Plex Announces Massive Price Hike on Lifetime Subscription Plans
(www.ign.com)
from inclementimmigrant@lemmy.world to selfhosted@lemmy.world on 19 May 13:47
https://lemmy.world/post/47077021
from inclementimmigrant@lemmy.world to selfhosted@lemmy.world on 19 May 13:47
https://lemmy.world/post/47077021
Plex has announced a massive price increase on the service’s Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.
threaded - newest
I never thought those leopards would eat MY face.
are they insane?
Yes.
From a purely profit-oriented perspective, no. They’re setting up a pretext to eliminate the lifetime license plan due to a lack of interest. No sane person would pay that kind of lump sum for the service (and the insane ones will bring in triple the revenue), so they’ll claim that there is no market for it. After that, they’re free to crank up the periodic subscription prices.
Never attribute to stupidity that which is adequately explained by profiteering opportunism.
Does this already have a name? If not, can we call it “Riccitiello’s Law”?
it’s called capitalism
it’s their own product, who are they pretending to fool?
Stakeholders. Journalists. The market. The ignorant public. They’re constructing a narrative to shield themselves and minimize the hit to their reputation when they stop offering lifetime license plans. The announcement won’t look nearly as damning if it contains a reference to the falling number of new lifetime customers, even if it omits the context of why that number has been falling.
So they are “shielding” themselves from a reputation drop by making an incredibly naked attempt and pushing the price to the roof so nobody wants it?
I mean, come on… if they had increased it $20 by $20 until nobody wants it, I would buy your hypothesis, but this is like pooping on my Director’s desk while he is in the office to get fired
How is this less blatant than just announcing they are cancelling life time subscriptions? or even better, just removing the option without any announcement?
They wanna gentle into it somewhat because they know there are many server managing people on the line already, doubting going jellyfin but scared of the hassle of transferring users, incompatibility (or too difficult for user) with some users devices.
They wanna move fast because money line needs to go up, boss said.
So currently, tripling lifetime prices seems to be the middle way for them. After a while monthly and yearly prices will rise too (but slower than tripling).
Not really. Their plan for a while now is to convert all to subscriptions and this is just their latest salvo. Next up is getting rid of it completely due to “no demand” and then kicking existing lifetime accounts to some static version that won’t be supported.
then why not just do that? who are they pretending to fool?
Good point! Everyone that sees the news on this is either going to already be using Plex or not internalize it because it isn’t relevant to them.
It seems like they’re jumping through an awful lot of hoops to bamboozle some tiny number of potential customers that happen to be in the market for self-hosted media streaming right then at the time of the announcement of the end of the lifetime subscription.
A gentle reminder that Jellyfin exists to those thinking of alternatives.
For free (FOSS), and is way better than Plex
If you use it weekly it shouldn’t be free to you, certainly if you use it more frequently than that. Give money to the projects you depend on or they will disappear.
Supporting software that you use by paying for it?
Ew.
/kidding
I’m a very happy lifetime membership owner and have zero problem with them removing features from the free version. Free doesn’t pay the bills unless you want to become the product.
You find a place on jellyfin.org where they take donations? I was looking last night and only found a link where you could contribute your time.
If you click through some of the options on this page: jellyfin.org/contribute/
It links to a donation option here: opencollective.com/jellyfin
Thanks!
It’s not better in any way other than cost. That cost comes with massive drawbacks.
If you ignore the mostly horrendous UI, the security problems, the worse transcoding performance, the harder setup, the difficulty to access it remotely in a safe way,… Yeah sure, way better
The ui can be improved with community addons like moonfin but i agree it would be nice if they improved these out of the box
I couldn’t care less about the client design, since you have free choice there. If only the devs could be arsed to fix the issues that prevent me from just putting it behind a reverse proxy. If I could let people use it without exposing what is essentially an open door or forcing them to install a vpn, I would probably do that and slowly ween off Plex
This is a good illustration of the tradeoff of free software.
Jellyfin is core software, its mission is serving media, not providing auth or secure access. Those can be handled by other projects.
