Couldn’t agree more with the sentiments about misplaced concerns as real as they might be to some. It’s fair to ask questions about the security and scalability of Plex Cloud but the naysayers may want to keep these points in mind:
The ACD unlimited storage for $60 annually (non-commercial users only) has existed for some time now. It wasn’t invented just for Plex Cloud and Amazon still has a _lot _ of storage available for sale at that price. You can be sure they won’t let it bankrupt the company.
Amazon is very much in the business of provisioning media cloud services on a massive scale. Know how Netflix delivers it services? Spotify? MLB? How would even the most wildly successful Plex Cloud compare to those and somehow overwhelm Amazon?
Before you pass on all cloud storage as too vulnerable to hackers, I hope you’ve already nailed down your home Wi-Fi (better yet turn it off), your Internet router, religiously installed and check anti-malware on all your devices and are keeping everything patched. Speaking as an IT professional, your media files or tax returns are far better protected at Amazon than on your home network.
@dduke2104 said:
Speaking as an IT professional, your media files or tax returns are far better protected at Amazon than on your home network.
Considering the layers of security and encryption (which Amazon doesn’t use) that I use on my home network, I disagree.
I agree as well. He is incorrect. His next argument is that you are the rare exception and most people don’t have basic encryption. This used to hold pretty good weight but more and more devices are coming with better security. Amazon would be a frequent and obvious attack pattern (from internal and external source) and your home network being not a specific target (maybe incidental target by scanners).
Here is the flat truth. Any attempt to disregard someone’s security concerns completely will be an incorrect statement. Everyone has different layers of comfort and security in place. The massive amount of large-scale account hacks and data reveals shows that just because the huge guy (Amazon, Yahoo, Adobe, Google, whoever) hosts the data, doesn’t make it better than your home network, even if they do employ better security by default.
There isn’t a defined truth to security. Everyone’s concerns are valid if it could cause an issue should data be stolen. That’s the only logical way to approach security. We can go round and round and round and round on this. But the fact remains that if you DISREGARD someone’s concerns you are incorrect.
Everyone has to be comfortable with the level of security they accept for the situation. Others telling you that you are over-exaggerating or shouldn’t worry just don’t hold any weight based in fact. It’s nothing more than conjecture that they cannot presume to apply broadly to everyone. They just need to admit they are okay with the security but they cannot help you become comfortable with it. It would save this debate much needed thread-space to actually talk about the concerns and whether or not they are addressed.
@dduke2104 said:
Speaking as an IT professional, your media files or tax returns are far better protected at Amazon than on your home network.
Considering the layers of security and encryption (which Amazon doesn’t use) that I use on my home network, I disagree.
I agree as well. He is incorrect. His next argument is that you are the rare exception and most people don’t have basic encryption. This used to hold pretty good weight but more and more devices are coming with better security. Amazon would be a frequent and obvious attack pattern (from internal and external source) and your home network being not a specific target (maybe incidental target by scanners).
Here is the flat truth. Any attempt to disregard someone’s security concerns completely will be an incorrect statement. Everyone has different layers of comfort and security in place. The massive amount of large-scale account hacks and data reveals shows that just because the huge guy (Amazon, Yahoo, Adobe, Google, whoever) hosts the data, doesn’t make it better than your home network, even if they do employ better security by default.
There isn’t a defined truth to security. Everyone’s concerns are valid if it could cause an issue should data be stolen. That’s the only logical way to approach security. We can go round and round and round and round on this. But the fact remains that if you DISREGARD someone’s concerns you are incorrect.
Everyone has to be comfortable with the level of security they accept for the situation. Others telling you that you are over-exaggerating or shouldn’t worry just don’t hold any weight based in fact. It’s nothing more than conjecture that they cannot presume to apply broadly to everyone. They just need to admit they are okay with the security but they cannot help you become comfortable with it. It would save this debate much needed thread-space to actually talk about the concerns and whether or not they are addressed.
I can tell you with full certainty that there is no such thing as perfect security. Any system can be broken. At the end of the day the best we can strive for is adequate situational security. And that’s objective; not subjective to a layman’s “concern”. Comfort is nice, but not a necessity.
