I never got a pop-up, at all. Secondly, as dozens of other people have pointed out here, the popup they did note said their settings were set to private, then gave a list of items that they assume were set to private because it intentionally lead you to believe that, but it was actually changing them to Friends/Friends of Friends.
Saying “Hey these are your current settings just FYI related to this new feature” and then having an Ok button at the bottom but having that button change the settings away from what it’s telling you they currently are in the headline is intentionally deceitful to drive adoption and that’s scummy development.
Further,
Means that they, the server owner/account owner, did not give explicit consent. Which would make this opt-out, not opt-in, as not every platform has the same security access requirements as every other platform because Plex is monumentally fragmented in user experience.
You must be new here. This is standard MO for Plex when it comes to this stuff.
Judging by some of the responses from Plex employees on other threads, I suspect the general reason is the Plex employees who actually post on the forums are not in a position to speak for the company legally, so they aren’t going to show up at all in any discussion where people are beating GDPR drums.
With the number of complaints half the data privacy protection orgs in the world are going to be reaching out over the coming months. I feel for Plex’s legal team. A few fines alone could bankrupt the company!
Everyone that signed off on this rollout should be fired. Just stunning.
This feels so gross to me, been a Plex user forever… and this is probably the worst possible thing they could’ve done. This makes no one feel secure, default opting everyone into this ■■■■, and then blast emailing the watch habits of your friends is certainly one of the choices of the decade I guess.
They’ve been hounded about privacy, and then they pull this bulllshit. I was fine giving them access to data to help them with features or whatever, but this made me pull away all sharing with Plex and I’ll be seriously looking into Jellyfin or whatever now.
Any high level employees reading this breathing post mortem, should probably address it sooner rather than later because the silence is staggering.
Again, please stop with this victim blaming. If this many people are this upset, and it is getting this much news coverage, it is 100% on Plex.
I am aware of and have followed industry press on numerous streaming services since the inception of the industry. Other than child/parent relationships, none of them has unexpectedly emailed one user’s watch activity to another user, not once, not ever, so far as I’m aware - until now. There was no possible way for users to “carelessly f’up” because that’s how responsible products are designed.
Trying to move the blame to the user because a possibility might have existed that had they mastered multiple different confusingly and or flat-out inadequately explained settings in multiple locations; plus somehow intuited on their own that Plex had redefined existing user accounts into Friends with no notice; plus had the expertise and inclination to dig into the line-by-line details of a privacy policy that appears to say in plain English “we don’t store viewing titles*” but gets around this by storing GUIDs instead; is disingenuous at best.
I have engaged in debating some of the finer details because these topics interest me and I have some background in them. But really those details are all besides the point. When a product is designed correctly, it does not get widespread horrified press for gross invasions of privacy, and it’s just that simple. And a good management team, on finding out they made this blunder, moves immediately to apologize, to fix the problem, and to rebuild trust; not to dig in and blame it on their customers. (Plus probably makes an up-front effort to comply with relevant laws and standards like GDPR, etc.)
Why is “Account Visibility” (under the “Who can find your account?” section that is within “Privacy Settings”) still buried within this page?
That setting alone defaulting to “Anyone” and only being accessible within that menu already says that this is an “Opt Out” system. I was giving the benefit of the doubt before, but as time has gone on, my trust on this has rapdily been eroding.
I got the popup. Thought to myself “Hey, that’s kinda cool but it’s not for me”, reviewed the privacy settings and noticed they were all set to “Friends” (IIRC), set them all to “Private” and saved. I opted out of Discover in its entirety (for now) as well.
No emails here among my group of friends and family.
I get it, some people seem to have had a different experience. There could be many reasons for that ranging from laziness and clicking through, to a bug or poor default settings in Plex.
My suggestion is for everyone to frequently review all of their privacy settings in Plex Web and every website website and app they use. Do this on a regular basis so you can adjust to new features and policy changes.