When you say “the devs can’t be arsed”, I think you’re misunderstanding that they won’t ever work on this, because that isnt the model.
The tradeoff with “free” (both in terms of free speech and free beer) is that work you need to do yourself to connect those pieces.
How are other projects going to handle using the Jellyfin app to log into Jellyfin? I don’t understand this. I see sentiments like this pretending Jellyfin is perfect like they don’t understand why people use Plex. I want to give my mom a URL that she can login to (or even better she gives me a code) after she downloads an app. What is the point of Jellyfin itself not handling this? It’s pointless. If I’m going to have a half baked server app, I might as well just use Kodi. They can be as stubborn as they want with this but people need these very basic things. I’d actually donate money to the project if they didn’t stubbornly REFUSE to do the main thing every Plex user wants. Other projects don’t need to do this. The Jellyfin developers need to. I first tried Jellyfin 6 years ago and this is STILL an issue and so I just stay on Plex because I’ve already got lifetime. I WANT to move to Jellyfin but I need to give normies access to my stuff and apparently that’s a wontfix for them?? I can host all this shit myself. I just need it all built in and for the apps to support it. I don’t think anyone is crazy to want this right?
What the hell.
This is self hosted and you’re screaming about not having an easy button.
As I mentioned, jellyfin is not an auth platform, nor a reverse proxy. And they will never be. Build your own, there are many products out there. Or hire someone, Christ.
Either way, quit bitching, put on your adult pants and either add auth to jellyfin, use Plex, or shut the fuck up.
Why are you being such a raging dickhead at this point?
Like you’re right, but you’re being a a massive jerk to someone who wasn’t even the same dude you were arguing with before. Calm down breh.
Nah.
It’s not about what I can do. It’s about me having a gigantic headache ever getting this access on a TV. Please tell me exactly how that works for my users? Once this system leaves your house and needs normies to use it, everything is a headache I can’t host the TV app on my server. It needs to integrate with this authentication. I know how to run a reverse proxy. I’m not a moron. I do it for all my other services. That’s not a valid solution when the app CAN’T LOGIN TO IT. Lol. I don’t think this is that complicated. You seem to be willfully ignorant of how people actually use these apps. Once we’re outside my house, Jellyfin is useless outside a web browser. Period. It’s too much hassle for my users and all the self hosting magic in the world doesn’t fix that.
You just give those people the name of the app your recommend (Jellyfin, Moonfin etc) and give them the URL and their username, then they create a password.
It’s not that difficult for most and if it is you help them once with it.
The problem with this imo is that having each individual user needing to login with a password every time is kind of just cancer. I don’t get why they can’t just password protect logging into my server and then each user doesn’t need a password every time. Now it’s been a while but my understanding is it’s still basically that way? No one wants to type in a password every time on a TV. That sucks. And if they’re in a multi user household, that’s even worse.
You can use your phone to login to Jellyfin these days and depending on the TV and app you can have a profile switcher. You can also make a passwordless account. Which would be fine if you used some other form of authentication.
Right but afaik there isn’t a way to do that other authentication in the TV apps. That’s where I’m stuck and why I haven’t bothered to set it up again. I was looking into this because of the Plex thing and it seems like it’s still a pain in the ass on TV apps. All the other authentication methods require a web browser if I’m not mistaken.
What’s the issue with using your phone logged into your account to authenticate on the TC?
I guess I’ll have to try it out again and see what it’s like. My main concern is my mom and sisters having a hard time using it. Plex is easy for them and I don’t want to make it more difficult because I’m getting fussy about Plex lol.
Well fair, you can install both at the same time. I installed Plex again earlier today and it was wat easier this time.
Lol, what an insane take. EVERY project that exposes an API is responsible for securing that. Its not rocket science, its server software 101.
Being free is not an excuse, especially when there are perfectly valid migration strategies, that don’t force them to abandon legacy clients.
Fans like you are the reason they get away with disregarding their basic responsibility
“Fans like you”?
