- cross-posted to:
- plex@lemmy.ml
- privacy@lemmy.ml
- cross-posted to:
- plex@lemmy.ml
- privacy@lemmy.ml
“I can see that one of my friends is apparently watching a ton of cheesy, soft porn stuff,” a user said of Plex’s Week in Review email and Discover Together feature.
Many Plex users were alarmed when they got a “week in review” email last week that showed them what they and their friends had watched on the popular media server software. Some users are saying that their friends’ softcore porn habits are being revealed to them with the feature, while others are horrified by the potentially invasive nature feature more broadly.
Plex is a hybrid streaming service/self-hosted media server. In addition to offering content that Plex itself has licensed, the service allows users to essentially roll their own streaming service by making locally downloaded files available to stream over the internet to devices the server admin owns. You can also “friend” people on Plex and give them access to your own server.
A new feature, called “Discover Together,” expands social aspects of Plex and introduces an “Activity” tab: “See what your friends have watched, rated, added to their Watchlist, or shared with you,” Plex notes. It also shares this activity in a “week in review” email that it sent to Plex users and people who have access to their servers.
This has greatly alarmed a wide swatch of Plex’s user base, who have blown up the Plex forums, the Discover Together blog post comment section, and Reddit with posts about disastrous overshares created by the feature. A sampling of posts: “Discover Together and Week in Review emails are a MASSIVE breach of privacy and trust!,” “Security breach: Why is my friend receiving notifications to rate movies I’ve watched?,” “Weekly review emails data leak,” “Plex crossed a line with ‘Your week in review’ emails today.’”
The feature is opt-out, meaning that many people were very surprised to get these emails and see this feature, as it’s up to users to proactively turn it off (instructions here and here).
“I can see that one of my friends is apparently watching a ton of cheesy, soft porn stuff (think classic ‘skinemax’ fare) from some server (it’s not mine) or Plex channel, and I am 100 percent sure they would be mortified to know that I know this,” one user wrote on the Plex Forums. “Now replace this friend, who’s just enjoying their downtime with some cheeky T&A, with a teenager who may be having difficulty figuring out feelings about their sexuality and are just trying to explore by watching LBGT dramas to see if anything there resonates or can help them figure things out. Suddenly, one of their intolerant friends or parents gets a detailed email report with a cheery title listing every little thing they’re watching…This is a dystopian nightmare of a feature and I honestly can’t believe it’s been rolled out as opt-out like this. SHAME ON YOU, PLEX!”
“I wonder how many people just had their week’s porn selections emailed to their Plex friends,” another user posted. “I just got an email about a friend’s watching habits which he definitely didn’t want to share. He insists he’s never opted into any data sharing, but…it went out anyway.”
“I’m sure there’s a certain percentage of people who want to know what kind of porn their grandma likes, but I’m hoping it’s not the majority,” another posted.
Otto Kerner, who is a moderator of the official Plex forums, said that porn viewing habits would only be shared if Plex can make a “match” of the media with online databases like IMDb. “Many pr0n titles are either not listed there at all [sic],” Kerner wrote. It’s worth noting, however, that there are many adult titles on IMDb.
There are hundreds of posts about the issue on the official Plex forums, many of which point out that many Plex users chose to use the service in the first place because it is a “self-hosted” alternative to streaming that many people go into believing they will have more control and privacy than is offered by Hulu, Netflix, and other streaming services. Plex is also used by many users to play and stream files that they have illegally pirated (the ability to do this is largely behind the initial popularity of Plex), though the company has been trying to move away from the perception that most people are using it to play pirated content. “The fact that this data is available to you AT ALL … That is just … Mind boggling, and completely against the very notion of self hosting,” one user wrote. “I feel betrayed that was done without telling me that this data was going to be collected. Let alone acted upon. It’s dangerous. Certain entities would LOVE to have that data…which could mean jail time for some.”
