But the field can contain anything at all, so if anonymity is the goal, you can still have that.

This dialog isn’t asking for a legal name, it’s just suggesting using your real name because that’s a pretty normal thing.

It’s always been thus, tho, I think?

Seems like our times are troubled enough that identity is become a powderkeg issue, which I can understand.

But I don’t think Debian is forcing us to inscribe our legal names here.

I don’t get it.

I used to use Plex and now use jellyfin, not so much because one has features the other doesn’t, but because XBMC became what they said they never would be. That’s going back a ways, but I just saw the writing on the wall a few years ago that Plex had stopped caring about free users, and I was an admittedly free user.

People focus on monetary cost, but there is a price to Jellyfin, which is that you’re on your own with all the plumbing. I’m OK with that, but I can see why someone wouldn’t want to faf about with it.

Jellyfin will one day become what Plex is now, that’s the cycle of things.

Joy and utility.

Plus, there’s something for everyone.

I think we’re arguing two sides of the same coin.

Most cameras do not do the heavy lifting of face/person detection on hardware, they send the streams to some cloud for processing. Just be aware of that.

Mine too. And I appreciates that.

No, I understand the nature of the unencrypted transport. I understand that the credentials are exchanged unencrypted (although the passwd isnt in plaintext, even on jellyfin). I also understand what is on the trusted network, my kid’s subnet.

The mitigations are the following:

• creds are unique to that user, and don’t coincide with any other creds
• IP is filtered at firewall level and also by acl policy at the threshold of the storage and data networks, so only the one single remote public IP is allowed to connect, and even then is approved for access only to jellyfin.
• jellyfin has read-only access to media, so no user, including admin, can delete media.
• jellyfin’s watched state data is backed up every 30 min with fim watching for over 20% changes. If a massive change happens where suddenly it appears that someone marked 45 hours of shows watched or unwatched, I am notified.

Anybody who can see the Jellyfin login page can use the Jellyfin server’s permissions to play media directly from your media library.

Correct, that’s the idea and that’s why the IP is filtered. When my kid’s IP changes, his PC posts a notice to me about it, and I change the the fw rule. This happens once a year on average.

Your Jellyfin server is either available to the Internet or not available to the Internet.

Also correct, it is available to the internet, which from jellyfin’s point of view is one single /32.

There is a body of suggested action to take in the interest of security that is repeated here and in other self-hosted spaces, and what you’re saying is valid and sound advice. I want to acknowledge that I don’t take your comment as wrong, it’s very prudent for someone just getting into managing their own stuff.

However, security is my job, and I do take it seriously. And there are more ways than one to get it done.

I keep my data back ends on encrypted channels, backups on another, and I control very tightly what has access to everything else. The model I use is something like “zero trust”, where I assume the clients even on my own network are malicious. In that context, extending my lan to a single remote lan on a single port isn’t really much different than allowing an iot device I don’t trust on my actual lan; it sees no other hosts but a gateway and whatever my acls allow it to.

So in the end, what can a device do at large on the internet to my jellyfin “network”? Nothing. What can a pwned device do on my kid’s network with jellyfin? It can watch TV and movies, because the api calls from jellyfin clients to jellyfin front end are nondestructive.

Calm down breh.

Nah.

deleted by creator

Port forward, filter ips, take reasonable precautions on the trust of networks.

It’s not rocket science, as you mentioned in your other vitriol.

deleted by creator

Didn’t end your post with :wq

Yes

You should not expose a Jellyfin server to the open internet.

You should not expose a Jellyfin server to the open internet if you don’t know what you’re doing.

FTFY

HDR, hardware transcoding, remote access.

deleted by creator

Not sure I’ve ever heard vociferous used that way.

I’ve been downloading shows for 30 years and all the manual curating and renaming is for the birds.

I think it’s fine for yourself, but as soon as other ppl are relying on you for this, it becomes a full time job.