That’s possible, but I don’t know how I can verify that. If I select “forgot password” link on the login page, it requires me to enter an email address and not the username. The email I received was sent to the email address I have associated with my account.
Check the exact “to” email address in the email.
If you are using Gmail, dots (.) and plus (+) suffixes in the email address all get sent to the same inbox, but will be different accounts in Plex.
Example: The following four Gmail addresses all get sent to the same inbox, but would be four different Plex accounts.
johnsmith@gmail.comjohn.smith@gmail.comj.o.h.n.s.m.i.t.h@gmail.comjohnsmith+plex@gmail.com
1 Like
I think you may be mistaken. My email address is not at issue. The question I have is regarding the username that was assigned to me.
My forum username is as shown here, and my preferences in the forum show the correct email address, which is the same that I use to login to Plex, and also the same email address I received the notice about my newly assigned username. However, that notice received today containing the newly assigned username doesn’t match my forum name.
Your Plex account username was never changed until this process. It was your email
Normally when your Plex account username is changed your forum account username will update the next time you explicitly sign into forum via SSO. However it will not change if you ever changed your forum account username manually which you did in October of 2020 looking at the forum logs
The forum software does not hold sign in information and works via SSO. Changing the forum account username will not change your Plex account username because the SSO does not work in reverse.
I also sent you a message about this.
1 Like
@ricardo Yes, finally, you get what my concern is, thank you!
Of course, it should be an option to have our accounts discoverable or not, this is a Media Server, not a social network (and even those have privacy settings that Users can set themselves)!
Do friend sharing via QR Code, OTP, Connection String, but definitely not by searching and matching from a list of everyone that has a plex.tv account.
I also think that your terms or privacy policy should be updated to clearly reflect what exposure our plex.tv accounts have on your platform and their relationship to other plex.tv accounts, as this is definitely not clear at all (until this thread uncovered some of it).
Just to reiterate, I do not think you should “consider” an account privacy setting, I think this should be a top priority!
4 Likes
@sixxnet Don’t even get me started on the security nightmare that is using the same accounts for the Plex.tv platform and a 3rd-party forum platform!
Now we are relying on the security of one platform (publicly accessible to anyone as you stated) you don’t control the code to directly linked to one you do.
What I am asking for is for the developers to have security and privacy as a fundamental part of the development process with Plex, not an open platform that then needs to have all the holes plugged when the userbase raises their concerns.
2 Likes
It isn’t the same account that is why you can change the username here separately. If you post something here we have to display something so by default we do take your plex account username. If you did not have a username that would be your email. The forum needs your email to send notifications and needs a unique username to do @mentions
I’ve never really understood why there are 3 fields used to identify users or where these are used.
Is there any documentation that succinctly explains what each of these is for, how they inter-relate and where they are stored and which parts of the service programs use them? (i.e. plex central, my own plex servers, players - be they browser based or dedicated device apps.
I did look a while back but couldn’t find anything but I may have used the wrong search terms…
If it doesn’t exist it could be a really useful thing to spend time on. Especially if it has a pretty diagram or two. Probablky most useful if combined with a full description of admin users, end users, …and any others I don’t yet know about.
There are many reasons why people might want to understand this. The username thing is just one.
- Last time I looked was when I was considering tidal subscriptions via Plex. Had I understood that enabling Tidal on my account would only enable it for me, not any user of the plex server then I wouldn’t have bothered. This resulted in me removing the PIN from my account (which is admin on my server) so that others could try out Tidal. After 3 months we’ve decided to go back to lower quality sources that we can actually share as a family, as we do with Spotify, Prime (Vid and Audio), Netflix (vid), Disney (Vid) etc. etc.
Just tell the Truth!! The “-” and “@” are now reserved characters and can’t be used in the system. Stop the BS
Please, don’t.
let’s double-check the exact mail address to which the notification was sent; I have a suspicion this might be from another account you might have created at some point (maybe accidentally, maybe forgotten…).
PS: less drama…
I want to know why, exactly, the first and ONLY notification I received for a CREDENTIALS change on my account was when a change was being made without my consent as the account holder?
And before you advise that you haven’t, if you can log in using it, it is a credentials set.
Why could you not have sent an email requesting a change and advising reasoning for it; like every other tech company I have ever worked with, both professionally and personally?
I am honestly furious at the fact that you would make an account change to MY CREDENTIALS at all! But this does not change the fact that I DO wish to hear from an official on this matter from your company.
@BigWheel thanks, I do not think we should clog up this subject with the other concerns etc. but I would love to ask how the SSO was implemented between Plex.tv and the forum or what SSO provider you are using?
I must say it is refreshing to have such engagement from the Plex Team, it usually feels like we are mostly just ignored.
I hope some documented transparency on how the accounts are used, how they are connected etc. comes out of this thread.
I also hope that an opt-out option (for account discoverability initially at the very least) is implemented as a priority and that Plex fosters a more security/privacy-first development and design culture.
Huhhh… Why are you so paranoid? If your so concerned use Proton email…
Agree, Plex team have been very open, trying to resolve sign on issues with email disclosure.
Man what are you afraid of with this implementation? Or is it what you are hiding? Paranoia in play here I believe.
@SE56 Everyone that connects anything to the internet should be security focused. Only a brief look at the news should reenforce that for anyone (Even Plex themselves have suffered a data breach before).
It may be a result of my career (I am an Enterprise Architect), but a zero-trust architecture is not paranoid, it is a mutual respect for all users of your system.
Everyone should have the option (expectation even) to data security and privacy (GDPR, POPI etc. are good examples of this) online and offline.
p.s. I do in fact use Protonmail 
2 Likes
this is a user level setting based on what sources they have pinned. logically speaking, it should be up to the users what sources they want to use for search results
curious if you have a citation for this claim? there have been security issues that have been patched in the plex media server software package, which is routine for almost all software, but unless i am mistaken there has not been any breach of plex data or customer information to date
It happened. Although already a few years ago.
The attacker broke the forum software and siphoned off the user database from there.
Today’s separation of plex user accounts and forum system is a lesson learned from that incident.
2 Likes
thank you, i tried to search for before asking and sorry to bring up old wounds
Does anyone have an idear of how it compliance with GDPR?
For the uninformed, GDPR is the European Union’s “General Data Protection Regulation”.
Somthing any compagny which sells goods and services to EU citicenz has to be compliant with.
In essence, no matter which country the compagny is located, it has to be compliant with GDPR if they have EU customers!
Example:
- Any breach of customer data has to be announced to the customers!
- Customer data cannot be shared unless the customer agrees.
- If the customer withdraws or leave the service, the data has to be deleted.
- If the customer request a list of the stored data, the compagny are obliged to provide it all.
1 Like
