Yeah i hate when I see people using Brave, because they have been brainwashed.

Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.

Sadly, using small niche VPNs that might be more trusted makes you stand out more.

This probably doesn’t matter does it? Because being spotted as a mulvad, airvpn, etc user doesn’t make you more of a target for anything.

It just means that if they try to trace your connection back to you, they won’t find anything out, because you have a trusted zero-logging vpn.

Only think I could see is it could potentially be easier to track usage through the ip and assume it’s one person, but idk you could do that with anything if you look at the request timings, etc. It’s still just guesses.

Am i missing something?

It’s pretty unusual to have a Mullvad user on your server

Probably not on the usual sites people visit (youtube, etc, the big sites 99% of ppl go to exclusively), but I can see your point for any smaller site.

Because 5€ for their current service is overpriced

Airvpn provide a discount for each extra month you sign up for in bulk which is nice. It’s a great service in my opinion.

https://airvpn.org/

https://airvpn.org/ is a great option that is still privacy friendly and allows port forwarding. Still niche if you care about that, so may not be for you.

Sorry, I wasn’t clear. When I said “why do you care?”, I didn’t mean YOU specifically with OPs potential problem of losing users.

I meant why do people in general, who self-host software for friends/family, care if their friends/family stop using the software.

E.g. I have friends on Plex, but for whatever reason, I decide I want to move to Jellyfin. My friends stop streaming my media because they dont like jellyfin for whatever their own reasons may be. I personally wouldn’t care about losing them as “users”, because it’s not like they are paying customers. I let them access my instance for free, if they aren’t bothered enough to use it, then thats on them, not me to cater to their needs by keeping Plex around.

Hope that cleared up my meaning. I wasn’t attacking you for caring with your original response.

p.s. you are at risk by hosting Plex too, just in different ways. Plex still requires your server is open to the internet, right? Even if only Plex’s servers can access it, who’s to say Plex themselves don’t get hacked. Always a risk/reward type deal with hosting software, in my opinion, either are fine to expose.

Yes, you are right, but I think my point was missed.

Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?

There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.

Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.

Maybe this type of automation could be improved by letting trains handle the long journey part:

Autonomous truck -> train -> autonomous truck

Then, the automated trucks (that could maybe be dispatched from rail networks when you have cargo to send) dont have to do the long distance part. Only the last couple miles each time from train to warehouse and vice versa.

I’m sure there are complications im missing, but at scale this sounds like a feasible plan.

For shorter haul trips though, trucks are necessary for the whole journey no matter what.

Because you are too reliable ;(

If you’re looking at getting a new (used) phone, I would suggest GrapheneOS (the most secure/private de-googled rom afaik).

You need a Pixel phone, the newer you get the longer you will keep getting software updates for the future (if you keep the phone past these many years of support, then I believe switching to a other rom will be required for security patches etc. Each phone is supported until Google stops supporting them I believe). You said you don’t care about updates because you can keep it from connecting to the internet, but it’s a plus anyways.

If you plan on never touching a google service, GrapheneOS allows for that (nothing google by default), but on the other hand, if you need google play, etc for banking apps or whatnot, they have that covered with Sandboxed Google Services (which you can run solely in another user profile on your phone for added privacy).

Anyways, I think GrapheneOS in a great option & their website has much more info if you’d like to continue hearing about it:

https://grapheneos.org/

p.s. you can check their website for how long different pixels will have continued support before (if) you get one (incase anyone else is reading this).

That sounds funny, but In that reality, the government with all its power will find a way in (they probably already have programs (as in departments) for finding their way into other countries tech).

Better to just install a proper de-googled android build (grapheneos, etc) and only use wifi (if data/phone num not needed) for the best odds.

In a couple of years (with more r&d, development and investment) I bet this will change to being use a linux phone.

Hm I don’t remember posting the comment you are replying to, to the one I replied to.

You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.

When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.

I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?

Yeah here’s to hoping these game devs/publishers get their heads on straight when we all move to linux and stop playing their games because of lack of support.

That’s the thought I use to cope anyways ;(

I’m lucky all the apps I use worked on linux when I swapped over, native or otherwise (through wine).

Sounds like if you fully migrated over, you’d have to give up quite a lot of software and relearn different tools, which is probably close to impossible (given the ones you listed).

Hope the Windows 11 transition is at least a smooth one for you!

They don’t have to, I was simply providing a solution to a problem they don’t have.

If they want to, but can’t because of they decade old configurations, this solution could ease the process or allow them to figure out if it’s even a possibility.

Basically just letting them know they can try it without destructing their existing Windows setup.

Pretty much every online competitive game cuz they all use invasive anti cheats and scapegoat linux as the cheater platform.

CS2 is the only outlier that I know of (VAC is server side mostly & CS2 is native anyways so). Probably some other games that are linux friendly too, but 99% are not.