Fuck off.
What an eloquent response
Plex doesn't have hardware transcoding unless you pay almost 800 euro
I, and I assume everyone on this forum who has one, paid around 50-100€ for their lifetime pass. My hardware encoding works great and doesn’t need me to tell it about each and ever codec in existence and how to handle each one.
The new price is insane, but that was not the topic of this thread.
You are right,. that is fair. You can also pay 230 euro currently for it.
As someone who picked up lifetime for like $45 or whatever it was (I think a 50% off sale?) what must have been 15 years ago…
I run jellyfin. Its just a better experience IMO.
I’m sorry but you can hate Plex and prefer jellyfin all you want, but you don’t have to lie. Nothing about jellyfin is a “better experience” than Plex.
What are some examples?
Don’t have to make an account, for starters. Gives you more detailed control of transcoding options, audio playback and whatnot.
The UI looks much worse, that much is true, but that’s not the end all be all of user experience.
Making an account is what allows the easy library sharing and remote streaming, something that Plex is significantly better than JellyFin at.
What transcoding options does it have that Plex doesn’t?
How is Plex significantly better than Jellyfin at those things? I can just create a user in 2 seconds on the admin dashboard for Jellyfin, set a temporary password and my friend can log in and change it to whatever they want.
I can even limit the streaming bitrate to the account if I need to avoid bandwidth issues.
They mentioned remote streaming which jellyfin doesn’t have a secure way to do by itself
No, but that’s easy to setup with Tailscale or a myriad of other solutions for free.
Which is not within the bounds they mentioned
Does Plex? Have they ever been security audited or are we just taking the word of closed source software because they make it easier? Like Microsoft who just got caught adding backdoors into billions of computers and (pick one) closed source software company who has had major security breaches in the last decade.
Plex remote streaming is secure by the very nature of how it does it…
Unless your user comes and logs in on your network, and only streams when they’re at your house, then you’ve just opened your server to the world.
Plex has bandwidth controls.
Tailscale and IP whitelisting are both viable options
No they’re not. No one is connecting their tv to Tailscale, especially not your parents or grand parents, and ip whitelisting is still dangerous and insecure on networks you don’t control.
Tailscale has native clients for all the major TV OS’. And I’m not whitelisting public networks for my friends’ convenience. If they’re traveling, they use tailscale with their mobile device or not at all. If you’re talking about IP spoofing that’s not a realistic vulnerability concern for a home media server.
At least I know the potential attack vectors for my Jellyfin server and can mitigate potential security concerns.
No it doesn’t lol. Only the extreme minority of people are using TVs that can even install apps.
Yet on plex there aren’t any lol. If you’re opening your server to the internet, and giving other people access, it’s not secure - especially via software like JellyFin where the devs even know and say it’s not secure.
It doesn’t cost $750.
…to stream your own media, hosted on your own server 😅
Neither does Plex.
No you are right, it is 800 euro.
No, plex has many price points, including a free one.
Jellyfin is easy to prove you are the owner off. While Plex has issues with that on systems like TrueNas when you don’t have full access to the server
Why are you having to prove you’re the owner of it exactly? What you’re describing is “user error”.
The whole claim token thing and no it was a know issue
A gentle reminder that Jellyin more or less requires you to set up a reverse proxy and a secure VPN to use it outside of your home.
Why would you not do that anyway?
Because if I’m watching locally I dont need them, and if I’m watching remotely Plex already offers secure remote viewing 'out of the box`. They give every user an SSL certificate and a public accessible URL at app.plex.tv. They also handle secure user authentication. The new price is stupid, but Jellyfin is not a 1:1 replacement.
The company’s blog post also described a number of improvements they plan to make
After you pay: “oops, we won’t”
As a lifetime owner, the number of features they’ve deprecated is probably the worst part.
It’s close between that and the last app overhaul that removed a bunch of functionality.
Watch Together isn’t removed, but it’s been deprecated and has stopped working on at least one platform (Chromecast).
Really shitty move to be removing/deprecating functionality and then asking for more money.