And for the record, security professionals will always be better at securing your data than you are. No matter what. If you think your home network is secure, you’re flat out wrong. Unless you’ve personally vetted all the hardware and software, and keep up with all the latest patches. And that’s assuming everything is configured correctly.
Don’t fool yourself into thinking you can do better than Google or Amazon because of “data breaches”. And you can disregard someone’s concerns if they are unfounded, provided you know what you are talking about.
@dduke2104 said:
Speaking as an IT professional, your media files or tax returns are far better protected at Amazon than on your home network.
Considering the layers of security and encryption (which Amazon doesn’t use) that I use on my home network, I disagree.
I agree as well. He is incorrect. His next argument is that you are the rare exception and most people don’t have basic encryption. This used to hold pretty good weight but more and more devices are coming with better security. Amazon would be a frequent and obvious attack pattern (from internal and external source) and your home network being not a specific target (maybe incidental target by scanners).
Here is the flat truth. Any attempt to disregard someone’s security concerns completely will be an incorrect statement. Everyone has different layers of comfort and security in place. The massive amount of large-scale account hacks and data reveals shows that just because the huge guy (Amazon, Yahoo, Adobe, Google, whoever) hosts the data, doesn’t make it better than your home network, even if they do employ better security by default.
There isn’t a defined truth to security. Everyone’s concerns are valid if it could cause an issue should data be stolen. That’s the only logical way to approach security. We can go round and round and round and round on this. But the fact remains that if you DISREGARD someone’s concerns you are incorrect.
Everyone has to be comfortable with the level of security they accept for the situation. Others telling you that you are over-exaggerating or shouldn’t worry just don’t hold any weight based in fact. It’s nothing more than conjecture that they cannot presume to apply broadly to everyone. They just need to admit they are okay with the security but they cannot help you become comfortable with it. It would save this debate much needed thread-space to actually talk about the concerns and whether or not they are addressed.
I can tell you with full certainty that there is no such thing as perfect security. Any system can be broken. At the end of the day the best we can strive for is adequate situational security. And that’s objective; not subjective to a layman’s “concern”. Comfort is nice, but not a necessity.
And for the record, security professionals will always be better at securing your data than you are. No matter what. If you think your home network is secure, you’re flat out wrong. Unless you’ve personally vetted all the hardware and software, and keep up with all the latest patches. And that’s assuming everything is configured correctly.
Don’t fool yourself into thinking you can do better than Google or Amazon because of “data breaches”. And you can disregard someone’s concerns if they are unfounded, provided you know what you are talking about.
You are not even talking about what I’m saying. No one said perfect security or better security. But just saying one is better than the other really ignores all the truths about security. Saying that Amazon’s security is top notch because they have a team is only partially true – they are also multitudes more likely to get the large and effective hacks than your home network with basic security. That doesn’t mean your home security is better, but security sometimes uses odds and luck – because as you mention and we all should know – there is no such thing as 100% security.
My only point and I thought I had made it rather clear, is that by dismissing one side completely, the security argument goes down the tubes. At any rate, just to make sure I’m clear – you are either comfortable with the security option of one method or you are not. If you are not, then that option is not for you.
Here is the flat truth. Any attempt to disregard someone’s security concerns completely will be an incorrect statement. Everyone has different layers of comfort and security in place. The massive amount of large-scale account hacks and data reveals shows that just because the huge guy (Amazon, Yahoo, Adobe, Google, whoever) hosts the data, doesn’t make it better than your home network, even if they do employ better security by default.
There isn’t a defined truth to security. Everyone’s concerns are valid if it could cause an issue should data be stolen. That’s the only logical way to approach security. We can go round and round and round and round on this. But the fact remains that if you DISREGARD someone’s concerns you are incorrect.
The point is, nobody is disregarding or dismissing anyone’s concerns. All some of us seem to be doing is stating a simple fact that AT THIS POINT IN TIME, Plex does not offer encryption for their service. It is also a fact that currently, the Amazon cloud is safer than most (if not all) people’s home solutions. Even then, we can still upload our files to Amazon in an encrypted form, if we wish. Or not use Amazon at all, if that makes one feel safer.
It’s been stated numerous times that nobody’s arm is being twisted here - all we can do is ask for the feature. We have asked. I’d want it myself, to be honest. There is a sticky now in the beta forum with feature requests where encryption is the no 1 item on the list.
