Givin us what we want yipeeee

We wanna play on release!!! We want them big booties in our face on day one!!! Not day 365!!!

Yeah i hate when I see people using Brave, because they have been brainwashed.

Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.

Sadly, using small niche VPNs that might be more trusted makes you stand out more.

This probably doesn’t matter does it? Because being spotted as a mulvad, airvpn, etc user doesn’t make you more of a target for anything.

It just means that if they try to trace your connection back to you, they won’t find anything out, because you have a trusted zero-logging vpn.

Only think I could see is it could potentially be easier to track usage through the ip and assume it’s one person, but idk you could do that with anything if you look at the request timings, etc. It’s still just guesses.

Am i missing something?

It’s pretty unusual to have a Mullvad user on your server

Probably not on the usual sites people visit (youtube, etc, the big sites 99% of ppl go to exclusively), but I can see your point for any smaller site.

Because 5€ for their current service is overpriced

Airvpn provide a discount for each extra month you sign up for in bulk which is nice. It’s a great service in my opinion.

https://airvpn.org/

https://airvpn.org/ is a great option that is still privacy friendly and allows port forwarding. Still niche if you care about that, so may not be for you.

Then flat flat spike spike for good measure

Sorry, I wasn’t clear. When I said “why do you care?”, I didn’t mean YOU specifically with OPs potential problem of losing users.

I meant why do people in general, who self-host software for friends/family, care if their friends/family stop using the software.

E.g. I have friends on Plex, but for whatever reason, I decide I want to move to Jellyfin. My friends stop streaming my media because they dont like jellyfin for whatever their own reasons may be. I personally wouldn’t care about losing them as “users”, because it’s not like they are paying customers. I let them access my instance for free, if they aren’t bothered enough to use it, then thats on them, not me to cater to their needs by keeping Plex around.

Hope that cleared up my meaning. I wasn’t attacking you for caring with your original response.

p.s. you are at risk by hosting Plex too, just in different ways. Plex still requires your server is open to the internet, right? Even if only Plex’s servers can access it, who’s to say Plex themselves don’t get hacked. Always a risk/reward type deal with hosting software, in my opinion, either are fine to expose.

Yes, you are right, but I think my point was missed.

Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?

There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.

Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.

Hm I don’t remember posting the comment you are replying to, to the one I replied to.

You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.

When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.

I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?

I believe in the underlying message (use linux), but doesn’t practically every big company change their privacy policy or tos every 10 minutes.

I don’t trust any governmental body, probably for the best.

💀

I believe their license (GPLv3) doesn’t permit modifying the source code without releasing it to anyone who asks for it, but realistically, if it’s only code they have written, they won’t sue themself over it.

I’m no licensing expert, but that’s how I see it.

I didn’t mean to say that it’s (still) trash, I think it’s useable, but there are still a lot of improvements to come.

Element as a client seems to want to do everything, which is probably great for a lot of people, but it (in my experience) has led to a poor user experience (which with more time, will likely improve, they seem to have a lot of backing).

With Element completing voice/video implementation, I imagine it’ll be easier for other clients to reference their work when implementing their own support.

Once the other clients get voice support, I will definitely be trying them out again, I’m sure they will make a much simpler experience that works out the box.

The lost keys problem has luckily never happened to me, it usually boils down the user error I believe, but yeah, if it is a user error that happens often, they should figure out some way to fix that (probably a hard problem, which is sort of fixed (i believe) if you use the client on multiple devices, so if you get logged out of your account you can easily authorize your access from another logged in device, eg desktop/mobile).