex charging for remote streaming on the 29th of April.
  I never got an email from Plex about the change until April 29th... Scummy behaviour and I'm sure a lot of users and server owners bought their product in a panic as a result.
  So far Jellyfin works perfectly, all my users are on Rokus and the app works perfectly on there.
  Plex will only continue to get worse so I'm glad I made the jump.
  
  So far Jellyfin works perfectly, all my users are on Rokus and the app works perfectly on there.
  Considering that Roku doesn't have a VPN option... Then I hope you've at least obfuscated your media paths so it's not easily guessable on the complete unauthenticated endpoints for people to abuse/probe your server.
  
  I keep an eye on my server and trust issues will be fixed in time as more and more users dump Plex.
  Who knows what security issues Plex had and I ran that without issue. At least Jellyfin's aren't hidden.
  
  If anything above fails... you're likely on the hook for support. Hope you plan for that!
  It's a self-hosted service so... Duh?
  
  I am pretty positive you are a Plex shill too at this point...
  Keep popping up every time somebody speaks good of jellyfin...
  If there are really all those safety holes... Please explain why my publicly exposed instance never got hacked all these years.
  
  And every time I speak up about it... I find users that never heard of it and want to learn how to reasonably fix it. And those discussion happen.
  Example:
  
  Am I a shill for talking about the risk of this specific software and even how to mitigate it with others? or am I a shill because you're defensive over software that you happen to use/like?
  
  Feels like you patrol lemmy to post again and again the same list of "bugs" about a single specific piece of software meanwhile there is an open war moved by a commercial company against that specific piece of software, so yes this is why I think you work or have some personal interest in Plex.
  And the fact you run both means nothing, it only make sense that Plex people checkout the market
  Also, jellyfin has real downsides to Plex and security is not one of those.
  
  Ah yes, I patrol lemmy... waiting over a month between posting on the matter... and present some solutions to the problem myself while advocating for a resolution of fixing bad unauthed endpoints?
  Also, jellyfin has real downsides to Plex and security is not one of those.
  Unauthed endpoints are literally a bigger security issue than anything plex has ever shipped.
  
  How do you even know you were hacked? Are you monitoring the traffic?
  
  I had the same thought and I don't understand why you are being down-voted. All those "security issues" are a minor inconvenience at worst. I went through them twice and I am fine living with them in my publicly exposed instance (publicly just for myself and my wife wherever we are).
- Am I correct that there is no first party Jellyfin app for AppleTV?
  
  There is not, but Infuse is what the Jellyfin project officially recommends.
  
  There is Jellyfin, Swiftfin, and Infuse - the latter being 3rd party, but its my favourite so far in terms of stability :)
  
  If I remember right I tried to do the Infuse free trial but either Apple or Infuse was choking on processing the trial request and I could never use it.
  
  Yes. But there is a different option. There’s a list of clients on the website.
  
  Correct and what I've seen from Jellyfin / Emby are poor looking at best. While I could cobble together a system that works for me, there's no way anyone I share with would put up with it. Plex is PLEX for a reason.
  
  Correct, but there is an Emby app for every device.
  
  Emby is a paid service right?
  
  If you use plex and jellyfin anyway, i suggest checking raspberry pi and kodi (libre elec) as an alternative. The pi4 is fine for hd at least, some use it for 4k but i have no exp with that. It works well and helps you get off the apple ecosphere.
- It's plain deceitful to say jellyfin is simply better. It's simply less capable and less supported. I don't know if you're trying to deceive others or just yourself.
  Here's the difference: With Plex it's trivial to invite other people to watch content from your server, they can view it on just about any device they have and it doesn't take any complicated networking setup to achieve. Likewise, just as you share your server, you can view content from other people's servers through the same interface. This is not a small feature it's the primary feature of Plex, it's what sets it apart from xbmc or any media center software.
  I am totally on board with FOSS and I would absolutely use jellyfin in a second if it could do the things that Plex does. But it can't.
  As a side note, this new interface for Plex on mobile is absolute shit, a big step backwards. If I had my way I'd still be using the Plex app from 2016.
  The real problem with Plex is that it's a whole package, server and client. If it were instead a server and an open protocol, that anyone could make a client for, that would be vastly superior. I desperately want to use a more customizable 3rd party client with my Plex server.
  
  No it's not they have to create a Plex account if putting a URL in a window is to technical then creating an account is. Also jfa-go has made inviting so easy.
- Jellyfin really needs to work on security and server discovery.
  As it is right now you have to manually input the server URL unless it's on the same physical network, discovery won't even work with broadcasts across VLANs, or over the internet.
  
  I think the better answer would be to not expose Jellyfin to the internet.
  Although it would be cool if it integrated with something like p2panda or libp2p
  
  And with that it loses any edge it had over Plex. If I have to install a VPN on every device of every user, just because the project wont adhere to basic security practices, then I will not switch to it.
  
  I still would choose Jellyfin over Plex in a heart beat. You don't need to switch if you don't want to.
  
  It loses a massive feature that Plex has and does really well in that case.
  
  It doesn't even work right on the same net sometimes.
- "Better"
  Maybe if they'd fix their glaring security issues
  
  Or their convoluted settings. When there's a github project that does the HW encoding settings for you, you know it's intuitive...
- https://hydrahd.sh/
  Use free streaming sites.
  Anything that you want to 'collect' can be downloaded and stored on an external hard drive and taken with you where you need to go.
  Don't overcomplicate things just to fit in with losers on the internet.

292 comments