Fucks sake, when did that happen?
support.plex.tv/articles/watch-together/
February of 2025, looks like.
Thanks
they must be tired of running that company.
Is the whole world right now like me at the very end of a SimCity 3000 game, when it’s time to just turn on all the catastrophies?
Could they at least send the fun ones like Godzilla and aliens?
I do not think late stage capitalism was one of the endings, so I second the fun disasters.
Its so much less cool than that.
Business leaders have finally gotten the legal oversight landscape set up so the cash register is being monitored by a blind baby that was dropped on its head, so they’re all just lining up robbing the place.
The end-game plan seems to be to keep it up until things go all Mad Max, then hide in underground vaults until that blows over and start it again.
I know that whales exist, but seriously… Who is into self hosting but also into dropping $750 on a service that can end on a whim?
They dont want you to buy lifetime they want you to pay month to month.
I think it is safer to say they don’t prefer it. If they didn’t want you to buy it at all, they could discontinue the offering today.
Its like when a contractor quotes you a ridiculous price because they dont want to do the work. They assume you are going to say no, they dont want to do it. But if you say yes to their absurb price they are happy to take your money.
I used jellyfin but prefer plex and since I use it locally its free and better than jellyfin. If plex ever charges for local use hello jellyfin!
Wrong comment
Jellyfin is boring but Im not knocking it since it’s open source and could replace my plex in the future.
Do you never leave the house for any period of time where you might want to bring some of your media?
In short; do you never travel?
Plex charges for downloading your own media through your own local network onto your own local devices.
I’m not talking about remote streaming. I’m not talking about downloading media while you’re already out of the house. Nothing about local downloads to local devices should require Plex’s servers, so it should come at no cost to them, which makes it a pure cash grab.
So yes, Plex does charge for local use :)
There are only like 4 movies I want to watch when I’m away from home and they are stored on my laptop. I had plex setup for outside use but didnt use it that much and figured when I did I was only interested in 4 movies. Step brothers - The greatest beer run - the big Lebowski - master and commander! I get em straight from the source Im home at the time why would i use the download feature??
I’ve gotten my money’s worth out of the $74.99 I paid for Plex Pass Lifetime several years ago. If they ever get rid of my Plex Pass and try to say “Lifetime didn’t actually mean Lifetime”, I’ll be gone.
I like to think I got my money out of mine as well, even though I only used it for like a year or two before switching to jellyfin.
We’ve seen other companies pull this move by saying “lifetime” only applies to X version.
Except when I bought my lifetime it meant lifetime for the SERVICE, not the app...
Did it. I don’t remember it saying that. And I bought it around the same time as you since I paid the same price.
Sure, but that doesn’t mean Plex will do it.
While that’s true, it is in the standard VC playbook to make that move. Since they seem to be using that playbook, there will come a point in the monetization program where the lifetime membership becomes a blocker, which is overcome by diluting the lifetime account to increase the appeal of the subscription by comparison.
So, while nobody in here is named Nostradamus, it does not take a clairvoyance to see the future in this case. Countless other companies have followed this same program, with only minor variation, to extract revenue from the product like a strip mine. If I see 100 companies perform a 15-or-so step monetization spiral, it is not a leap of logic to think Plex is going to do steps 9-15 since we’ve just seen them do steps 1-8.
The lifetime membership will never be a blocked thanks to this price update.
I’ve never had a lifetime license be taken away other than the company going out of business.
No, they can’t just breach the contract you have with them, of course, but the VC playbook has a play for that.
What they will do is create a different service tier that does not include the same features as the standard or lifetime plans have. That tier will initially have some “value adds” that are of little interest to most users. Then, slowly, features will disappear from the other tiers, and a greater percentage of users will be drawn to that one because the “standard” one is increasingly lacking.
Eventually, Plex Standard will be quite anemic, with at least a couple must-have features available to only GigaPlex members. Because you’re a “valued lifetime customer”, you’ll get the option to convert your lifetime membership into 90-365 days of free GigaPlex.