Personally, watch/rating history being shared among friends and family is the least of my worries. Hell, I publically rated movies on Netflix for years. However, I do strive for maximum privacy where possible. Seems like a lot of outrage over some people seeing which movies or shows you like. Good grief.
Hey Plex. This is just unacceptable.
Shareing data should default to private and you should opt into sharing. Throwing these messages into a splash screen is just wrong. In my case the settings for my accounts were accepted by a minor using a television in a shared room.
Just fix this, disable this setting and and apologise for the blunder and dont ever do this again. You should just know not to do stupid stunts like these
Probably because it’s not a new option that directly relates to the sharing of ‘discover’ activity amongst friends.
Not excusing Plex’s approach to this, but why are people (such as yourself) allowing access to your main account to multiple people? There’s plenty of options within Plex for account management that would (should) prevent others from making changes to your account without your knowledge. Even without the security implications, who wants someone else messing up details of what you have and haven’t watched?!
You can look for yourself.
The setting is within the same group of options in the same popup, just only visible in your profile’s edit page.
Having that default to “anyone”, lets ANYONE look at a person’s profile. Easily can see the watch lists of those that aren’t friends of yours as long as that person never changed that settings.
It doesn’t help that the setting itself is buried and most people wouldn’t even know of its existance.
I know where it is, but the reason for it not being in that initial ‘onboarding’ screen is probably that it was an existing option that doesn’t directly relate to the new feature.
That’s not correct. Having it set to anyone means anyone can find you; however, it doesn’t display your watch history/lists to them. They have to be a ‘friend’ or ‘friend of a friend’ depending on what you’ve set the other options to. And if those other options are private then no-one can see that information, regardless of your ‘Account visibility’ setting.
I understand that if you do not follow evolving industry standards, and were interpreting these words on just their regular meaning in casual conversation in another topic, you might find the screens to be an example of “opt-in”.
But please understand that within the field of privacy regulations, opt-in has a more specific meaning, and that specific meaning directly excludes a company pre-selecting privacy-invading default choices. To be compliant with “opt-in” as used in privacy regulations such as GDPR, the defaults must have been “Private”, and the user must have taken affirmative action to change them from “Private” to something more invasive.
Hitting a single “Finish” button on a modal pop-up that includes no other exit point is not considered giving affirmative consent to privacy-invasive default choices in this context.
That’s not even accurate considering it’s possible to look at the friends of a “friend of a friend”. You can even just keep going down the chain of “friends of friends of friends”.
Very simple. It’s a media player running on the TV to be used by people in the living room. I’ll probably rethink this but the splash screen came up for all users connected to the account so setting this for the minor sub-account would have been just as bad.
If everyone in the chain had the privacy setting for ‘My friends’ set to ‘Friends of friends’ and you had your account visibility set to ‘Anyone’ then I agree your account profile could be found by going through friends of friends of friends (which is a frankly long winded approach). But once found your profile wouldn’t show anything about your activity unless you had one or more of the top 4 options set to something other than ‘Private’ and the other user met the relevant criteria (i.e. a ‘friend’ or ‘friend of friend’).
All the account visibility toggle does is control who can find your profile. It has no involvement with what is actually displayed on the profile and to who.
I’m not sure what you mean by this. Are you talking about a main account with managed accounts? Or multiple full accounts that have all been added to a plex home?
I’ve just quickly set up a new account (on a platform that doesn’t yet have discover together) and added a managed account to it. When I sign in at app.plex.tv (which does have discover together) I get the splash screen if I’m logging into the main user, but nothing if I log into the managed user. I would also expect multiple splash screens if there were multiple full accounts under one Plex home (one for each full account).
That won’t cut it in the EU. You can’t preselect the options that invade your privacy. You have to present the options and they have to be deactivated then the user can activate them if desired and save them with OK. This is nothing new, it is implemented in literally millions of websites if they implement tracking cookies.
This is standard MO for Plex when it comes to this stuff.
