Plex Responds, Will Allow Users To Opt Out Of Data Collection

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."

LOL bullshite

[sit1963nz]

"we will never sell or share data related to YOUR content libraries."

First law suit by MPAA and others looking for pirates and WHAM all your data is now with a bunch of lawyers and their clients.

There is only ONE way for a company to never hand over data, that is to never collect it in the first place.

Plex has now just become untrusted

Re:LOL bullshite

[NimbleSquirrel]

IANAL, but simply being in possession of Copyrighted material is not a crime and the MPAA could do absolutely nothing if they did have a user's content library. Copyright Infringement comes from the act of reproducing or distributing those works. The MPAA would have to have separate evidence that the media in a user's library was obtained through illegal means. This means having evidence of you in the act (in which case the list of content of your library would gain them nothing extra) or having a full copy the media itself in your library to prove it is infringing and not just cat videos with a similar filenames (which is impossible to determine simply from a list of your Library).

On top of that, in some jurisdictions, some forms of reproducing works are legal. These include Fair Use, making a backup, time-shifting (recording a show for watching later), or format shifting (ripping a DVD to your media server). The MPAA would have to prove that the works weren't legally present on the user's Plex Server. That alone would be impossible to prove just from a list of a user's content library.

It is easy to say 'OMG teh MPAA are commin for mah Plex!!!1!' but the logistics of them actually being bring a successful prosecution with that data are enormous. It wouldn't be an easy win for them, and it most likely wouldn't be worth their while to try.

Re: LOL bullshite

[fuzzyfuzzyfungus]

I wouldn't be surprised if the combination of bitrate, codec, resolution, and other merely technical playback details could actually be pretty revealing with a little inferential work: even if you count only the strictly standard ones, there are tons of variations, levels and optional features under the heading of "H.264"; more still if you are looking at implementation specific oddities(which you probably have to for the data to be useful for debugging/development purposes). For suing purposes, it would definitely be easier to explain filenames or maybe hashes to a judge; but I strongly suspect that picking out that guy with a collection of media that are encoded with Leaks Release Kr3w's favorite encoder settings wouldn't be all that difficult.
One can understand why Plex would have an interest in what corner cases need attention; but this is one of those "metadata, actually pretty much just data." situations; and it would be seriously disingenuous of them to exaggerate how 'anonymized' it is in practice; and unacceptable for them to collect it on a mandatory basis. If it's so beneficial to customers, surely they'll opt in? Or you can offer a more targeted "playback of this was screwed up. report media details?" option(just as crash reporting has traditionally been handled).

Re:LOL bullshite

[Cytotoxic]

The problem with your theory about format shifting is the DMCA also has protections for encryption. So simply ripping an encrypted DVD is prohibited by law. Remember when the DeCSS code was printed on T-shirts as a protest?

Re:Who?s Plex?

[Harald+Paulsen]

Plex is a company making a software called Plex Media Server, or PMS og Plex for short.

It is installable on a wide variety of platforms, including windows, mac and linux.
The server indexes your collection of movies, tv-series, music, photos and home videos, and you can access it through a Plex Client on your computer, your smart tv, ios-device, android-device, apple tv, roku etc, and it can transcode the content (convert on the fly) in to a more suitable format for the client you are using.

The client even has offline support, so you can sync content to your tablet before a long flight. It's way easier than it used to be to get a bunch of mkv-files onto an ipad for example.

You can also share your media library (or parts of it) with other plex-users. So why not give grandma access to the photo library of her grandchildren? Great way to keep in touch.

It really is a nifty piece of software.

+100 insightful

[aepervius]

And as bankruptcy have shown in the past, such data is considered an asset and can be sold to highest bidder and/or anybody interested in.

Alternative

[esperto]

For the ones worried about privacy with Plex, a good alternative is Emby, it has pretty much the same functionality (transcode on-the-fly, automatic cover search and info about the media, offline download, etc.), is open source, cross-platform, and doesn't collect information on your media.

