In todays episode of "Plex enshittifies" Plex employee breaks ToS.
Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Without authentication; it's possible to randomly generate UUIDs and use them to retrieve media from a jellyfin server. That's about the only actually concerning issue on that list, and it's incredibly minor IMO.
With authentication, users (ie, the people you have trusted to access your server) can potentially attack each other, by changing each others settings and viewing each other's watch history/favorites/etc.
That's it. These issues aren't even worth talking about for 99.9% of jellyfin users.
Should they be fixed? Sure, eventually. But these issues aren't cause to yell about how insecure jellyfin is in every single conversation, and to go trying to scare everyone off of hosting it publicly. Stop spreading FUD.
It's not FUD if it's real. I could say the same shit for people screaming Jellyfin at literally every chance they get when the topic is Plex. Instead I further the discussion rather than telling other people they're spreading FUD.
It's an MD5 hash of the file path. Not randomly generated, and not a proper UUID.
Edit: for others that might not understand... Docker files will standardized the path side... *arr suites and general human nature will standardize the file name.
So a generally guessable file path exists for a LOT of users out there... It's absolutely possible to guess that many people running jellyfin would store their version of bigbucksbunny as /movies/bigbuckbunny (2008)/bigbuckbunny.mkv or similar conventions and I've probably already nailed the path to generate the MD5 for a lot of people running Jellyfin just now.
You shouldn't expose it publicly
There are better ways to do things in 2025