In the meantime, it all boils down to people’s comfort level and that is a choice everyone will have to make for themselves. For myself, I have chosen to trust the current setup, but I fully appreciate others might not.
Here is the flat truth. Any attempt to disregard someone’s security concerns completely will be an incorrect statement. Everyone has different layers of comfort and security in place. The massive amount of large-scale account hacks and data reveals shows that just because the huge guy (Amazon, Yahoo, Adobe, Google, whoever) hosts the data, doesn’t make it better than your home network, even if they do employ better security by default.
There isn’t a defined truth to security. Everyone’s concerns are valid if it could cause an issue should data be stolen. That’s the only logical way to approach security. We can go round and round and round and round on this. But the fact remains that if you DISREGARD someone’s concerns you are incorrect.
The point is, nobody is disregarding or dismissing anyone’s concerns. All some of us seem to be doing is stating a simple fact that AT THIS POINT IN TIME, Plex does not offer encryption for their service. It is also a fact that currently, the Amazon cloud is safer than most (if not all) people’s home solutions. Even then, we can still upload your files to Amazon in an encrypted form, if we wish. Or not use Amazon at all, if that makes one feel safer.
It’s been stated numerous times that nobody’s arm is being twisted here - all we can do is ask for the feature. We have asked. I’d want it myself, to be honest. There is a sticky now in the beta forum with feature requests where encryption is the no 1 item on the list.
In the meantime, it all boils down to people’s comfort level and that is a choice everyone will have to make for themselves. For myself, I have chosen to trust the current setup, but I fully appreciate others might not.
There are plenty of posts in this thread that are clearly one-sided and incorrect. We need to back off and realize that everyone’s security comfort level is different. There is a TON of disregarding going on here.
At any rate it doesn’t seem like you want to talk about the concerns, but tell everyone how wrong they are. I’m bowing out of this thread as it’s clear I’m not able contribute anything useful to this.
There are plenty of posts in this thread that are clearly one-sided and incorrect. We need to back off and realize that everyone’s security comfort level is different. There is a TON of disregarding going on here.
At any rate it doesn’t seem like you want to talk about the concerns, but tell everyone how wrong they are. I’m bowing out of this thread as it’s clear I’m not able contribute anything useful to this.
I’m not entirely sure how stating a fact (Plex Cloud does not offer encryption as of yet) and an opinion (but I’d like to see it happen) can be interpreted as not wanting to talk about concerns or telling everyone how wrong they are, but if that is how you read it, I apologize for clearly stating things the wrong way. Don’t bow out of the conversation due to my posts, I’d hate to have that much effect on random people I don’t even know personally yet
don’t try to run a streaming media business and you will likely be fine
In case that’s not explicit enough, I’ll explain, because it seems like some people are not understanding.
Plex is telling you that unless you try to use Plex Cloud to run your own streaming media business (ie charging people to use your Plex Cloud account so they can watch TV shows or movies), you will likely be fine (and that “likely” is there so that in the extremely unlikely event that something does happen, no one can say Plex for sure told me I’ll be fine).
I’d think the extent of sharing (how much with how many) would matter too - not just charging for content or not. I’ve seen Plex users who claim they share of > 50 TB to hundreds of people. It is hard for me to think that this might not get some unwanted attention - especially if Plex cloud expands the number doing so.
don’t try to run a streaming media business and you will likely be fine
In case that’s not explicit enough, I’ll explain, because it seems like some people are not understanding.
Plex is telling you that unless you try to use Plex Cloud to run your own streaming media business (ie charging people to use your Plex Cloud account so they can watch TV shows or movies), you will likely be fine (and that “likely” is there so that in the extremely unlikely event that something does happen, no one can say Plex for sure told me I’ll be fine).
I’d think the extent of sharing (how much with how many) would matter too - not just charging for content or not. I’ve seen Plex users who claim they share of > 50 TB to hundreds of people. It is hard for me to think that this might not get some unwanted attention - especially if Plex cloud expands the number doing so.
i cant even think of what kind of set up would be needed for that. i am hoping this works well to take some relief off my system. shared with a few of the family members now i have many of them driving me nuts to be added.
