To be blunt, that’s a huge chunk of their userbase. And they run the risk of being legally pounded to dust once that image takes hold.
So how do they avoid that? Add a bunch of other stuff, for plausible deniability. And it seems to have worked, as the anti-piracy gods haven’t singled them out like they have past software projects.
To be clear, I’m not excusing Plex. But I can sympathize.
There is that but it’s primarily that they’ve taken over 40 million dollars of venture capital. They are almost certainly under immense pressure to turn profitable asap and converting lifetime pass users into revenue streams somehow, converting new users into SaaS, etc are going to be things they pursue more aggressively.
Don’t take the devils money if you don’t want the devils stipulations
They’ve taken other measures as well. Nobody knows the details besides them, but they blocked an entire cloud provider called Hetzner because too many people were using it for pirate Plex servers. They absolutely have to maintain the image of being legitimate like you said.
The security thing is ironic because my personal Jellyfin server (nor anything else on it) has been hacked, but Plex itself has had their database leaked recently. It’s actually the main reason I switched because I don’t like their auth servers being a giant common target. (Also, technically it theoretically means Plex employees can just let themselves in to people’s private servers)
An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data. Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.
The passwords were hashed and, I’m inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn’t matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user’s password.
Yeah, I’m not really worried about it. I changed my password and moved on. It’s just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone’s time and effort to go after when the payoff is maybe 1-2 usernames and emails
Simply not true. There is no person out there deciding every fry is too small. They just pick an exploit and send some bots after it. Every target is a good target because every target is a platform for more. It’s currency. The discrimination happens at the userbase level which is why jellyfin will always be safe. Kidding 😂
Dynamic DNS does cost money. But not $8 a month. Development also costs money which falls under the $8 a month, but really not my problem, which is why I use Jellyfin. I used to run Plex off of my Nvidia shield, which was a cool gateway drug to self hosting and I’m grateful to them for that, but I like handling the technical stuff myself.
That serves the purpose too. It’s harder to pin Plex as an “illegal distribution service” when you have to pay for access. Either the streamer or “distributor” can’t be very anonymous, which makes large scale sharing impractical.
On the other hand, the more money they squeeze out, the more they risk appearing as if they “make money from piracy,” which is exactly how you get the MPAA’s attention.
I admit I’m very out of the loop, but my understanding is that remote access via their servers is the only supported remote viewing solution? Anything else is a “hack” so to speak.
If you have a static IP, or dynamic DNS set up, you can set up your own remote access with a reverse proxy like nginx. The nice thing is I get to use my own SSL certificate and all the actual streaming goes directly to my server, not through their proxies.
The only “hacky” part about it is that the Admin dashboard shows “Not available outside your network”, even though everything works perfectly.
Playing devil’s advocate, I understand one point of pressure: Plex doesn’t want to be perceived as a “piracy app.”
See: Kodi. https://kodi.expert/kodi-news/mpaa-warns-increasing-kodi-abuse-poses-greater-video-piracy-risk/
To be blunt, that’s a huge chunk of their userbase. And they run the risk of being legally pounded to dust once that image takes hold.
So how do they avoid that? Add a bunch of other stuff, for plausible deniability. And it seems to have worked, as the anti-piracy gods haven’t singled them out like they have past software projects.
To be clear, I’m not excusing Plex. But I can sympathize.
There is that but it’s primarily that they’ve taken over 40 million dollars of venture capital. They are almost certainly under immense pressure to turn profitable asap and converting lifetime pass users into revenue streams somehow, converting new users into SaaS, etc are going to be things they pursue more aggressively.
Don’t take the devils money if you don’t want the devils stipulations
They’ve taken other measures as well. Nobody knows the details besides them, but they blocked an entire cloud provider called Hetzner because too many people were using it for pirate Plex servers. They absolutely have to maintain the image of being legitimate like you said.
I wish more people understood this perspective
It’s really nice of them to fight the good fight while I use Jellyfin instead.
You may (half) joke, but MPAA attention on Jellyfin would suck.
I’d like to call this “the Ubuntu buffer”.
Which doesn’t have half the features and crap security compared to Plex/Emby.
The security thing is ironic because my personal Jellyfin server (nor anything else on it) has been hacked, but Plex itself has had their database leaked recently. It’s actually the main reason I switched because I don’t like their auth servers being a giant common target. (Also, technically it theoretically means Plex employees can just let themselves in to people’s private servers)
From their blog post about it:
The passwords were hashed and, I’m inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn’t matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user’s password.
Yeah, I’m not really worried about it. I changed my password and moved on. It’s just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone’s time and effort to go after when the payoff is maybe 1-2 usernames and emails
Simply not true. There is no person out there deciding every fry is too small. They just pick an exploit and send some bots after it. Every target is a good target because every target is a platform for more. It’s currency. The discrimination happens at the userbase level which is why jellyfin will always be safe. Kidding 😂
Sure, apart from charging for remote access.
Dynamic DNS does cost money. But not $8 a month. Development also costs money which falls under the $8 a month, but really not my problem, which is why I use Jellyfin. I used to run Plex off of my Nvidia shield, which was a cool gateway drug to self hosting and I’m grateful to them for that, but I like handling the technical stuff myself.
That serves the purpose too. It’s harder to pin Plex as an “illegal distribution service” when you have to pay for access. Either the streamer or “distributor” can’t be very anonymous, which makes large scale sharing impractical.
On the other hand, the more money they squeeze out, the more they risk appearing as if they “make money from piracy,” which is exactly how you get the MPAA’s attention.
Remote access via their servers.
I admit I’m very out of the loop, but my understanding is that remote access via their servers is the only supported remote viewing solution? Anything else is a “hack” so to speak.
Everything else is “a hack” in the sense that it is literally just the way to get Jellyfin working outside your network too.
If you have a static IP, or dynamic DNS set up, you can set up your own remote access with a reverse proxy like nginx. The nice thing is I get to use my own SSL certificate and all the actual streaming goes directly to my server, not through their proxies.
The only “hacky” part about it is that the Admin dashboard shows “Not available outside your network”, even though everything works perfectly.
It’s really not. They handle authentication but then everything is sent to your server.