Plex Responds, Will Allow Users To Opt Out Of Data Collection

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."

LOL bullshite

[sit1963nz]

"we will never sell or share data related to YOUR content libraries."

First law suit by MPAA and others looking for pirates and WHAM all your data is now with a bunch of lawyers and their clients.

There is only ONE way for a company to never hand over data, that is to never collect it in the first place.

Plex has now just become untrusted

Re:LOL bullshite

[gl4ss]

there's fingerprints for illegal media(just full stop illegal to posses, not just to copy) and at least the feds would love to run such a search on the plex servers.

Re:LOL bullshite

[NimbleSquirrel]

IANAL, but simply being in possession of Copyrighted material is not a crime and the MPAA could do absolutely nothing if they did have a user's content library. Copyright Infringement comes from the act of reproducing or distributing those works. The MPAA would have to have separate evidence that the media in a user's library was obtained through illegal means. This means having evidence of you in the act (in which case the list of content of your library would gain them nothing extra) or having a full copy the media itself in your library to prove it is infringing and not just cat videos with a similar filenames (which is impossible to determine simply from a list of your Library).

On top of that, in some jurisdictions, some forms of reproducing works are legal. These include Fair Use, making a backup, time-shifting (recording a show for watching later), or format shifting (ripping a DVD to your media server). The MPAA would have to prove that the works weren't legally present on the user's Plex Server. That alone would be impossible to prove just from a list of a user's content library.

It is easy to say 'OMG teh MPAA are commin for mah Plex!!!1!' but the logistics of them actually being bring a successful prosecution with that data are enormous. It wouldn't be an easy win for them, and it most likely wouldn't be worth their while to try.

Re:LOL bullshite

[Abubakar.ss]

"we will never sell or share data related to YOUR content libraries." First law suit by MPAA and others looking for pirates and WHAM all your data is now with a bunch of lawyers and their clients. There is only ONE way for a company to never hand over data, that is to never collect it in the first place. Plex has now just become untrusted

what is this ???

Re: LOL bullshite

[fuzzyfuzzyfungus]

I wouldn't be surprised if the combination of bitrate, codec, resolution, and other merely technical playback details could actually be pretty revealing with a little inferential work: even if you count only the strictly standard ones, there are tons of variations, levels and optional features under the heading of "H.264"; more still if you are looking at implementation specific oddities(which you probably have to for the data to be useful for debugging/development purposes). For suing purposes, it would definitely be easier to explain filenames or maybe hashes to a judge; but I strongly suspect that picking out that guy with a collection of media that are encoded with Leaks Release Kr3w's favorite encoder settings wouldn't be all that difficult.
One can understand why Plex would have an interest in what corner cases need attention; but this is one of those "metadata, actually pretty much just data." situations; and it would be seriously disingenuous of them to exaggerate how 'anonymized' it is in practice; and unacceptable for them to collect it on a mandatory basis. If it's so beneficial to customers, surely they'll opt in? Or you can offer a more targeted "playback of this was screwed up. report media details?" option(just as crash reporting has traditionally been handled).

Re:LOL bullshite

[Cytotoxic]

The problem with your theory about format shifting is the DMCA also has protections for encryption. So simply ripping an encrypted DVD is prohibited by law. Remember when the DeCSS code was printed on T-shirts as a protest?

Re:LOL bullshite

[CodeHog]

The win may not come in the form of a monetary settlement but rather a long drawn out expensive court battle. Even if they have to pay the defendants court fees just dragging the whole process along can cause many issues with someone's life, i.e. they use a few court battles to serve as a warning to other people doing or thinking about doing it.

Re:LOL bullshite

[jon3k]

I think having a huge collection of files that just happened to have identical filenames to movie files would probably be "probable cause" to search the actual data. I don't think any judge would think it's a little unreasonable to claim you just happen to like to name your personal cat movies the exact same name as actual movies.