The only thing you need to pay to use is the phone app, were you can only browser and cast to other devices (like chromecast) for free, to watch on the phone/tablet you need to buy (one license per user, not per device), other clients are free.

Re:Alternative

[shaitand]

"In specific, the Software sends to Us, the version of the Software you are running, the Operating System and version which it is installed on, as well as the technical environment and setup of the Software."

The OS/libs/and settings. I don't think that is the data most of us take issue with. But even that data should be opt-in.

Re: Bet they loved the community calling them Nazi

[drinkypoo]

People need to stop constantly, frivolously misusing words like nazi to describe things they don't like. It doesn't do anybody any good and only diminishes its meaning.

Amen. In fact, it dilutes the value of the word, and makes it harder to fight the real Nazis (in this case).

Re:Oh yeah

[jabuzz]

There is no DRM scheme on audio CD's so the DMCA or similar does not apply.

Good for them

[Dunbal]

I chose a different path and opted out of Plex. Removed from my hard drive. Don't let the door hit you on the way out, fuckers.

Re:Good for them

[jon3k]

I'm also a long time Plex user. The great feature of Plex is a central server to store your library and inexpensive players (in my case, Roku) attached to each TV. This allows you to carry your playlists and watched status between devices. My problem with Plex has always been that it's closed source and they're continually making changes to the Plex Pass paid for product. For me this was just a good excuse to cut ties with a product that already didn't really respect my rights. So yesterday I bought a Kodi capable player (NVIDIA Shield) and I'll be testing Kodi with a shared SQL database to share library information. I'm also looking at Emby and UMS to see how they might fit into a solution.

I will really miss the ease of Plex, but I think it's worth the "hassle" in the long run.

Crash Reports? Seriously :-(

[Wrath0fb0b]

As the developer on a huge-scale application (and a fan of privacy), I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

I'm just saying, it's a tool that we use to make the software better. If you believe that the call stack where the application crashed is really that sensitive (and that I could de-anonymize it based on nothing more than the call stack and a per-application randomly generated UUID), go ahead and turn it off. That's the user's right, but I would just hope to evangelize and try to convince them otherwise :-)

Re:Crash Reports? Seriously :-(

[JohnFen]

I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

Well, I think "essential" is overselling it. It's incredibly useful -- but excellent software of all sorts, simple and complex, managed to get produced and support before such reporting was even possible. It still can.

It would be best to show enough respect for customers to make data collection and reporting opt-in rather than opt-out. That said, I am very pleased and want to praise you for at least allowing people to opt out.

Re:Crash Reports? Seriously :-(

As the user of many applications (and a fan of privacy), I really hope that developers won't use opt-out for collecting crash reports and other maybe-anonymous usage data. Collecting and analyzing that sort of data ("telemetry", but that usually entails a lot more than just that) is always a privacy risk for users which should only be covered by a opt-in.

I'm just saying, everyone is collecting telemetry nowadays with complete disregards for users privacy. If you believe that the users privacy is important, and you believe it is necessary for your users to trust you with this data, go ahead, explain to me what exactly you need and why, and ask me to turn it on. If you think that users should just trust you, go ahead, use opt-out, that is the developers right, but I would just hope to evangelize and try to convince them otherwise :-)

Re:Crash Reports? Seriously :-(

[Wrath0fb0b]

You didn't read what I wrote at all. I get it, and I said it is the user's choice but I would like to evangelize in favor of the ability to make better software.

Or are you claiming in ALL CAPS that because it's the user's choice I can't ask for that?

Re:Crash Reports? Seriously :-(

[Wrath0fb0b]

FWIW, we don't have an opt-in or an opt-out system. There is a clear dialog box that you must proceed through during first usage in which the user must chose. Neither choice is pre-selected, they are both presented in equal font with equal weight and equal screen placement.

So no need to evangelize to me dear AC, we are already doing what you suggest :-)