Sam may not realize or understand how the system works right? He may not realize what he is sharing, and that is reasonable as it is quite complex (see this discussion). It is also a reasonable expectation to allow servers to be Private if the operator chooses - this was the status quo after all.
3 Likes
Interesting points. This does yank away a level of control from server providers. Heck, Joe can’t even be SURE that Sam really - honestly - did turn off this sync feature as they promised to. They can’t know for sure that Sam really DOES have on Discover, which would provide enough reasonable doubt as to the source of a GUID /played status.
Here’s a question for devs then. If Discover is turned off on an account, and search is set to not show movie pages for non-server content… is THAT information saved on an account basis, or a player basis?
Unfortunately, none of that is server-operator controllable, only Plex account based. Which is part of the problem. More and more of these options are being pushed to users as opt-out on the plex account side rather than opt-in or controllable by the server operator. Luckily this one is opt-in so far, but we just need that option on the server side!
1 Like
-
I don’t know Joe but do know Sam. Sam does not have discover enabled. I don’t even have a server. I email Sam a link to below which Joe may or may not have on Joe’s server.
-
Sam marks it watched because he saw it before.
-
Plex has no idea where Sam did that.
I’m not really sure what else to say but I will certainly pass along your feedback.
4 Likes
This is exactly it, you’re so close. At step 4, plex sees Sam open the page. But in my scenario, that link business never happens, so I’m not sure why you keep adding this.
Again, if Sam only ever has access to Joe’s server and watches the movie, there is no other possible source in plex’s logs he could have done so at (unless someone is spamming him plex links but that is a strange scenario you made up - sure in that case it’s a tossup between both access logs but that’s not what I’m talking about). Plex knows Joe has a server and that Sam accesses it, that’s enough.
Interesting points indeed. I too dislike the move to account driven opt in/out features over server based ones.
However, as I share my server with only one other person (family member) I can instruct them to do what I want so for now it’s less of a concern for me.
1 Like
My point is unless Joe keeps Sam in a cage at his house Joe could not know what/where Sam might be marking things as watched and neither would we.
2 Likes
- Plex logs that Sam authenticated their account on Plex’s metadata website, possibly even logs that Sam accessed the specific URL that corresponds to the show’s GUID in contention here.
If there are no logs in Plex’s website security logs showing that (4) happened, then that possibility for how a GUID was marked as played can be ruled out, leaving - most likely - the only option being the single server Sam has access to.
BIG EDIT to add stuff:
The concern here is not that Joe is wondering HOW Sam marked a movie as played. The concern here is that Sam’s account is a focus by the FBI for an investigation. Sam’s account history is warranted by a court, which requests Plex return all info related to Sam’s account.
Sam’s account has a GUID of a movie marked as played. A further investigation of Plex’s logging for services is then pursued, identifying that Sam has access to a server owned by the user Joe. The movie was marked as played the previous night. Further investigation of Plex’s website logging determines that Sam did not access the URL associated with the metadata site. Sam does not have the discover feature turned on, according to account-wide settings (is this true, dev?). No clients logged in as Sam has ever accessed the discover or other pages that can send the “watched” status for that GUID.
Now the question is, if Sam watches something and it syncs, who is doing the syncing? Does Sam’s CLIENT send the information for itself (which then trickles down to all other servers Sam is allowed to), or does Joe’s server report that SAM’s account has marked the movie as played?
2 Likes
Right. All it takes is an IP address and hitting an endpoint, don’t even need to get complicated.
That’s completely backwards thinking.
You want Plex to log if something was marked as played on Discover which guarantees that Plex knows it was marked as played on your server. No Discover log entry from from Sam, then it was 100% marked as played on Joe’s server.
By having nothing logged on Discover means the result is inconclusive. It still could have marked as played on Discover, or it could have been marked as played on Joe’s server. You don’t know.
I’m not really sure about that - the key IMO is that Joe has no choice in the matter about this. All this feature needs is an option for a Private server where the watch data is not synced anywhere automatically to Plex Inc servers - like how it worked right up until this announcement.
Bruh, they literally told you what gets logged is ambiguous? Maybe do a little research on api development and how you create backend systems, you literally have to manually declare what you want logged and where it gets saved.
Think of it like this, Sam has a folder on his desktop with multiple text files that represent all the Movies he has watched. Each file includes a few lines as follows:
- Sam’s Account ID
- Movie ID
- Date Watched
- Time Watched
So for the example, Sam looks at something on Discover or through Search etc (it doesn’t matter), it checks the folder on his desktop to see if he has watched it or not. When sam marks something as watched through any of them methods, a new file in the same format gets added to the folder and a copy is sent to Joe’s Desktop for when you browse his library (and vice versa).