Re:LOL bullshite

[NimbleSquirrel]

Firstly, 'Probable Cause' only applies to criminal cases not civil cases. As much as the MPAA like to pretend otherwise, they are not a law enforcement agency and cannot prosecute criminal cases.

Being in possession of copyrighted media is not illegal, especially as there are a number of perfectly legal ways that media could have been obtained.

It is the act of unauthorized reproduction or distribution that is copyright infringement. A list of filenames just doesn't get close to proving infringement. The cat movies was just an example to show that you really have no idea what the actual content is if all you have is a list media titles in a library. Sure, it is reasonable to suggest that the files are what they are titled, but that alone does not a) prove that they are, nor b) prove that the files were obtained through copyright infringement.

Re:LOL bullshite

[NimbleSquirrel]

Legal format shifting is just one possibility for the media being legally in someone's library. It comes down to jurisdiction, especially for those that live outside the US where the DMCA does not apply.

Re:LOL bullshite

[jon3k]

Firstly, 'Probable Cause' only applies to criminal cases not civil cases.

Actually ...

Probable cause is a level of reasonable belief, based on facts that can be articulated, that is required to sue a person in civil court or to arrest and prosecute a person in criminal court.

Being in possession of copyrighted media is not illegal, especially as there are a number of perfectly legal ways that media could have been obtained.

Depends on the material. If it's material that you would have obtained via the circumvention of copyright protections (ie DeCSS) that is illegal.

It is the act of unauthorized reproduction or distribution that is copyright infringement

The question is would that be enough evidence to file a civil suit in court. Considering that they've been able to use IP addresses connected to torrents to file lawsuits, I think I'll error on the side of caution.

Opt-in would be better!

[EzInKy]

But of course they know that.

Oh yeah

[CimmerianX]

>> "we will never sell or share data related to YOUR content libraries"

1) until MPAA sues them for it
2) Until someone/some company offers them a boat load of money for it.
3) They decide to offer it to the highest bidder to help their bottom line for the 'investors'

Every Company always says they will NEVER sell your data.... until they do.

Re:Oh yeah

[jabuzz]

There is no DRM scheme on audio CD's so the DMCA or similar does not apply.

Re:Oh yeah

[spire3661]

Then they are not true red book CDs, and cant bear the CD logo.

Re:Who?s Plex?

[CimmerianX]

You don't.

Illegal copying myth

[hackwrench]

I think you'll find that DMCA is civil not criminal and it is only illegal to distribute content for x amount of dollars that I can't be bothered to look up

Re: Illegal copying myth

[fuzzyfuzzyfungus]

When he said "just plain illegal to possess"; I suspect he meant kiddie porn. MPAA doesn't care; but the feds do.

Re:Who?s Plex?

[Harald+Paulsen]

Plex is a company making a software called Plex Media Server, or PMS og Plex for short.

It is installable on a wide variety of platforms, including windows, mac and linux.
The server indexes your collection of movies, tv-series, music, photos and home videos, and you can access it through a Plex Client on your computer, your smart tv, ios-device, android-device, apple tv, roku etc, and it can transcode the content (convert on the fly) in to a more suitable format for the client you are using.

The client even has offline support, so you can sync content to your tablet before a long flight. It's way easier than it used to be to get a bunch of mkv-files onto an ipad for example.

You can also share your media library (or parts of it) with other plex-users. So why not give grandma access to the photo library of her grandchildren? Great way to keep in touch.

It really is a nifty piece of software.

+100 insightful

[aepervius]

And as bankruptcy have shown in the past, such data is considered an asset and can be sold to highest bidder and/or anybody interested in.

Alternative

[esperto]

For the ones worried about privacy with Plex, a good alternative is Emby, it has pretty much the same functionality (transcode on-the-fly, automatic cover search and info about the media, offline download, etc.), is open source, cross-platform, and doesn't collect information on your media.