“The ‘See what your friends are watching’ will be great for all the people with secret porn libraries. Or when you start watching a Jan 6th documentary, and you see Aunt Becky start commenting about it being part of a satanic conspiracy,” a commenter on Plex’s blog post announcing the feature wrote. “I can also say that not one person I have talked to has ever liked the idea that I can see what they’re watching from my server.”
Plex did not respond to requests for comment sent from 404 Media. Plex employees have been posting regularly in the forums explaining that people can opt out of the data sharing, and have also said media watch “sync events,” which it uses to track viewing history, do not tell the company the nature of the file played: “There is no way to know whether something being ‘watched’ occurred because you went and saw it at the theater and then marked it on the Discover page when you got home, you watched through a personal Plex Media Server Library, or anything else.”
You must log in or register to comment.
Honestly Plex has always given me the icks. Its weird hybrid of self-hosted but managed through their servers always struck me as the worst of both worlds. I’d rather put in a small amount extra effort to properly self-host my stuff, or do significantly less work and use something cloud-based. I just don’t understand what niche Plex is supposed to serve.
Same reaction here. My Plex install lasted until I realized that I had to log into their servers to watch my own content. WTF is an understatement.
You don’t have to log into it, you can turn off authentication for your local network.
If you’re accessing it over the Internet without a VPN, then it should be no surprise that it requires a “cloud” login.
It is a bit of a surprise though because I can host my own authentication (Keycloak, Authelia, Google OAuth as a stretch), or use the built in auth from the service the way Jellyfin does it.
I use Plex because it Just Works™ for my family, but eagerly waiting for Jellyfin to keep catching up.
Who said anything about authentication to access it? A server cannot be set up without creating an account with the company and allowing the server to send Plex data.
You did. It was implied in your statement about logging into their servers. If you didn’t mean that then you should have worded it differently.
Wow, you not only think you’re a mind reader, you lecture like a 1st grade English teacher. You must be really popular at parties. Way too many decent people on Lemmy to waste time with your ilk.
Yes, everything that you imagine about me is true. Have fun imagining whatever you want.
Honestly it’s a good feature for most, same with auth being a cloud service. But it would be nice to be able to self host that part too.
For remote access an account makes sense, but like many people I have no need of accessing my content without a VPN. There are other options out there that do not require logging into a company’s server to set up a local server.
I think if you are aiming for the general public it’s great that you can handle secure remote access and authentication. Because those things are the easiest to mess up and leave you vulnerable.
Plex is great at what it offers, and if that offering didn’t fit your needs then by all means use something else.
I cannot fathom why Plex is so dominant while Jellyfin, for my taste, is better. And Jellyfin is explicitly free, contributors cannot be paid, because they are funded by their intense hatred of capitalism.
Is Netflix for torrents. On my TV, on my phone, at my in-laws. Pause on my phone and resume on my TV.
Surely it can’t be that hard to get it.
The remote stuff is easily achievable with other methods, like hosting a VPN server of some sort.
This but instead of familiarity, it’s capability
I used the embed version in the hopes it would, well, embed lol, but I guess it didn’t work, thanks tho!
Requires a lot more setup, especially on the client side. Media server software make things a lot easier.
I just Selfhost tailscale now days, but it’s true that setting up VPNs can be a pain, especially if it’s containers and/or supposed to be an overlay network.
no need to setup or pay for ipv4 tunnels (which is basically what plex handles for you) or ipv6 (while ipv6 IS great, prefixes offered by isps are usually dynamic and you’ll need ipv6 on your mobile connection too)
getting a public ipv4 is basically impossible task nowadays, most isps only hand them out to registered business on enterprise grade connections, and even if you’re a business, STATIC ip is an extra upsell.
and isps that do hand out them to customers charge extra for it, and usually quite a lot.My ISP gives static IP for free to all customers. Other popular ISPs in my region which are popular among people even moderately savvy will offer it for a very modest fee ($5/month extra is what a quick Google suggests).
Or you can set up dynamic DNS. Use Cloudflare to point to your home IP address, and run an extremely simple script which automatically updates that IP address with Cloudflare.
