Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Who has the technical wherewithal to run Jellyfin but leaves access on the open web? I get that sharing is part of the point, but no one’s putting their media collection on an open FTP server.
The level of convenience people expect without consequences is astounding. Going to be away for home for a few days? Load stuff onto an external SSD or SD card. Phoning home remotely makes no sense.
The typical guides for installing Jellyfin and friends, stop at the point where you can access the service, expecting you to secure it further.
Turns out, the default configuration for many (most) routers, is to allow external access to anything a local service will request it to allow, expecting you to secure it further.
Leaving it like that, is an explosive combo, which many users never intended to set up, but have nonetheless.
You would be very wrong about that. You can even search open FTP servers using Google
http://palined.com/search/
OK. I’ll revise. No one with any sense is doing this. “Hi, RIAA and MPAA, come after me” is an asinine approach. I realize we have at least one generation unfamiliar with Napster, KaZaa and LimeWire, which replaced ratio FTP servers (which in turn replaced F-Servs in IRC). This is terrible online hygiene. You don’t leave your media out there for all to see. At least password protect access before linking to your friends.
Look at the rest of this thread though… many people are just fine with “this is FUD, I’m going to keep doing it!”
Still, posts like this raise awareness of the problem.
Friends, family using Jellyfin is the reason many have it directly available (and not behind VPN for example).
I know people are going to crucify me for this but just fucking use Plex at that point
thanks but no. I like my privacy more
And I like that my wife and kids can jump on and access my server whenever they want from any device without fuss. Everyone has their priorities! I take my privacy pretty seriously but I can’t make it the number one consideration at the cost of everything else all the time. Plus, Jellyfin is a security risk if you don’t know what you’re doing. I’m pretty tech savvy but it definitely pushes my limits so I do not feel comfortable setting it up and constantly maintaining it.
I’m not exposing jellyfin, but for sure I wouldn’t let my plex server even see the internet (I bet iy wouldn’t even work that way).
jellyfin is perfectly accessible everywhere it needs to be. been using a VPN on my phone for ages for all traffic.
Doesn’t have a sync play feature like Jellyfin does
I understand why you might find that useful but I do not think that is exactly the most important feature in the world to most people. I could also rattle off plenty of things Plex can do that Jellyfin can’t. I have used both and the fact of the matter is just am willing to take the trade offs for the simplicity of Plex. You do you!