Plex Users Fear New Feature Will Leak Porn Habits to Their Friends and Family - eviltoast

“I can see that one of my friends is apparently watching a ton of cheesy, soft porn stuff,” a user said of Plex’s Week in Review email and Discover Together feature.

Many Plex users were alarmed when they got a “week in review” email last week that showed them what they and their friends had watched on the popular media server software. Some users are saying that their friends’ softcore porn habits are being revealed to them with the feature, while others are horrified by the potentially invasive nature feature more broadly.

Plex is a hybrid streaming service/self-hosted media server. In addition to offering content that Plex itself has licensed, the service allows users to essentially roll their own streaming service by making locally downloaded files available to stream over the internet to devices the server admin owns. You can also “friend” people on Plex and give them access to your own server.

A new feature, called “Discover Together,” expands social aspects of Plex and introduces an “Activity” tab: “See what your friends have watched, rated, added to their Watchlist, or shared with you,” Plex notes. It also shares this activity in a “week in review” email that it sent to Plex users and people who have access to their servers.

This has greatly alarmed a wide swatch of Plex’s user base, who have blown up the Plex forums, the Discover Together blog post comment section, and Reddit with posts about disastrous overshares created by the feature. A sampling of posts: “Discover Together and Week in Review emails are a MASSIVE breach of privacy and trust!,” “Security breach: Why is my friend receiving notifications to rate movies I’ve watched?,” “Weekly review emails data leak,” “Plex crossed a line with ‘Your week in review’ emails today.’”

The feature is opt-out, meaning that many people were very surprised to get these emails and see this feature, as it’s up to users to proactively turn it off (instructions here and here).

“I can see that one of my friends is apparently watching a ton of cheesy, soft porn stuff (think classic ‘skinemax’ fare) from some server (it’s not mine) or Plex channel, and I am 100 percent sure they would be mortified to know that I know this,” one user wrote on the Plex Forums. “Now replace this friend, who’s just enjoying their downtime with some cheeky T&A, with a teenager who may be having difficulty figuring out feelings about their sexuality and are just trying to explore by watching LBGT dramas to see if anything there resonates or can help them figure things out. Suddenly, one of their intolerant friends or parents gets a detailed email report with a cheery title listing every little thing they’re watching…This is a dystopian nightmare of a feature and I honestly can’t believe it’s been rolled out as opt-out like this. SHAME ON YOU, PLEX!”

“I wonder how many people just had their week’s porn selections emailed to their Plex friends,” another user posted. “I just got an email about a friend’s watching habits which he definitely didn’t want to share. He insists he’s never opted into any data sharing, but…it went out anyway.”

“I’m sure there’s a certain percentage of people who want to know what kind of porn their grandma likes, but I’m hoping it’s not the majority,” another posted.

Otto Kerner, who is a moderator of the official Plex forums, said that porn viewing habits would only be shared if Plex can make a “match” of the media with online databases like IMDb. “Many pr0n titles are either not listed there at all [sic],” Kerner wrote. It’s worth noting, however, that there are many adult titles on IMDb.

There are hundreds of posts about the issue on the official Plex forums, many of which point out that many Plex users chose to use the service in the first place because it is a “self-hosted” alternative to streaming that many people go into believing they will have more control and privacy than is offered by Hulu, Netflix, and other streaming services. Plex is also used by many users to play and stream files that they have illegally pirated (the ability to do this is largely behind the initial popularity of Plex), though the company has been trying to move away from the perception that most people are using it to play pirated content. “The fact that this data is available to you AT ALL … That is just … Mind boggling, and completely against the very notion of self hosting,” one user wrote. “I feel betrayed that was done without telling me that this data was going to be collected. Let alone acted upon. It’s dangerous. Certain entities would LOVE to have that data…which could mean jail time for some.”

“The ‘See what your friends are watching’ will be great for all the people with secret porn libraries. Or when you start watching a Jan 6th documentary, and you see Aunt Becky start commenting about it being part of a satanic conspiracy,” a commenter on Plex’s blog post announcing the feature wrote. “I can also say that not one person I have talked to has ever liked the idea that I can see what they’re watching from my server.”

