Not Allowed to use Hetzner

Stick with vague and meaningless I see. Claiming that they are somehow in breach of competition law and linking to (what I assume) are the first things you find when googling competition law doesn’t actually support your (baseless) claims.

Is this in your learned legal opinon? I suppose you have some precedent you can show to us all (or even Plex) to let them know they have nothing to worry about?

I am, hence not towing the thread ‘party’ line of Plex are evil and hate all users. And, you know, pointing out that it’s not nearly as simple as possible think it is…

I’m pleased to see you’ve taken the time to read my contribution to the discussion. I notice you have a penchant for straightforwardness, so let me oblige: I’ve provided you with all the means and resources to educate yourself further. It’s always amusing when some people would rather lash out than learn.

The links I’ve shared aren’t merely the first results from a quick Google search, but rather carefully curated sources that substantiate my argument. Interestingly, you seem to have been unable to locate these on your own, despite your insinuation that they are easily discoverable.

Life is full of surprises, isn’t it? But worry not, there’s always room for improvement.

This raises an important issue that hasn’t been raised here yet. The GDPR (General Data Protection Regulation) in the EU very tightly controls how “personal information,” which includes anything that can be used to personally identify an individual, can be used. Processors (Plex in this case) must have a lawful purpose for retaining and processing that information. The possible lawful purposes are these:

• (a) If the data subject has given consent to the processing of his or her personal data;
• (b) To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract;
• (c) To comply with a data controller’s legal obligations;
• (d) To protect the vital interests of a data subject or another individual;
• (e) To perform a task in the public interest or in official authority;
• (f) For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the [Charter of Fundamental Rights]

While, as an EU-based user of Plex, I’m sure I was asked to accept the privacy policy as well as the TOS, it is not at all clear that using my IP address to send me an email to announce that my server will be blocked from using the service is in compliance with any of the lawful purposes. For starters, I never consented to have my personally-identifying information used in this way: it’s not part of the privacy policy or the TOS. That means that, under GDPR, Plex has to have another lawful purpose for harvesting people’s IP addresses and using them to send emails to them and ban the recipients…

I’m not a lawyer, but it seems dubiously legal to me.

I don’t think any of the other lawful purposes apply here. Even (c) (to comply with legal obligations) doesn’t apply: there is no legal obligation to mass block an entire IP range or to send those emails to people who are not accused of any illegality or violation.

Of particular interest here is Article 22 of the GDPR, paragraph 1 of which states this: “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.”

I believe that EU residents, at least, have had their rights violated by this decision. A decision based on automated processing (the determination of IP addresses belonging to Hetzner) resulted in users being effectively profiled producing legal (or other) effects.

Despite selling their product to EU customers, Plex doesn’t seem to have any kind of GDPR-compliant privacy notice outlining the lawful purposes of processing and other necessary information. The issue was raised in this forum in 2018, when GDPR was about to go into effect. A Plex employee responded in this thread that: “With regards to GDPR as a whole, Plex has been working for the last few months to meet our obligations under the GDPR. The Terms of Service and Privacy Policy we published yesterday were prepared and reviewed with a legal team that specializes in privacy law and understands the impact of the GDPR. Based on their advice, we are confident that we will be in compliance with the regulation.”

I don’t believe that this action with regard to EU-based Hetzner users is in compliance with the regulation. I also don’t believe the TOS or the Privacy Policy are sufficient under GDPR.

Fines for GDPR violations on the part of corporations can run into the millions. As an EU citizen, I have a right to know not only the data that they are collecting but also the lawful purpose under GDPR for collecting it.

There are people occupying jail cells/paying hefty fines that would disagree with this comment

Edit - oh and overall, I’ll default to a legal team employed by a large software company versus some random pseudo legal on a forum, no offence intended.

The magic word is discrimination. As already indicated, this is prohibited in the EU. That explains it again more precisely

Despite what some may say, Plex are not doing this just because or to spite users. Clearly some legitimate users have been caught up in this which is sad.

I also agree that Plex have made some strange commercial decisions but then again, I’m just an uninformed Plex user and not on the commercial management team (or legal team).

