Plex must be collecting information about our Personal Content.
The new Watchlist feature displays related “Similar Titles in Free To Watch” movies and other such hubs when viewing a movie’s detail page. It would not be possible for Plex to display this information unless they know exactly what movie title is currently being viewed. Our individual Plex servers are NOT gathering such information on their own. Plex, the company, is providing those results to us.
How I am highly confident about this?
Today Plex “fixed” a bug with the Watchlist by removing the “Similar Titles in Free To Watch” and other related hubs from Manage Users. However, there was no update to the server software or to the client app. The “fix” happened solely on Plex’s end.
Plex’s Privacy Policy: However, your Plex Media Server may anonymously send us filenames or other identifiers for your Personal Content for the sole purpose of providing metadata back to your personal Plex Media Server. You may disable this metadata matching capability. (emphasis is mine)
No Plex, we cannot disable this new metadata matching capability of the Watchlists. You are collecting the data, but have given us no method to opt out. This, I believe, is a violation of your Privacy Policy.
I know this is very concerning for a great number of Plex users. The same users who became very vocal about how Plex’s old Privacy Policy did not spell out the claim of NOT collecting this type of information.
Secondly, it appears Plex is collecting our Search terms too. How else can they provide us search results from outside content providers unless Plex sees our search terms? Where does this data fall under the Privacy Policy? I believe it would be usage statistics, but there is no specific mention of it there.
Well they could, Compare what metadata is downloaded with what metadata already exists on your plex server as opposed to the other way around.
Do you have all matching and meta data turned off on your plex server?
If metadata format locally is similar to remote metadata formats … then it would be trivial to flag something as duplicate.
With that said … if it does tell their server to not upload specific metadata to your machine … then it can infer that you have it.
What would be super funny is if there was a daemon that looked at all the metadata for the stuff they are sending to you for their free to watch or whatever titles … then copied it to the local metadata store so it wouldnt ever show you anything they had on their servers.
Or if someone distributed a metadata package that had every piece of metadata for every type of media (or whatever minimal fields are for plex to say it is a duplicate.) … or say that metadata was dynamically updated to make sure the plex servers would never show you anything.
But … if your local servers compares your local metadata to the metadata they send to your server … they could reliably determine if is was a duplicate without sending them anything… now if they are doing that … who knows.
Ouch … yeah i see what you mean … filenames or other identifies for your “personal content” … that is disturbing. Maybe we should all put a bunch of questionable photos … with incorrect titles. Or become metadata retaliationists/revolutionists. I mean … I wonder if there is away to inject something … into the metadata that they are scraping . to maybe … do something not good … to motivate them to stop collecting it without permission?
Hey cul8rmom1, why don’t you post your address, phone number and all other things that are personal to you? Seems you don’t mind if anyone knows those details.
This clause is specifically relating to matching media that you have on your local storage and you’ve added to a Plex library on your server.
There is no filename matching happening here, each item is assigned a unique guid which is how things are identified. Only if an item has one of these specific guids will you be able to add/remove it from the watchlist.
Should the privacy policy be updated to reflect what search data is sent, what it is used for, if it is stored, and if it is transmitted to third parties?
Does any of the Privacy Policy relate to the information being shared from our local servers to Plex, the company, in regards to the Watchlists, Discover and the new Search?
If not, can Plex please inform us as to what their privacy policy is on this data?
Clarification: I wasn’t speaking specifically of filenames. My concern is that Plex is receiving data “or other identifiers” (sounds like the GUID in the Watchlist case), which uniquely identifies individual pieces of our personal content. I assume Plex is using the GUID to say, “Okay, the user is looking at show XYZ and here are the related outside source movies to display.”
If I’m understanding things correctly, Plex is thus seeing exactly what movies/shows we are viewing (detail pages) in our personal content.
To me this falls under the Privacy Policy as " other identifiers". And, at this time we, Plex users, are unable to opt-out of this data share.
Don’t mix up the details page from Discover with the details page from your server.
When you are looking at a details page inside “Discover”, you are not looking at media on your server. You are looking at the details page from Plex’s online metadata.
Is just showing the same info from this page on watch.plex.tv.
Just looking at that page doesn’t mean that Star Wars is on your server in the same way looking at Star Wars on IMDB doesn’t mean that you have it on your server.
Then, the Plex servers listed under “Watch from these locations” is using a local API call on the client itself directly to each Plex server. i.e. Your web brower asks your server if it has the movie 5d776824880197001ec901ac. The guid is not sent to Plex.tv, it is only sent to your server.
When you are looking at the details page from your own server (not under Discover), it doesn’t show streaming sources nor related content from other online sources. Nothing is being sent from your server’s detail page.
Search basically works in the same way. Search results from your server happen locally between your browser and your server. Your search term is sent to Plex.tv to show results from Discover, but that’s no different than searching watch.plex.tv or IMDB. Just searching for Star Wars doesn’t mean you have it on your server.
Edit: And the same for Watchlist. Just because I added a movie to my watchlist didn’t mean I have that movie on my server. It’s just a list of things I want to watch. For example, I can add movies that are not even released yet to my watchlist which I definitely don’t have on my server.
You may be correct, but the important thing is what is happening is that the movie/show I added from my Personal Content was added to my Watchlist. That personal content data was sent to Plex. I did no consent to that data share and I have no way to disable it in Plex.
As for searching, you are correct, but when I search IMDB, for example, I know the data is going to them. It has to for the search to execute. However, when I used to search on my local Plex server, there was no reason to expect that search data needed to go to Plex, the company. That search data could be used by my local Plex server to execute the required search.
Not denying this is how things work, but how do you have this information? Are you assuming this is how it works, or do you have specific knowledge to the internal workings?
I have the technical knowledge to monitor all my Plex network traffic. Which corroborates with the information in Plex support article linked by @Krazeh.
I’m open to a Plex employee correcting me of I’m wrong.
Thanks for the confirmation. I had assumed this was the case. I used to build websites and database backends so have a little knowledge of how things might work, but having your knowledge of what data is actually being sent is excellent.
