What I don’t understand is why are you having users access Plex Web on your server?
I am not. I use it myself. I am the one and only single user. I access Plex from a domain name, my domain name. It is odd that you guys did not communicate this change at all and that there’s now no means of making one’s own server available remotely without also exposing a fully functional user interface to the world.
I don’t believe for a second you don’t understand what we’re all talking about here and loathe the fact you try to brush it off as if we’re the ones to blame. I really hate being played for a fool…
This is a very strange and puzzling attitude if you ask me… A much better response might have been: “Hmmm, we indeed were not very considerate by forcing this upon users like that, sorry for that.”
If you are the only one using it and you know what it is, what is the confusion? The original report was that it looked to others that the content from coming from their server.
It’s always been mentioned that the local Plex Web is the same as the hosted version, just versions behind. The hosted version has had access to the LiveTV feature for some time. The local version is just catching up. Also, the recent update only exposed the LiveTV Streaming feature. The other content from Plex such as the ad-supported Videos on Demand, News, and Podcasts were already accessible. This only added 1 more source. The ability to see these without signing in has also been available for quite some time.
That part I agree. I’ve actually brought this up with the team.
Yes. That is exacty the problem. I know what it is. Others don’t know and they should not have to know, nor do I want them to be fiddling with the interface, interacting with my server. They should just see a login view in the same way as that has been working for years.
Listen, I think everything has been said in this thread and I’m starting to repeat myself, if you really, truly don’t understand the issue with this (which, again, I don’t buy at all) I think it might be time to let someone else from your team read along…
Now that’s something we might be able to move forward with. Thank you for that.
Which recent update? I guess you mean the hosted webapp update as I have Plex Media Server 1.20.3.3437 installed on my MacBook and that shows the login screen when going to the local webapp.
Guess it was Plex Media Server 1.20.4.3508 that updated the web app and has therefore opened this can of worms.
I personally was not aware of the change to the availability of the Free Content, as I am almost always logged in to the hosted web app.
ahh here it is tucked away almost as an addendum to the main release notes for Plex Web 4.36.1
Yeah, that’s it. It was mistakenly left off the notes and since it was important we thought it better to make a second note instead of just editing the original where people may not see the edit.
I’m sorry that it just sounds like we’re upset about a feature that you guys really worked hard to implement. Earlier you were trying to understand why it was a problem for many of us that the free content interface was hosted from our servers. Imagine if your roofer put a billboard on your roof after he finished the job and advertised whatever he wanted. Then, when you said take it down, he told you that “no one would ever really see it unless they pull up in your driveway so I don’t know what the problem is.” Anyways, thanks for listening.
Whoever thought that this “feature” was a good one is an idiot, frankly. And it’ll all be to try and get an increase in Plex’s streaming statistics. Plex is basically leveraging my IP address and open port to get free advertising.
What sort of stupid idea is this?
Browse to someone’s private IP address and be presented with a load of films and TV series that do not belong to that private IP address?
Zero authentication needed to even see the content being displayed?
Zero permission requests from Plex to myself to allow this sort of association.
The response of:
Is totally ridiculous. You do know how the internet works, right? You do understand that there are scanners and bots trawling all available IPs and ports and collating the information into databases? You will be able to find this information out, find my IP and port, and then you will 100% be associated against this content.
Or if bots that scan the internet report this information and store it in a database, meaning that countless nefarious people find this information out and use your IP.
It is presenting a load of streaming content against my IP address/domain name that I haven’t authorised and actively goes against a load of peoples ISP ToS. That is why.
Irrelevant. That web page is loaded from my server. As far as my ISP will be concerned, I am hosting this service.
The method by which I choose to allow other people to access services hosted on my network is none of your concern and is my prerogative. The fact that you seem to think that the only possible way someone could find the services hosted on my IP address is if I give them it is ludicrous. Have you ever heard of Shodan?
The attached picture is a redacted screenshot of Shodan (red squares are redacted information). This highlights every single instance of a port being open in the world (that has been scanned) as well as what the IP addresses and domain names are. All someone has to do is visit this site, create a free account and type what I have into the search criteria and they are presented with a load of servers hosted by private individuals that you have now associated against your free content without even asking them.
This is why people are so upset about this.
From the replies posted so far, I can put this simply down to ignorance of a threat landscape rather than you knowing this and doing it regardless. We are now telling you (Plex) about this and so ignorance is no longer an excuse. Please either remove this feature entirely or provide an option to disable it. I don’t care which, I just want it implemented soon.
Yupper, I do the same as blim5001. I don’t expose the plex default port, it’s all done via 443 on a reverse proxy, all done via my domain. I don’t even have remote access feature enabled.
If you guys really want people to stream the free content from plex.tv, why don’t you set it so that un-logged in/guest/anon users redirect to plex.tv (much like you do with the auth system), giving the option of “login or free” instead of serving it from the user’s own server?
That would resolve both sides of the argument. Especially as you guys still don’t have 2fa.