The only way it becomes a problem is if your home Internet connection is behind CGNAT and can’t be changed. (From what I’ve heard, many ISPs that use CGNAT by default will give you a public IP as long as you notify them of your desire for one.) But that’s an egregiously bad service and you should be looking to move to a better company.
deleted by creator
I literally just explained how that’s not true.
God damn Jesus H tap dancing Christ, stop adding social shit and spam emails to everything. Whoever came up with this needs to be sacked, in addition to the people who hired that person to begin with.
It’s the investors, it always is. The CEO has been there for a long time.
Apologies, the people responsible for sacking the people who have just been sacked, have been sacked
And bitten by llamas
But without social engagement bullshit how can they sell your personal data to brokers?!
Omg, does everything have to be shared to social media? Do we need to comment on everything? Every fucking news site begs for my email address.
Why the people that hired him?
They make terrible decisions, and they might do it again.
The people asking questions about the sacking have also been sacked.
It’s about sending a message.
My privacy is again protected by not having friends!
Seriously though, I didn’t know there were ways to follow/friend people on plex. Why would one want to see what others are watching?
People share their plex servers with friends
I’m just seeing you can share libraries. How has plex not been DMCA’d out of existence?
Plex isn’t hosting the illegal content and that which they are hosting they properly license. Plex in particular is pushimg harder and harder to host content for you, instead of you hosting your own.
Officially, the ‘personal media server’ side of things is for sharing home videos/pictures, not commercialized content. (this applies to Plex, Emby, and Jellyfin)
It’s the users/server operators responsibly to have the correct licensing for whatever they are hosting to others.
Also Plex has been cozying up to media companies and the more they do the more action they’ve taken. Banning whole hosting providers (Hetzner) and even banning some small-time users running small servers.
Plex themselves aren’t doing the sharing
they are proxying the data tho
it operate exactly like Netflix except data is stored on your driveAnd DVD Jon wasn’t decrypting the DVDs
Yes he was. He decrypted DVDs which was the thing he got in trouble for.
Also breaking encryption is legally different than copyright infringement
No idea I’ve never used it I just know some people who use it
I’m guessing because it’s not illegal. Their users are the ones breaking the law. Like reddit or Facebook, the platform isn’t held liable for the illegal activity it promotes.
I’d like to know what my friends are watching because then I might choose to watch the same thing so I could discuss it with them, especially if it was something I was planning on eventually watching anyway.
But OTOH I really don’t want to know about any of my friends’ porn watching habits.
Bro did you see that huge cumshot on Megan’s face? I can’t wait to see what they do next season after that cliffhanger.
But don’t you and your friends discuss what you’re watching? We talk about everything we like so the only things I’d learn from this are the things they watch but don’t like, their guilty pleasures, and their porn habits (though I also can’t imagine using plex for porn). I don’t want to know any of that.
Listen when companies SCREAM at you that they are intentionally ruining their service and selling you out. This is Plex saying very clearly to the public, “it’s been fun y’all, but it’s time for you to find an alternative service, start migrating NOW because it’s only going to get worse from here”
Sadly some people won’t get the message until Plex starts providing their movie streaming habits on request to the RIAA for lawsuits.
Edit: I meant MPAA, not RIAA (though they are probably giving it to them as well).
By the gods are you serious?
No but only because the RIAA is only concerned with music.
For movies Plex would provide your data to The House Of Mouse (Disney), Sony, Paramount, DreamWorks, etc…
I’m sure they provide your music data to the RIAA as well.
Why else would they store it?
I left Plex when they added TV, because I felt the exact same way. It sucks to be right.
Yeah, this is why my lifetime licence will go unused in the future …
Don’t worry too much about it going to waste.
What usually happens next is that your “lifetime licence” turns into an “ohhhh that’s a licence for the OLD system. We’ve introduced Plex Ultimate 2000! It’s got all these great new features, and it’s only $3.95 a month. Don’t worry, we won’t forget our greatest supporters, whoever has a lifetime licence for the worn out, old system, their first year’s subscription will be 25 percent off, yaay!”
