Plex Responds, Will Allow Users To Opt Out Of Data Collection

stikves writes: This weekend Plex had announced they were implementing a new privacy policy, including removing the ability for opting out of data collection and sharing. Fortunately the backlash here, on their forums, Reddit, and other placed allowed them to offer a more sensible state, including bringing back opt-out, and anonymity of some of the data.
Plex CEO Keith Valory wrote Saturday that some information must be transferred just to provide the service -- for example, servers still check for updates, they have to determine whether a user has a premium Plex Pass, and "we have to provide accurate reporting to licensors for things like trailers and extras, photo tagging, lyrics, licensed codecs and so on... [W]e came to the conclusion that providing an 'opt out' in the set-up gives a false sense of privacy and feels disingenuous on our part. That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions." But to address concerns about data collection, Plex will make new changes to their privacy policy: [I]n addition to providing the ability to opt out of crash reporting and marketing communications, we will provide you the ability to opt out of playback statistics for personal content on your Plex Media Server, like duration, bit rate, and resolution in a new privacy setting... we are going to "generalize" playback stats in order to make it impossible to create any sort of "fingerprint" that would allow anyone to identify a file in a library... Finally, in the new privacy tab in the server settings we will provide a full list of all product events data that we collect... Our intention here is to provide full transparency. Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with."
And he emphasized that "we will never sell or share data related to YOUR content libraries."

LOL bullshite

[sit1963nz]

"we will never sell or share data related to YOUR content libraries."

First law suit by MPAA and others looking for pirates and WHAM all your data is now with a bunch of lawyers and their clients.

There is only ONE way for a company to never hand over data, that is to never collect it in the first place.

Plex has now just become untrusted

Re: LOL bullshite

[fuzzyfuzzyfungus]

I wouldn't be surprised if the combination of bitrate, codec, resolution, and other merely technical playback details could actually be pretty revealing with a little inferential work: even if you count only the strictly standard ones, there are tons of variations, levels and optional features under the heading of "H.264"; more still if you are looking at implementation specific oddities(which you probably have to for the data to be useful for debugging/development purposes). For suing purposes, it would definitely be easier to explain filenames or maybe hashes to a judge; but I strongly suspect that picking out that guy with a collection of media that are encoded with Leaks Release Kr3w's favorite encoder settings wouldn't be all that difficult.
One can understand why Plex would have an interest in what corner cases need attention; but this is one of those "metadata, actually pretty much just data." situations; and it would be seriously disingenuous of them to exaggerate how 'anonymized' it is in practice; and unacceptable for them to collect it on a mandatory basis. If it's so beneficial to customers, surely they'll opt in? Or you can offer a more targeted "playback of this was screwed up. report media details?" option(just as crash reporting has traditionally been handled).

Re:Who?s Plex?

[Harald+Paulsen]

Plex is a company making a software called Plex Media Server, or PMS og Plex for short.

It is installable on a wide variety of platforms, including windows, mac and linux.
The server indexes your collection of movies, tv-series, music, photos and home videos, and you can access it through a Plex Client on your computer, your smart tv, ios-device, android-device, apple tv, roku etc, and it can transcode the content (convert on the fly) in to a more suitable format for the client you are using.

The client even has offline support, so you can sync content to your tablet before a long flight. It's way easier than it used to be to get a bunch of mkv-files onto an ipad for example.

You can also share your media library (or parts of it) with other plex-users. So why not give grandma access to the photo library of her grandchildren? Great way to keep in touch.

It really is a nifty piece of software.

+100 insightful

[aepervius]

And as bankruptcy have shown in the past, such data is considered an asset and can be sold to highest bidder and/or anybody interested in.

Alternative

[esperto]

For the ones worried about privacy with Plex, a good alternative is Emby, it has pretty much the same functionality (transcode on-the-fly, automatic cover search and info about the media, offline download, etc.), is open source, cross-platform, and doesn't collect information on your media.

The only thing you need to pay to use is the phone app, were you can only browser and cast to other devices (like chromecast) for free, to watch on the phone/tablet you need to buy (one license per user, not per device), other clients are free.

Re:Alternative

[shaitand]

"In specific, the Software sends to Us, the version of the Software you are running, the Operating System and version which it is installed on, as well as the technical environment and setup of the Software."

The OS/libs/and settings. I don't think that is the data most of us take issue with. But even that data should be opt-in.

Crash Reports? Seriously :-(

[Wrath0fb0b]

As the developer on a huge-scale application (and a fan of privacy), I really hope that people don't opt out of reporting crashes and other anonymous usage data. Collecting and analyzing that sort of data ("telemetry" but that's a bad word here on /.) is an essential part of the software development lifecycle.

I'm just saying, it's a tool that we use to make the software better. If you believe that the call stack where the application crashed is really that sensitive (and that I could de-anonymize it based on nothing more than the call stack and a per-application randomly generated UUID), go ahead and turn it off. That's the user's right, but I would just hope to evangelize and try to convince them otherwise :-)