Plex Responds, Will Allow Users To Opt Out Of Data Collection

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."

LOL bullshite

[sit1963nz]

"we will never sell or share data related to YOUR content libraries."

First law suit by MPAA and others looking for pirates and WHAM all your data is now with a bunch of lawyers and their clients.

There is only ONE way for a company to never hand over data, that is to never collect it in the first place.

Plex has now just become untrusted

Re: LOL bullshite

[fuzzyfuzzyfungus]

I wouldn't be surprised if the combination of bitrate, codec, resolution, and other merely technical playback details could actually be pretty revealing with a little inferential work: even if you count only the strictly standard ones, there are tons of variations, levels and optional features under the heading of "H.264"; more still if you are looking at implementation specific oddities(which you probably have to for the data to be useful for debugging/development purposes). For suing purposes, it would definitely be easier to explain filenames or maybe hashes to a judge; but I strongly suspect that picking out that guy with a collection of media that are encoded with Leaks Release Kr3w's favorite encoder settings wouldn't be all that difficult.
One can understand why Plex would have an interest in what corner cases need attention; but this is one of those "metadata, actually pretty much just data." situations; and it would be seriously disingenuous of them to exaggerate how 'anonymized' it is in practice; and unacceptable for them to collect it on a mandatory basis. If it's so beneficial to customers, surely they'll opt in? Or you can offer a more targeted "playback of this was screwed up. report media details?" option(just as crash reporting has traditionally been handled).

+100 insightful

[aepervius]

And as bankruptcy have shown in the past, such data is considered an asset and can be sold to highest bidder and/or anybody interested in.

Crash Reports? Seriously :-(

[Wrath0fb0b]

As the developer on a huge-scale application (and a fan of privacy), I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

I'm just saying, it's a tool that we use to make the software better. If you believe that the call stack where the application crashed is really that sensitive (and that I could de-anonymize it based on nothing more than the call stack and a per-application randomly generated UUID), go ahead and turn it off. That's the user's right, but I would just hope to evangelize and try to convince them otherwise :-)

Re:Crash Reports? Seriously :-(

[spire3661]

It should be up to the user ALONE if they want to share that with you. DO YOU GET IT?????? It doesnt matter how useful it is to you, respect the user.

Re:Crash Reports? Seriously :-(

As the user of many applications (and a fan of privacy), I really hope that developers won't use opt-out for collecting crash reports and other maybe-anonymous usage data. Collecting and analyzing that sort of data ("telemetry", but that usually entails a lot more than just that) is always a privacy risk for users which should only be covered by a opt-in.

I'm just saying, everyone is collecting telemetry nowadays with complete disregards for users privacy. If you believe that the users privacy is important, and you believe it is necessary for your users to trust you with this data, go ahead, explain to me what exactly you need and why, and ask me to turn it on. If you think that users should just trust you, go ahead, use opt-out, that is the developers right, but I would just hope to evangelize and try to convince them otherwise :-)