Given that nothing you have linked to explains how you think Plex is (or could be in breach of competition law), how it applies in this case, or any precedents where it has applied to similar scenarios I have to disagree with you. All I know is that you think competition law somehow applies and that you can find various online pages that describe aspects of competition law. There is nothing that paints a cohesive picture to support your extraordinary claim.

I would’ve thought it was obvious that my comments to that effect were somewhat tongue in cheek and my real view was that there was no easily presentable sources because they don’t exist.

I am not a lawyer. But thank you for the compliment.

But I know my rights in the EU, because I deal with it. But there are also people who vote without informing themselves beforehand.

Your replies to posts suggest otherwise but OK.

Plex used a legal team to help in the decision they made. Users/individuals obviously have a right to challenge that decision.

Good luck with it (I am being totally honest with that comment).

Absolutely, I realize it takes a certain degree of intellectual sophistication to fully understand the subtleties in my replies. Rest assured, that’s not a talent everyone has. For those less endowed, there’s always the fallback of a Google search. A little initiative in educating oneself has never been detrimental.

Now, I find it particularly amusing how some participants in this international forum seem to exhibit a rather narrow perspective. It’s a basic fact that laws differ from one jurisdiction to another. The U.S. legal framework, for example, is hardly a carbon copy of EU laws—a realization that even the most uninformed should be able to make. But don’t fret, it’s not my job to offer lessons in EU law here.

As an EU citizen, I’m perfectly aware of my rights, and I fully intend to exercise them. I owe no one an explanation for doing so. But I suppose that’s a notion one can only grasp when willing to expand one’s limited worldview.

Happy continued learning!

Because the Hetzner people are trying to act like they have been slighted personally in some unique unacceptable way with this, when what is happening here is “How Things are Done in I.T.” for a long time now. Longer than Plex has existed, I might add. When an email provider is blocked because of a bad reputation, many individual innocent users get blocked too as part of the act of blocking the spammers. When there is a user running a DoS attack many server owners will block the individual IP at first, but if the user can move to another address then eventually they will just shut down traffic from the entire address block. When equipment for a customer of an ISP has an issue/compromise that causes security issues other people in the area might find themselves without internet service until the specific endpoint can be corrected (seen that one happen myself).

All of these actions are temporary in nature, normally being lifted once the issue is resolved. Key Point: Action is required at the cause of the issue to resolve this.

Has Plex stated this is a permanent block of Hetzner with no chance for it to be lifted in the future? No. But a dialog has to be started on this, and that has to be started from Hetzner’s side.

Have any of you Hetzner subscribers called Hetzner about this block and the reason? I suspect few have. And the ones that did have likely learned that Hetzner really doesn’t care. That’s why you’re here throwing a hissy-fit instead of going to the source of the problem.

If that’s what you want, Plex could just ban all VPSes.

Please note that Plex reserves the right to change the terms and conditions of this TOS and the terms and conditions under which the Plex Solution and its offerings are extended to you by posting online a revised TOS or e-mailing notice thereof to you.

They sent an email about this… so doesn’t that count as them giving you advanced notice to a change they are making, a change they have the right to make, and their right to make such changes you agreed to as part of the ToS?

I can buy a knife and charge people for using to to stab people. I can buy a gun, and charge people for using it to shoot people. I can buy a computer, and charge people for using it to hack people’s bank accounts or dox people. I can buy ammonia and bleach and charge people for mixing them in a public building, killing or severely injuring them. I can subscribe to Plex, and charge people for… watching ad-supported movies?

Plex alone doesn’t enable anyone to charge for pirated content - someone actually needs to pirate that content, put it on a Plex server, and then charge people for it. THAT’S a crime.

Saying that Plex could face legal trouble because someone is making money abusing their software to give access to pirated material is like saying a rental car agency could face legal trouble for someone loading one of their rentals full of explosives and charging someone to let them drive it into a federal building.

Plex is a tool. Tools can be used to do many things, including illegal things, and charging people for doing illegal things with them. You don’t charge the toolmaker for that.