The only thing you need to pay to use is the phone app, were you can only browser and cast to other devices (like chromecast) for free, to watch on the phone/tablet you need to buy (one license per user, not per device), other clients are free.

Re:Alternative

[shaitand]

"In specific, the Software sends to Us, the version of the Software you are running, the Operating System and version which it is installed on, as well as the technical environment and setup of the Software."

The OS/libs/and settings. I don't think that is the data most of us take issue with. But even that data should be opt-in.

Plex now trustful as Roomba and Microsoft

It's sad to hear that one of the last trusted systems is now being lost to evil. No one seems to get the point that any forced data collection, anonymized or not is evil. It opens the door for small increases and more anti-consumer changes later.

Plex, it doesn't matter what you say about anonymizing data, any collection that's forced puts you at the same scumbag level as Roomba, Google (Along with the Location must now be turned on for Bluetooth to work and no Google response) and Microsoft. If the capability is there, the data will be collected and abused.

Goodbye Plex, you've been a trusted go to for a long time but no more.

Re:Plex now trustful as Roomba and Microsoft

[JohnFen]

It's sad to hear that one of the last trusted systems is now being lost to evil.

What I think is really sad is that recent history shows that you cannot trust any software, no matter who produces it. All software must be treated as hostile until you can verify that it isn't.

Saddest of all, this even includes open source software. The advantage of open source is still that you can examine and modify the code, though, so it's a little easier to verify whether or not it's safe or to fix it if it isn't.

Re: Bet they loved the community calling them Nazi

[drinkypoo]

People need to stop constantly, frivolously misusing words like nazi to describe things they don't like. It doesn't do anybody any good and only diminishes its meaning.

Amen. In fact, it dilutes the value of the word, and makes it harder to fight the real Nazis (in this case).

Good for them

[Dunbal]

I chose a different path and opted out of Plex. Removed from my hard drive. Don't let the door hit you on the way out, fuckers.

Re:Good for them

[Cytotoxic]

Which path did you end up chosing?

Kodi?

What were the reasons for your choice?

Re:Good for them

[jon3k]

I'm also a long time Plex user. The great feature of Plex is a central server to store your library and inexpensive players (in my case, Roku) attached to each TV. This allows you to carry your playlists and watched status between devices. My problem with Plex has always been that it's closed source and they're continually making changes to the Plex Pass paid for product. For me this was just a good excuse to cut ties with a product that already didn't really respect my rights. So yesterday I bought a Kodi capable player (NVIDIA Shield) and I'll be testing Kodi with a shared SQL database to share library information. I'm also looking at Emby and UMS to see how they might fit into a solution.

I will really miss the ease of Plex, but I think it's worth the "hassle" in the long run.

Re:Good for them

[Dunbal]

I have kodi on an android set top box separated from my computer. So if ever it's used to spy on me they're more than welcome to see whatever is on that box and nothing else. I was using Plex/Roku but both Roku and Plex have started acting like assholes and MPAA police/shills. They're both gone.

YOUR content libraries?

[shaitand]

I should hope they are making the same commitment to content from shared libraries. Also, it should be opt-in not opt-out, shame on you Plex.

Re:Who?s Plex?

Also, as a part of the indexing, it downloads metadata and cover art for each title, making an attractive user interface possible. It also transcodes on the fly, creating a stream appropriate for your device and connection speed.

Very XBMC like, and very, very easy to use. Clients are available on your phone, tablet, gaming console, roku..... very convenient.

Crash Reports? Seriously :-(

[Wrath0fb0b]

As the developer on a huge-scale application (and a fan of privacy), I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

I'm just saying, it's a tool that we use to make the software better. If you believe that the call stack where the application crashed is really that sensitive (and that I could de-anonymize it based on nothing more than the call stack and a per-application randomly generated UUID), go ahead and turn it off. That's the user's right, but I would just hope to evangelize and try to convince them otherwise :-)

Re:Crash Reports? Seriously :-(

[spire3661]

It should be up to the user ALONE if they want to share that with you. DO YOU GET IT?????? It doesnt matter how useful it is to you, respect the user.

