Does anyone have reasonable answer to why there is a Plex account sign-in requirement to access media on my devices on my network? At best, it seems an unnecessary invasion of privacy, at worst creates a network security threat. How is this not spyware?
Introduced in Version 1.1.0 for security reasons. I doesn’t create a threat - if your server is signed in then Plex makes sure that all clients are authenticated. If you leave the server signed out, then the new security doesn’t come into play.
From the release notes.
When server is signed in, clients must be signed in as well, even if they are on the LAN or on localhost.
If you take a look at the release notes from 1.1.1 and on, you will find workarounds.
I’ve reset my plex 5 times now and I’m still not able to get on how do I fix this
@astrofisher said:
Introduced in Version 1.1.0 for security reasons. I doesn’t create a threat - if your server is signed in then Plex makes sure that all clients are authenticated. If you leave the server signed out, then the new security doesn’t come into play.
Actually, yes it does create a threat. I used Plex to watch stuff locally completely isolated behind a firewall… There were effectively no surfaces to attack unless my firewall gets breached.
Now I have to let the the server traverse my firewall (attack surface 1), the app traverse my firewall (attack surface 2), have both connect to another server that itself can get hacked (attack surface 3); just to watch my videos streaming from one box behind my TV to my Tivo (and I’m pretty sure it’s actually going to stream from the box behind my TV to the Plex server and back to a different box below my TV instead of direct if I do sign in.
To cap it off I get to watch people on here go “Oh no, really this is more secure” because PLEX said it and people who appear to work for Plex act like this is the equivalent of changing the font in the logo. The ONLY way this is more secure is if you’re running an open WIFI AP at home or you set your server up on the internet (in which case the security of your Plex server is probably the least of your problems)
This is a customer antagonistic move plain and simple the removes the customer’s choice to run PMS without being exposed to the internet… and to top it off, now the app is even more flaky when it comes to finding a local server.
I’m only now running into this because the Tivo app won’t even start without signing in (the Roku app just goes “OMG teh insecure!!! Unsigned in accounts are subject to leet hax0rz. Sign into Plex for much secure!”
@Kandralla said:
I used Plex to watch stuff locally completely isolated behind a firewall… There were effectively no surfaces to attack unless my firewall gets breached.
Do it like that and you only need to let your server through your firewall so it can fetch metadata and such:
https://forums.plex.tv/discussion/comment/1270859/#Comment_1270859
