Paranoid and perplexed by Plex privacy pickle? Just Enjoy Jellyfin
In the world of self-hosted streamable media, Plex is often cited as the dominant player - boasting 16 million active monthly users across the world.
It offers an easy-to-deploy server system, through which you can stream your own media to friends and family, as well as streaming licensed shows through the wider network.
But to many, Plex is a problematic platform - and to use it you may have to make compromises on privacy, as well as potentially expose yourself to legal action.
Self-hosting your own services grants you freedom from exploitation
Self-hosting your own services to replace those provided tech giants such as Google, Twitter, Netflix, and Amazon is a great hobby.
Even on something as basic as an old, unloved laptop, or a bargain basement single board computer such as the Raspberry Pi (affiliate link), you can run your own communications network over XMPP with video, audio, and text chat; deploy Immich as a vastly superior alternative to Google Photos; push Amazon's Audible out of the picture with Audiobookshelf; and free yourself from the tyranny of Jamie Oliver with a variety of self-hosted recipe managers.
By running your own services on your own hardware, you're not being tracked across the internet by entities that do not have your best interests at heart, you're not having adverts shoved down your throat, and you're not paying subscription fees beyond those required for a bargain domain name from NameCheap (another affiliate link).
In addition to the services mentioned above, you can also replace Netflix and Amazon Prime videos with... Plex?
What's wrong with Plex?
Plex has a long and storied history that begins in 2007, with two projects to port XMBC to macOS merged to create OSXBMC - later named Plex.
The aim was simple: give users more control over their media. Plex boasted dozens of individual apps, helping users to access streaming content, trailers and manage their media. In 2009, Plex was incorporated as a private company.
While the popularity of Plex continued to grow, a number of questionable decisions were made. These rankle with us. They might not bother you in the slightest.
The allure of self-hosting is that your media is running on your hardware. It's supposed to give you absolute independence, privacy, and anonymity: Download, install, stream - and it's nobody's business but yours.
Plex, on the other hand, is a mess of upselling and dubious privacy options.
For the purposes of this article, we (partially) ran through the installation process so you don't have to.
A Plex privacy problem
Finding Plex was easy enough. We typed "Plex media server" into DuckDuckGo (other search engines are available), and clicked on the top result. So far, so straightforward, but we were immediately greeted by a banner promising an "Upgrade to a Lifetime Plex Pass for 25% off. Upgrade Now!" No thanks.
Scrolling down to select our server type, we were twice more offered the opportunity to "Get a Plex Pass to access exclusive preview downloads. Sign in with a Plex Pass enabled account to access exclusive preview downloads." Again, we'll pass thanks.
We selected Linux as our platform, confirmed that we were at least 13 years old, and proceeded to download the deb file for our virtual Ubuntu system.
We Installed with:
sudo dpkg -i ~/Downloads/plex*
...and attempted to start Plex from the system menu.
But Plex did not start.
Instead, a new browser window opened to app.plex.tv, with a message stating that "Plex web would like to sign into your Plex account".
We were given the option of signing in via Google, Facebook, Apple, or email.
We don't have a Plex account and don't especially want one either. There seems to be little point in going down the self-hosted route, then relying on a corporate third party to gain access to our own media. We also feel it may not be immediately obvious to all users that they're on an external site.
Below this dazzling array of sign-in options is the disclaimer that "By creating an account or continuing to use a Plex application, website, or software, you acknowledge and agree that you have accepted the Terms of Service and have reviewed the Privacy Policy.
These are not short documents, but highlights include who the company shares your data with. This includes payment processors, business and analytics providers, content providers, marketers, and cloud service providers, third parties to improve and deliver advertising to you on our behalf and on behalf of others.
They'll also cough up your deets to, "satisfy an applicable law, regulation, legal process, or valid governmental request; or protect or defend the safety, rights, or property of Plex, the public, or any person".
That's an awful lot of sharing, and an awful lot of marketing. And do keep in mind the provenance of your self-hosted material in case it becomes the subject of a government request, or infringes the rights of any other organisation.
You can, of course, delete your personal information from Plex, "except that we may retain archived copies as required by law".
Well, shit.
In section M, the policy states that Plex (the company) does not collect "content titles of your Personal Content" or "Filenames EXCEPT those that may be collected under Debugging Information below."
Scroll down to the Debugging Information section, and you'll see that this includes, "logs, crash reports, or other information about your devices, media, and experiences".
While the policy goes on to state that, "it is for the sole purpose of resolving technical issues with the software", we'd hate to speculate how this would stand against the requirement to "satisfy an applicable law, regulation, legal process, or valid governmental request".
In our opinion, your logs shouldn't be anywhere near the Plex company servers, lest any passing rights-holder take exception to your illegally ripped Blu-rays.
Lacking either Google, Facebook, or Apple accounts, we used one of our many email aliases, and were then redirected to a localhost address to learn "How Plex Works".
We clicked the big orange "Got it" button and were subject to yet another full-screen Plex Pass advert offering an array of benefits including parental controls, offline media downloads, live TV and DVR.