Plex did not respond to requests for comment sent from 404 Media. Plex employees have been posting regularly in the forums explaining that people can opt out of the data sharing, and have also said media watch “sync events,” which it uses to track viewing history, do not tell the company the nature of the file played: “There is no way to know whether something being ‘watched’ occurred because you went and saw it at the theater and then marked it on the Discover page when you got home, you watched through a personal Plex Media Server Library, or anything else.”

  • Zagorath@aussie.zone
    link
    fedilink
    English
    arrow-up
    123
    arrow-down
    4
    ·
    1 year ago

    Honestly Plex has always given me the icks. Its weird hybrid of self-hosted but managed through their servers always struck me as the worst of both worlds. I’d rather put in a small amount extra effort to properly self-host my stuff, or do significantly less work and use something cloud-based. I just don’t understand what niche Plex is supposed to serve.

    • spaghettiwestern@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      41
      arrow-down
      5
      ·
      1 year ago

      Same reaction here. My Plex install lasted until I realized that I had to log into their servers to watch my own content. WTF is an understatement.

      • RaoulDook@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        1
        ·
        1 year ago

        You don’t have to log into it, you can turn off authentication for your local network.

        If you’re accessing it over the Internet without a VPN, then it should be no surprise that it requires a “cloud” login.

        • subtext@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          edit-2
          1 year ago

          It is a bit of a surprise though because I can host my own authentication (Keycloak, Authelia, Google OAuth as a stretch), or use the built in auth from the service the way Jellyfin does it.

          I use Plex because it Just Works™ for my family, but eagerly waiting for Jellyfin to keep catching up.

        • spaghettiwestern@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          5
          ·
          1 year ago

          Who said anything about authentication to access it? A server cannot be set up without creating an account with the company and allowing the server to send Plex data.

          • RaoulDook@lemmy.world
            link
            fedilink
            English
            arrow-up
            9
            arrow-down
            3
            ·
            1 year ago

            You did. It was implied in your statement about logging into their servers. If you didn’t mean that then you should have worded it differently.

            • spaghettiwestern@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              edit-2
              1 year ago

              Wow, you not only think you’re a mind reader, you lecture like a 1st grade English teacher. You must be really fun at parties.

      • Evotech@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        Honestly it’s a good feature for most, same with auth being a cloud service. But it would be nice to be able to self host that part too.

        • spaghettiwestern@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          For remote access an account makes sense, but like many people I have no need of accessing my content without a VPN. There are other options out there that do not require logging into a company’s server to set up a local server.

          • Evotech@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            I think if you are aiming for the general public it’s great that you can handle secure remote access and authentication. Because those things are the easiest to mess up and leave you vulnerable.

            Plex is great at what it offers, and if that offering didn’t fit your needs then by all means use something else.

      • Radical Dog@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        I cannot fathom why Plex is so dominant while Jellyfin, for my taste, is better. And Jellyfin is explicitly free, contributors cannot be paid, because they are funded by their intense hatred of capitalism.

    • Reddfugee42@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      7
      ·
      1 year ago

      Is Netflix for torrents. On my TV, on my phone, at my in-laws. Pause on my phone and resume on my TV.

      Surely it can’t be that hard to get it.

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      no need to setup or pay for ipv4 tunnels (which is basically what plex handles for you) or ipv6 (while ipv6 IS great, prefixes offered by isps are usually dynamic and you’ll need ipv6 on your mobile connection too)
      getting a public ipv4 is basically impossible task nowadays, most isps only hand them out to registered business on enterprise grade connections, and even if you’re a business, STATIC ip is an extra upsell.
      and isps that do hand out them to customers charge extra for it, and usually quite a lot.

      • Zagorath@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        My ISP gives static IP for free to all customers. Other popular ISPs in my region which are popular among people even moderately savvy will offer it for a very modest fee ($5/month extra is what a quick Google suggests).

        Or you can set up dynamic DNS. Use Cloudflare to point to your home IP address, and run an extremely simple script which automatically updates that IP address with Cloudflare.

        The only way it becomes a problem is if your home Internet connection is behind CGNAT and can’t be changed. (From what I’ve heard, many ISPs that use CGNAT by default will give you a public IP as long as you notify them of your desire for one.) But that’s an egregiously bad service and you should be looking to move to a better company.