Are you at all concerned with the GDPR implications of this? I’m a citizen and resident of the European Union and you’ve effectively transmitted personally-identifying information of mine to a third party without my explicit consent. I never opted in to your sharing of this information and you never gave me an opportunity to opt out. Seems to me you’ve handled this in a way that puts you in violation of the regulation. This is a data breach for which the penalties (per case) are prohibitive. As in: enough to bankrupt your company. See this for example.
I would sincerely hate to see that happen to Plex, because I like your product. But, seriously, how could you have let this happen?