There are three large payment option buttons, and a tiny white X in the corner to get rid of the thing. This is what is known a dark pattern.
We didn't go any further than that - partially because we don't want what is supposedly our media server to scan our movies and forward any logs the Plex central, and partly because we'd need to enable DRM to use the damned thing.
How long is a lifetime anyway? Is it your lifetime? Their lifetime?
A public Plex privacy problem
As a private company employing around 100 people, Plex has an obligation to make money. Selling a lifetime Plex pass gets them a one-off payment of around $100, and if you're committed to the Plex ecosystem, it makes sense to choose this option rather than monthly or yearly subscriptions.
But for it to be worth it for the company, their user base needs to grow.
People love to be part of a club, and to engage in the same or similar activities as their friends and acquaintances. They like recommendations, and things to talk about over the weekly Sunday get-together.
The Plex Discover service launched in March 2022 and allowed users to see what was new and trending across all of their subscribed services.
And in a November 2023 blog post, the company expanded the scope of Discover, stating:
We can all agree that we love seeing a Fresh Tomato score, but nothing compares to those IRL conversations on Monday morning (remember those?) where we stand around (instead of working) and review—mano a mano—what we watched all weekend. Let’s call it the Water Cooler Effect...Sure, our curation is done by real humans, and our recommendations span the services you watch most, but add in the stuff your friends are watching and rating? That’s gold, Jerry! Gold!
It's certainly gold for someone, but as reported by 404 media, users are discovering that Discover lets friends and family discover the smut you've been playing on Plex.
The company later clarified to 404 that:
Plex does not generate community activity for known adult titles. The 'skinemax' type content you refer to in the article may not all be tagged as adult, so that is why these titles may surface in watch activity.
Fair enough, but it's still embarrassing to talk to your uncle at the next family gathering when you know he's been asked to give a thumbs up to your viewing of Bikini Chain Gang (Hard Love, Hard Time). And that water cooler chat in work could be agonisingly awkward when you know that your line manager spent the weekend binging such skinemax classics as Secret Games ( Take a ride to the dark side of desire), Secret Games 2 ( The darkest side of desire), and Secret Games 3 (Revisit the dark side of desire).
Why you should use Jellyfin instead of Plex?
We could spend all day enumerating the reasons why Plex is not our preferred server for self-hosted streaming hijinks. Instead we're going to say why Jellyfin is our media server of choice.
It starts with the installation process: Visit https://jellyfin.org/, and select your server type. There's no pass involved, and no upselling. Lifetime access? Screw that, it's built in. Just download and install the usual way.
If you run Linux, you don't even need to visit the site: open a terminal and if you're on a Debian-based system, enter:
curl https://repo.jellyfin.org/install-debuntu.sh | sudo bash
Boom. Done. You can create an admin account through the browser. The Jellyfin devs don't know you've created an account (it's on your server, not theirs) - nor do they particularly care. No-one gets your movie titles, or your metadata, or anything else. If you want to upload your logs for help with troubleshooting, you can, that's on you. No-one's forcing you.
Let's talk about extras for a minute - the kind of feature you'd pay for on Plex.
Watching and recording live TV? Yes, you can do that. Downloading media onto any device? Hell yes.
Got kids and want to restrict what they can watch? Create a Jellyfin profile for them, and set a maximum allowed parental rating, or restrict based on tags. You can even make an access schedule, where media can only play during specific periods, and will be stopped past it.
We ran through the entirety of what the Plex pass allows you to do on your server, and as far as we can tell, Jellyfin has most of it baked in. It's common-sense stuff, and the kind of useful feature that should be available as part of any basic package.
One area in which Jellyfin positively excels in comparison to Plex is with third party apps. You can use Plex through your browser or with an officially supported Plex app. With Jellyfin, anyone can make a comptible app and put it on the app / play store or on F-Droid.
This had led to a profusion of apps for a variety of purposes. The official Jellyfin Mobile app is great, but if you're more into music, for example, you can use the excellent Gelli, Fintunes, or FinAmp.
These are all entirely focused on streaming your Jellyfin music collection, creating playlists, and giving you an excellent soundtrack to your life.
Want a better interface for your movies and shows, but don't care about music? Try Findroid. Prefer to access your Jellyfin instance through Kodi? There's an unofficial add-on.
Jellyfin music in your Linux terminal? You need Jellycli. For audiobooks, JellyBook handles most formats well.
There's an incomplete list of official and third-party clients here. Check it out, then check out Plex's list of companion apps (some will require a Plex pass to function)
Freemium vs open source
If you're happy with the privacy trade-offs offered by Plex, it may be the ideal home streaming solution for you. And paying for a pass means you have some kind of piece of mind (as well as freedom from the ever-present prompts to upgrade).
But Plex offers little over and above what you'd get with Jellyfin, and comes at a pretty precarious potential price to your privacy. If you feel bad about not paying for software, you can always donate to Jellyfin to help keep the servers running and the devs fully caffeinated.