Well maybe I don’t really trust their products or their company with my data anymore and since you can’t run it entirely on premise, that’s about it.
Soon as I saw that with Plex I noped the fuck out
Still the only self-hosted option that has a native app for my old ass TV so I’m not switching until it becomes more trouble than it’s worth or my TV breaks.
More issues caused by features no one asked for but done anyways so investors can see “growth”
I wonder if there will ever come a time when the stock market ends up defeating itself because investors demand growth which makes the products shitty which drives away customers which causes contraction instead of growth.
What is it with all this “sharing with friends and family”? FFS if I want to share something, I will fucking call them and tell them about it, I don’t need some stupid app doing that for me
I replaced Plex with Jellyfin a few months ago and it’s been working great for my needs.
I am trying to do the same migration from plex to jellyfin but jellyfin keeps crashing on the server with ‘out of memory’ in the logs. As soon as I can stabilize that I will dump Plex lifetime. I initially had sync server setting turned on in Plex and Plex kept sending cleartext phone SMS about what I had watched the day before. That is turned off now. I asked Plex corp for a copy of my data. They sent it to me but ‘forgot’ to send the database table with watch history. They sent me that table when I complained it was missing. Fuck Plex and their spyware.
I tried jellyfin a year ago and could not switch as it did not have transcoded downloads feature. All of my library is 4k HDR and do not want to download dozens of gb of movies on my phone when traveling. Do you know by any chance that they have implemented this feature already?
You should learn how to use
ffmpegcommands.Lol, I won’t be using ffmpeg commands while I’m on holiday traveling and just want to watch a movie. It is faster just to download it from a torrent lower quality directly than jump through these hoops. And if I am doing that, why do then I need a media center anyway, I can just go back to the old days playing downloaded files directly.
The only thing holding me in plex is transcoded downloads.
Take a look at Emby.
I got blindsided by this in the same way. I was sitting next to a coworker and they said “Oh hey, a report on what you’ve been watching on Plex!”
Now, I thought that it was reporting what I’d been watching on his Plex server, and I’ve always known he can see what I watch. But he showed me the email. It was stuff I’d been watching on my own Plex server.
Now it wasn’t embarrassing stuff, as it’s my family Plex server, but I was absolutely livid. This is private. Period. I can think of many, many reasons that someone would want to keep this private, even if it’s not about porn.
I alerted my friends, and we all figured out how to turn it off. It seems like it shouldn’t be that big of a deal, but I feel extremely violated. I absolutely know that someone in that meeting said “Hey, some users won’t like this,” and they were overridden. Because some senior director had a metric to hit. And that means they no longer care about their reputation. It’s a sign that they’ve gotten too big to care.
Mid stage enshitification. More is coming. Probably unskipable ads like every other service is moving to.
“A more affordable way to use Plex [or another subscription service]” is how it always starts…
“I see from your viewing that you are bi-curious.”
It’s a huge privacy messup and it will make a lot of plexpass users think harder about abandoning plex for jellyfin, emby or kode.
It also raises the question why any recorded watch-activity is being sent to the cloud at all! The server can save that info locally.
Sure they want a social-media-infested netflix-clone, but that’s not what people use plex for.
Or they just didn’t assume that people are using Plex for porn. I would never put porn on mine since it’s connected to my smart TV and my kids can access it. All the years that I’ve had a plex server at home, I never considered adding porn to its library so I assume there are many other users who use it the same way.
Mine actually gets used for music streaming more than anything, since I can stream my thousands of MP3s from any browser on the LAN.
It doesn’t have to be porn for people to not want to know what they are watching to be shared.
I’m sure the RIAA is ecstatic that Plex knows what MP3s you have on your server, and when and where you listen to them. I’m sure they’re all 100% legally acquired, and you have the proper documents to back their up.
I’m sure your bible-thumping racist nan would love to know you watched Roots, or MSNBC, or anything LGBTQ. That’ll go over well. Especially if you’re in the closet.
I hadn’t realised Americans said ‘nan’.
What’re you callin her? Bubbie? Babushka? Abuela? Nonna?
