IP’s for your average person are pretty close to anonymous, but your ISP knows which house it gave an IP address out to at a particular time. And thanks to the MPAA and other movie-piracy-catching groups, you can bet that ISPs have to save this information for probably decades. A court subpoena would be quick (probably not even a warrant nowadays) way to find out which person did what on the internet at any given moment.
Good point about the metadata downloads. Logging for those requests could easily generate a potential list of media a server owns. It doesn’t say if the media is legally owned (Blue-ray rips, etc), but you can make a good guess you don’t have a blue-ray copy of Doctor Strange 2 before they even made em. But that was the case before this Sync change.
Thinking about it, that might be worse of a vulnerability to exposure than this Sync feature
I understand. I know someone that I feel takes his privacy much further than I think necessary, but I CAN see an issue here where information that was previously not recorded at ALL by Plex, now is (with a simple button press on login to enable it). Since this can be done by less knowledgeable users, this can happen without the server owner’s knowledge that it is even happening, nor can they do anything to prevent it even if they did know (short of banning all outside users).
It will take a lot of work to eliminate possibilities, but I am confident I could build a case with HTTP logs from Plex’s site, and access to the information saved about the user’s account.
There’s also another possibility of marking something as watched on your account through a direct API call. No visit to watch.plex.tv, no visit to Discover, and no visit to your server.
I could create an app that takes my existing Trakt watched status and sync it to my Plex account directly through the API. According to your assumption, because I didn’t go through watch.plex.tv or Discover there are no “logs” of me accessing those pages, therefore it must be from my private Plex server.
Correct, they probably do have a backlog going back years for many reasons (some good some bad), but good lawd Plex have better things to do. Highly doubt they’re logging anything other than what they actually need to.
Exactly my point Their ISP is literally the biggest wildcard here, why can’t they just use a VPN and get on with their life (says the moron who doesn’t use one)
Look, I obviously don’t speak for all server owners but this is such a non-issue. All it’s doing is adding extra records in their server history for users they share with and sending records back for users that have it enabled. This effects them no more or less than their metadata sync, if they take issue with this they need to give their head a lil wobble before I smash some keys hahaha
I kind of avoided thinking about API calls. Figured there was open API calls, but I disregarded it as a viable “defense”, since it makes no sense to be making calls to set your watched status using an API call one movie at a time to Plex unless you really watched the media.
Grrrr Private watchlists. The net that would need to be cast further to prove you didn’t watch a new movie via the legally available streaming services would complicate things. Stop poking holes in my pitiful argument I took up on @xenago’s behalf.
It started out as a “I don’t agree with your worry, but I see where you are coming from” with Xenago, but now I am worried on their behalf that an action taken by an invited user would - invisibly to the server owner - potentially serve as an exposure of the server’s contents.
(To the Metadata downloads being a way to track server contents, I’d hope that this info would not be logged/saved/anonymized, which might break the evidence chain I am most worried about.)
Anyway. Metadata server logs aside, there was no other info on what your server might have contained. Now, with this watch sync feature, this info is saved to your account, not your server. And invited users of the server can generate this list of server contents without your knowledge.
It’s really not that complicated - offering server operators the option to continue with the normal (private) operation of Plex is all that is being asked here. Believing that Plex sysadmins are not logging what literally every web server puts in its logs unless configured to be completely blind is not believable (as it is not possible to prove) and is not consistent with operating a public-facing web service.
Reducing unnecessary private information being transmitted is a simple and very reasonable request.
I’m sure plex has logging for their web sites. but they probably are not logging the IP address the request came from or any other info that would directly identify a specific user. That kind of info is not needed to determine if an error occurred or is occurring.
If we would consider everything that’s technically possible, you’d have to quit using Plex immediately (and pretty much any other internet-based/internet-connected service as well).
Because it would be equally possible to log every metadata request of your server.
If Plex Inc. wanted to build a list of all media items on your server, they could have done so already a long time ago.
However, they don’t want to.
And that’s what they say in their very detailed and accurate Privacy Policy.
If you think about it rationally, it would be legal and commercial suicide to lie in this privacy policy.
So it is very likely that they don’t lie. Because they want the company to live on.
I’m not sure why trying to prevent additional information leakage is bad - making things less private than they were previously is the problem here! Speculation is only happening here because Plex is not offering an option to disable this data collection. If they simply add an option to disable it on a server-level, then there is no concern of additional data leakage versus the status quo. In the privacy policy you linked (I did the same above, and quoted from it), plex is clear that they collect a ton of data - the problem is that by adding this additional feature it is possible for a shared user to leak information without the server operator’s knowledge or consent. This is all about ensuring server operators have the option to keep their servers as private as they always have been.
No one here is arguing against adding the option you want. If Plex wants to add that option to ease your mind, I won’t argue against it. On the other hand if Plex deems it an unnecessary option I won’t argue for it either.
My only issue was the claim that you can come to a conclusion that it was 100% marked as played on your server when that result is actually inconclusive.
My only issue was the claim that you can come to a conclusion that it was 100% marked as played on your server when that result is actually inconclusive.
In my example scenario, it is. There are no logs of the user accessing any plex-hosted services (discover, watch.plex) and the user is only shared one server. Therefore any watch history almost certainly came from that server. It’s a process of elimination, it’s really quite simple. Anyone in data analytics knows how trivial this is.
Is there a web interface for a user to do that? Are you actually suggesting that most Plex users use
the API? I’m describing a scenario of a normal user, not a computer programmer spamming watchlist api queries. The only likely source is from the single shared server, that’s more than enough information leakage.
I can easily publish an app that makes it a one click process for any Plex user. I could integrate the API directly into Tautulli which would immediately put that ability into the hands on a many users.
You could do that. But you haven’t and no one has. This is about the current state of how everything works. As it stands, there is only one likely source of Sam’s watchlist entry Joe’s server. If Joe could block the sharing, then there is no possible information leak.
The more this specific change and discussion progresses the less concerned I am about it. The only thing they sync is watched state and user rating both of which are tied to plex account and GUID of the item being acted upon.
Take this (somewhat unrealistic) scenario below in the effort to make a point …
Create a dummy movie file on your server for a recent movie, lets use Jurassic World Dominion as an example.
Make sure the movie is matched and metadata etc is all downloaded.
Now mark the movie as watched and give it a rating and let is sync.
So does this mean the movie is on your server and for that matter you actually watched it ? Not in this example, it just means an entry for the movie is on the plex server but there is no evidence the movie itself is on the server or was even watched.
Just because a sync of watched state or user rating is done does not mean it actually exists on any server. No one would ever be able to prove that.
For me the concern is the continued approach from plex inc to move configuration away from server based settings to online account based settings. This is something I’ll be watching closely as plex continue to roll out features.
Again, the fact that the user has something matching the name of a copyrighted movie is enough, since that information should be private or at least there should be an option for it to be. If metadata matching is enabled then that information is shared at some point, but preventing it from being transmitted again is still valuable since it is not necessary.
Their ISP is literally the biggest wildcard here, why can’t they just use a VPN and get on with their life (says the moron who doesn’t use one)