Re:Crash Reports? Seriously :-(

[JohnFen]

I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

Well, I think "essential" is overselling it. It's incredibly useful -- but excellent software of all sorts, simple and complex, managed to get produced and support before such reporting was even possible. It still can.

It would be best to show enough respect for customers to make data collection and reporting opt-in rather than opt-out. That said, I am very pleased and want to praise you for at least allowing people to opt out.

Re:Crash Reports? Seriously :-(

As the user of many applications (and a fan of privacy), I really hope that developers won't use opt-out for collecting crash reports and other maybe-anonymous usage data. Collecting and analyzing that sort of data ("telemetry", but that usually entails a lot more than just that) is always a privacy risk for users which should only be covered by a opt-in.

I'm just saying, everyone is collecting telemetry nowadays with complete disregards for users privacy. If you believe that the users privacy is important, and you believe it is necessary for your users to trust you with this data, go ahead, explain to me what exactly you need and why, and ask me to turn it on. If you think that users should just trust you, go ahead, use opt-out, that is the developers right, but I would just hope to evangelize and try to convince them otherwise :-)

Re:Crash Reports? Seriously :-(

[Wrath0fb0b]

You didn't read what I wrote at all. I get it, and I said it is the user's choice but I would like to evangelize in favor of the ability to make better software.

Or are you claiming in ALL CAPS that because it's the user's choice I can't ask for that?

Re:Crash Reports? Seriously :-(

[Wrath0fb0b]

FWIW, we don't have an opt-in or an opt-out system. There is a clear dialog box that you must proceed through during first usage in which the user must chose. Neither choice is pre-selected, they are both presented in equal font with equal weight and equal screen placement.

So no need to evangelize to me dear AC, we are already doing what you suggest :-)

Re:Crash Reports? Seriously :-(

[JohnFen]

I would call that an "opt-in" system, personally, because your software is not defaulting to reporting.

So, may I say... kudos to you and your team!

Re: Crash Reports? Seriously :-(

[Brockmire]

There needs to be a perceived benefit, or the user thinks they are working for free (even on a free product). On my phone, when they ask if it can enable anonymous diagnostic reporting, it said that it will obtain faster and better location fixes. So you have to make it sound like you're scratching backs or something.

Re:Opt-out = asshole

[green1]

Things are either opt-in or a necessity.

Exactly. Since this was pointed out to Plex, they decided to re-define this data to "necessity" so that they didn't have to make it opt-in... Seems they'd rather try to re-define the terms than do the right thing.

Re: Bet they loved the community calling them Nazi

[Khyber]

People like you need to quit being disingenuous with other people's words. When I said they acted like Nazis, you obviously failed to draw the parallel to involuntary data collection.

But hey, it's idiots like you that allow real dilution of words to happen, with your lacking brain power.

Re:Who?s Plex?

[JohnFen]

And how do you know they will not collect your data?

Proper firewall configuration.

Re: Bet they loved the community calling them Naz

[Brockmire]

Fuck off. Nazis are not well known for their data collection. You could have said NK, China or Russia if you truly wanted to make parallels with data collection. Fuck, you could have said Google. Just fuck off trying to turn things around when you were the one to overstate like a motherfucker. You'll be known as the boy who cried Nazi.

Re: Bet they loved the community calling them Naz

[Brockmire]

Alex Jones, you should register for an account.

Re: Huh!

[Brockmire]

Isn't this like the third Plex story in recent memory? Sounds like you're not committed to /.

Thats ok...

[LVSlushdat]

Too little too late.. Already switched to Emby... SOOOOOOOOOO much better than Plex.... Wish I'd known about
Emby sooner...

Re: Bet they loved the community calling them Naz

[Khyber]

"Nazis are not well known for their data collection."

Better take your uneducated ass right the fuck back to school, because they sure as fuck were.