Grandma?
Gran, Granny, Grandma, nan etc.
deleted by creator
I agree that we should try and eliminate homelessness.
deleted by creator
deleted by creator
mad at a copypasta?
* and what do you mean you don’t know why i commented? You replied to me. You were literally not in the thread dimwit.
You can firewall it and it won’t be able to reach the Plex servers. External access is not necessary.
Just completely offline with home DNS as IP right? This still sucks and i think there needs to be more feedback to the dev forum.
External access is necessary. If you block access to your home plex, remote users can’t see it because Plex handles the login for remote users.
Also adding IP addresses into “allow access” so Plex works when your local server can’t reach it’s Plex Inc gives admin access to any IP’s listed.
External access is not necessary for home use, because I don’t have any remote users.
Its not just home use but when you are the only user in the house. You don’t want kids to have admin access and accidentally delete files.
Are closets even a thing anymore?
How else are you supposed to hide from the monster in the movie?
Or, more seriously, largely depends on if you live in a small town or not or if your family is “conservative.” The organization who released the guide of towns for black people to avoid in the US so they wouldn’t get murdered after sunset by racists back in the day released their first ever warning for LGBTQ people saying which states to stay out of this year or the last. Society is more accepting than it used to be, but it is by no means safe.
They hugely miscalculated, trust was already at its lowest. In Europe this already breaks several GDPR laws. Not to mention child protection laws.
And it’s not just about pron, that’s just a catchier headline. It could be religious, political or in some countries banned movies that gets people in trouble.
Yeah I don’t really understand it either
It is beyond me why they keep shooting themselves in the foot with these updates.
It’s like every new feature they put out is an intentional reminder that they have access to your watch history/library data, and then their user base gets angry all over again.
Maybe they’re trying to push out the users that are using it for those reasons so they can market it to a broader audience that doesn’t give a shit about privacy? I have no idea. But the drawbacks are really starting to outweigh the benefits, I’m having a hard time imagining who this is really for now.
I wish that I, as the server admin, could opt out all of my users from this on their behalf. Shit like this should be opt in and it is seriously fucked up to enable by default, porn or not.
As much as server admins would love that option (and every time Plex roll out a new feature like the TIDAL integration or the free Plex content this question gets asked), it’s never going to happen because from Plex’s perspective they’re not your users, they’re Plex’s users. Doesn’t matter if the only reason they use Plex is to access your server, they’re not your users so you have no control over their settings.
We can disagree with them about that fact as much as we like, but that’s the reality of it, and I don’t see it changing anytime soon.
But like…why would anyone even want that for normal content?
There’s no shortage of good movies and shows out there. If someone opts in to sharing something with me, they can do it in just about any way. Generally speaking, discoverability in media is not my problem. This sort of feature is great for studios and streaming services, to keep people watching; but for self-hosted it makes no sense at all.
Hell, just add a “recommend this to your friends” option on videos if you want to make plex more social. Complete watch history is creepy stalker levels of ‘social’
Softcore? How embarrassing. Go hardcore or go home.
That’s why Jellyfin exists, though admittedly, it was a little more difficult for me to set up the sharing than I would have preferred. Now, I’m up and running, so all is well.
Heck, Emby is still an option if you don’t want a fully open-sourced one. Plex has been steadily moving in this direction for at least the last year or so, which makes me surprised at folks’ surprise over their “privacy” with Plex.
Lol this really sucks for Plex users, but I’m glad I left that steaming pile of shit software. I’ve been using Jellyfin for two years now and have never had to deal with sudden new shitty default-on features that appear from out of nowhere. Not once. With Plex, that happened like every other release. I don’t miss it.
Once you get the reverse proxy or a vpn set up, you are golden.
I had more issues setting up old cartoons with Airing vs DVD ordering…
Lol reminds me of Windows plastering all your photos on the home screen and people being mortified about it
Hello jellyfin my old friend!
Anytime I feel that jellyfin isn’t ready yet, I am so SO happy that I’m not using Plex and I notice that jellyfin is pretty awesome