The FBI got better things to do but IF they forced Plex to disclose all account info for Sam, the only thing they’re getting is the folder from Sam’s desktop which will only tell them what he has watched and when, not where…
And IF Plex lied about what data they are / aren’t collecting I’m pretty sure they’d be liable and it could potentially be inadmissible in court. (but don’t quote me on that, I’m British and I ain’t a lawyer lol)
And a side note, Joe needs to chill. The only way this is going to affect him is by providing a better experience for Sam. What if Sam used to have access to somebody else’s server in the past but doesn’t use it anymore? Joe recently offered to share his which is super nice of him. Well damn, now all his watched history just synced to Joe’s server so he can get right back into the action of his shows without hunting them down, because like magic, his continue watching worked out of the box…
1 Like
The point he’s making is that through process of elimination on what services are currently activated on any given account, Plex can with reasonable determinability know what media a user has and where it came from. The less features enabled on the account the greater probability of knowing where it came from. Cross referencing all the data points available.
2 Likes
Ah, but the fact this “folder” exists is enough to cross-check the info against other sources of information.
Remember, where this folder is stored is on Plex’s servers. If Plex had to give up this folder, it’s not much of a stretch for Plex to ALSO have to provide all HTTP requests that Sam did on their metadata service. If there is no corresponding request for viewing the watch.plex.tv page that matches the movie/show’s GUID, then it can be eliminated as a possibility.
If the Plex account info is compromised, then it’s a surety that they log account-wide settings, such as whether Discovery is enabled or not. If Discovery is turned off, then it would be impossible to access the metadata page where the item could be marked as watched.
If there is NO access to the GUID from any HTTP request on Plex’s side, then the only remaining option would be user-owned server entries. Since the Plex account data for Sam would indicate that they have no server of their own, that they are a member of Joe’s server, and that Sam is NOT a member of any other server, it can be quite inferred that Joe’s server is the source of the GUID trigger.
In theory, Joe could have a boatload of fake files masquerading as modern blockbuster movies using the GUID. Any action marking these fake files as “watched” would trigger the GUID upload to Plex, but even I would find it skeptical that Sam loves watching mis-labeled videos that happen to have the GUID of popular movies all the time.
EDIT: Keep in mind, I am mostly playing devil’s advocate. I think this is an insane amount of research and investigating to catch a single movie pirate. And Sam would have to be a target of investigation, not Joe, for this roundabout method of investigating. But keep in mind that before now, Plex never recorded the GUIDs that you watched at ALL to your account, thus there was no evidence of what a server contains without accessing it’s library, physically or remotely, which uses HTTPS account authentication.
I am not that concerned about all this myself. Aside from myself, the only other person that sees my stuff is even more paranoid than I am about viewing movies, and certainly does not need this feature and wouldn’t likely enable it. But I can see where this can be considered an intrusion that the server has no control over aside from simply not allowing outside users.
This is the incorrect statement.
If there is no corresponding request for viewing the watch.plex.tv page that matches the movie/show’s GUID, then you can’t eliminate it as a possibility. If that activity is not being logged, you can’t come to that conclusion. Your conclusion to eliminate that possibility is only possible if the activity is being logged.
That’s an odd assumption to make. All web servers log all IP addresses of HTTP GET requests constantly. You’d have to actively choose NOT to log any information of connections, which opens up all kinds of issues when it comes to troubleshooting network issues or security intrusions.
Let alone any security logging. When it comes to which user is authenticated on a particular HTTP sessions, that would also be logged. Allowing you to trace what pages a particular user accessed by account, not just IP. Not that it’d be too hard to connect an IP connection to an account ID separately.
1 Like
Your assumption is based on Plex is lying about not logging that activity.
I have no reason to believe that Plex is intentionally lying to everyone.
2 Likes
(Re-read the article on sync to make sure).
Plex made sure that for this specific action (marking an item as watched), only triggers 4 things to be recorded to the user’s account. The account name, the GUID of the movie, the date/time, and whether it was marked as watched or not. It does not record which server triggered the watch status, nor did it mark whether it was from a server, or plex.tv metadata source, or otherwise.
It makes no mention that they are going to deliberately stop all normal computer server activity on a (potentially) unrelated web server that serves up metadata. These simply records connection and page downloads. As I said, that is normal background information tracking that servers do on their own all the time. I can’t imagine running a web server, let alone one connected to by thousands of people a second, that doesn’t track which IPs request which web page. With access to that, PLUS knowing Sam’s IP address at the time of the Plex Sync upload, can be combined into additional data.
1 Like
Not quite, it would be a waste of resources to keep a log of when / how many times a feature has been enabled / disabled. The only thing stored would be Feature = TRUE / FALSE. Even if everything was disabled when the boogie man came to check, it would still be speculation (at best) how the media was even consumed.
This would be a fair point, but why would Plex even keep a record of HTTP requests? 
A day - week maybe for safety reasons but by time anybody of importance even got permission to force data from Plex there still wouldn’t be much that could happen outside the realm of speculation…
Taking my point above into account here, but this wouldn’t technically be true. As Plex said, even when they’re logging data from a private server, it still doesn’t say where it came from 
I mean, the part I don’t get is why people a freaked out about this and find Plex untrustworthy with their data when they’ve been sending their data and IP’s through HTTP requests for years for their metadata syncs 
I mean, y’all know IP’s aren’t precise right? It’s just a general location narrowed down to the street/city? At least in the UK it is 
Thats all well and fun doing that but the paranoid among us are flapping over something that is very unlikely to happen, and if it did, nothing would come out of it.
Pretty sure that would be morally, ethically and legally wrong if they did too