That’s my hope as well with this new setup. I’ve got a 5 Mbyte upload. If it weren’t for sync, Plex would be virtually unusable for anyone outside of the local LAN. For anyone who’s used sync, it’s not the most satisfying of solutions. My son is getting ready to go off to college, my folks are a thousand miles away. They’d all love to connect to the server, but there’s no way to support it. This cloud version is the answer to all of that, for me. I look at it as a great compliment to what is already offered.
On the subject of security, local versus cloud, I think those advocating that local security can be even more flawed than the big providers are missing one huge point. While I may not be able to provide the same level of security that Amazon can, I’m also a much smaller target for threats. I have no intention of throwing personal data up in the cloud without first two-factor encrypting it. Once I put my data in the cloud, I’ve now exposed myself to every jackass out there that wants to make a big splash. Fortunately, I’m not planning on using Plex cloud for home movies, so I’m not concerned about the security aspects of my entertainment media.
@mdnitoil said:
That’s my hope as well with this new setup. I’ve got a 5 Mbyte upload. If it weren’t for sync, Plex would be virtually unusable for anyone outside of the local LAN. For anyone who’s used sync, it’s not the most satisfying of solutions.
I agree on sync. Among other things it forces you be wary of reorganizing libraries. If you move material, even though its on your server, sync will see it as having gone away and there goes your synced version.
I have limited upload ability (DSL) as well, but I still use mobile devices for viewing material on my home server. I created libraries with low bitrates (320 kbs). For viewing an animation on a 4 inch diagonal screen on the train ride home, it’s enough and it doesn’t chew up mobile data so fast either.
Despite its flaws, I’ve used sync, because I could watch stuff while away from home without the limits of my slow upload connection. Plex cloud, that will have transcoding as I understand it, should make this easier.
@eygraber -How much would you pay to watch a live-stream of Emilio’s favorite question-asker? I can only picture it with the Benny Hill theme playing in the background. And 1000 Like’s for your original post- dead on point.
@mdnitoil said:
Once I put my data in the cloud, I’ve now exposed myself to every jackass out there that wants to make a big splash.
FWIW you’re only “exposing” yourself to the jackasses that are capable of hacking into Amazon and finding your stuff.
I love being quoted out of context.
Correct, only those who are capable, which includes nation-states. As opposed to China hacking my personal computer to get at my data. I don’t expect slacker boy in the basement to bring down Amazon and publish my photos to the world. I do expect actively hostile nation-states to cause damage. The irony is that I’m actually fine with this cloud implementation, but I was pointing out the obvious additional risk associated with it. To suggest that those additional risks somehow don’t exist is disingenuous at best.
I’m loving how many people are worried about Amazon getting hacked / rogue Amazon employees accessing their data, and are wanting to be able to encrypt their media at rest on ACD, as that’s a totally legitimate concern.
I’m also loving how none of them appear to be concerned that to allow Plex Cloud to work, you need to give Plex Inc access to your Amazon Cloud Drive, and (if encrypted) your decryption keys, which they then store and use in Amazon’s cloud.
Echoing sentiments from a very early comment in this thread - if any of these threats make you uncomfortable - and if you’re considering storing videos of your children in this service, than at least one of them should - then you should reconsider if Plex Cloud is the right solution for your needs.
@l3uddz said:
Great post. On the topic of encryption, Amazon also benefit by not having 10000 copies of the exact same file thus saving resources. Ofcourse alot of us would like encryption, but I can see it being a big issue with Amazon and also the resources consumed by Plex Cloud for on the fly decryption.
Those are good points. I think encryption would be great, but if it came down to Plex Cloud or encryption, I’d take Plex Cloud.
Amazon does much like dropbox, if you upload a movie with same md5/sha1 hash as another user has it just syncs a local copy to your dropbox (abit more complex but easy to explain this way), thus dropbox/amazon does not need 100 of the same movie on their servers, lets say 1000 users have same movie at 15GB , that is 15TB of storage, and it adds up quickly.
For those worried about DMCA, let me put it this way,
Will Amazon actively scan your file for DMCA content? Probably not, because it’s resource consuming and it will only scare users away
Will Amazon scan your file if they got court notice or DMCA notice? Most likely yes.
But think about it, it require copyright holder know you are storing which specific movie on Amazon, how are they supposed to have that information? Plus they can also send you a court notice even if the movie is stored on your own disk
And 1000 Like’s for your original post- dead on point.