That’s why Plex (and Emby, Jellyfin, Kodi, etc) still exists, despite many, many media companies with enough money and lawyers to fill the Grand Canyon being very willing to throw all that money and all those lawyers into ending it. They might not like it, but Plex is not at fault for people abusing it against its ToS to distribute illegal materials for money.

And, those people are in the incredibly overwhelming minority, and will easily find another way to do their illegal business, because it gets them the money they need to do so. People have a lot of reasons for having their server hosted externally, and I’d be shocked if the number using it for crime would amount to more than a rounding error.

That does not justify violating every users’ privacy by looking up exactly how they are hosting their server, any more than police would be justified searching every house in a state because there are definitely criminals in some of them. And it definitely doesn’t justify blocking an entire hosting provider over the actions of a handful of people - that would be like cutting off every physical connection between Florida and the rest of the country just because Trump lives there. And guess what? Just like Trump would in that situation, those people are simply going to move elsewhere, because they can afford to.

If Plex actually wanted to do something about this sort of thing, they should simply software-limit the maximum number of users and library shares per server. Anyone with over 100 users on their server, or that many library shares, is naturally looking a little shady, so make a higher subscription tier a requirement for that, then look up THOSE PEOPLE, not everyone. Anyone with over 500 users/shares needs to get an organizational license, and anyone over 1,500 should probably just be forwarded to the copyright police.

THAT would be a reasonable response. It might make some people angry, but there would be legitimate logic behind that. It wouldn’t make me angry. But that would require actual effort on their part. Volume-blocking a hosting provider’s IP range is as simple as a few clicks. Much easier. Like nuking a city because crime exists there - much less effort, guaranteed success, and who cares about all those other people who lived there anyway?

And, just FYI, Plex’s official line was about ToS violations, shorthand for “People who charge others to access their server”. I could put nothing but self-taken family videos on my server and charge people for access, and violate those same ToS provisions. Is it time to block Verizon FiOS service now?

Besides, IP owners are currently far more interested in hunting IPTV providers, who frequently serve hundreds of thousands of customers, or more, their entire media catalog, and often have relations to organized crime. A Plex server instance would be hard pressed to get anywhere near those numbers, and, like I mentioned earlier, a relatively simple solution would put a stop to that. Even for those, the developers of the software used are generally only in legal trouble when it is purpose-built or customized by them for that particular provider and purpose.

Yes.

No, that’s not correct.

That was the answer: We are aware of this problem and have already contacted Plex. We hope that we will be able to resolve this issue. Unfortunately, we cannot provide any further details at this time.

All IPs!

Yet, if Plex provides the tool knowing it is used for

illegal purposes

can be a crime (indeed, this has been the situation in similar media sharing cases).

The same is the case with your rental car analogy. If the rental company provides a rental car and knows it will be used for illegal purposes, this is also potentially a crime.

The final comment from myself is …

Plex used a legal team to make this decision. Users have the right to challenge that decision.

How can the car rental company know in advance if the vehicle will be used for illegal activities? Doesn’t this put all customers under general suspicion?

Cry softly, but please with facts.

I have worked with Hetzner for several years and I think they provide an outstanding service. I have also recommended Hetzner to my company and they use it for development infrastructure. Overall, very happy with them.

I’ve also use Plex for my personal cloud and my experience was very good as well. Tried to host my server at home but didn’t work as expected due bandwidth requirements.

Got the email, felt it was really unfair. But if I spend time and effort to keep my private cloud it won’t be migrating to another host. To this point I have collected only good experiences with Hetzner. As long as that doesn’t change I’ll rather look for a Plex alternative.

It is a fact. This is exactly what you were supposed to do – get your host to work on cleaning up their act.

Just like the innocent users caught up in an email domain block have to go complain to their mail host to get the mail host to start the dialog to get the block removed by the destination server. It’s not something that will happen from Plex reaching out first, because Plex has no business relationship with Hetzner. You do.

A charming comparison, though it seems somewhat flawed. Some Hetzner critics here appear to be sharing opinions that aren’t exactly rooted in empirical evidence. As for me, Hetzner has consistently provided top-notch service and reliable support. Therefore, I don’t find it worthwhile to waste my time on discussions built on false premises.