So, Plex wins their game. The lifetime members practically all either switch to monthly premium service or leave, both of which are outcomes that are to their benefit. Nobody took away your lifetime membership, they just transformed it to garbage.
Its not every company, but it is every company owned by venture capital.
You can live in fear of your made up scenarios like this, but I’m just going to continue using Plex with my lifetime license.
I’m not afraid of the inevitable, man. We are having a conversation and I’m sharing my thoughts.
So basically, they just want to phase our the lifetime plan, but they know removing it outright would cause outrage so they “just” increase the price to massively lower interest and then say: “Well nobody wanted it so we removed the product”.
I swear to god plex and the profiteering sons of bitches behind it can go fuck themselves.
The make more off of FAAS then lifetime sub’s. More of their users are FAAS users them stream your own.
It’s good “fuck off” pricing.
Just out of interest as someone who has recently set up a Jellyfin server - what’s the main “value add” of using Plex compared to Jellyfin?
It seems to do everything I want, so I’m not sure why people would pay for Plex over the FOSS version.
Are you accessing your media from outside of your network?
I have heard that you need to set up a VPN for Jellyfin to securely use your media library remotely. Plex handles all of that for me so that I don’t need to deal with it.
I do not, and don’t plan to. Probably wouldn’t be that hard to set up though as someone familiar with nginx.
I guess Plex uses their own VPN under the hood then to make it more convenient?
Yep, and it generally has fewer sharp corners. Like last time I checked, in order to set up quick sync, you have to manually check each codec you want to offload to hardware. And if you select one that isn’t supported by your hardware, you find out when you try to play that. So it means carefully cross-referencing with the Wikipedia page for your quick sync version. Plex just has an enable hardware transcoding check box and it figures it out for you.
There’s also some features like smart playlists that I remember needing to set up plugins for whereas Plex supports it out of the box.
Of course ther are other things where jellyfin comes out ahead, like surround to stereo down mixing - I could never get the center channel (dialog) to be at a good volume when down mixed to stereo on my TV, but it just works and produces the correct volume in jellyfin.
But ultimately I think what causes all my users to prefer Plex is that the official app is polished and consistent across all platforms. The official jellyfin one looks like a programmer put it together with bootstrap components, and my favorite alternatives (like findroid) are in active development (I do donate on a reoccurring basis though in hopes that it reaches a level of polish matching Plex)
I don’t think transcoding is that difficult if you’ve already set up your own server. Like, that’s only a thing the admin would have to figure out and it’s a quick lookup.
I do agree with the client UI issue tho, and would like to add that the lack of a per-user watchlist is a pretty baffling decision given that it’s been widely requested for years and years and it would make it enormously more comfortable.
It’s not, and I didn’t say it was hard. Just that it’s a sharp corner that jellyfin should fix if they want to make it as one click as Plex is. It’s another part of the setup where you have to pay attention and get every check box right or it’ll not work as intended. I found it annoying to have to look it up and I’ve been in software for 15 years. I don’t doubt that any newb would find it frustrating. I remember seeing that it was planned to have hardware transcoding codec support auto detected but IDK if that has happened yet.
It’s especially annoying because jellyfin doesn’t just copy the support matrix into their docs, and the one on Wikipedia is by processor generation codename, so you have to look up your processor and get the codename, then reference the Wikipedia table and go down each codec and not make a mistake. Even though it’s “not hard” I still go back to that section because I second guess that I checked everything right thinking that I’ve caused some issues with a mistake. It’s additional cognitive load that isn’t worth defending if you want jellyfin to be good.
Wait, Jellyfin doesn’t have per user watch lists? Forget making it externally available to other people, this is something I need within my own household. I haven’t installed Jellyfin yet, but I had not anticipated this feature being absent. How do you work around it?
Roku app has a watchlist, but mostly I don’t bother to get around it or put it in a collection which is clunky as shit
I have a jellyfin server set up that you access like this:
my.servername/jellyfin
Username and password is all you need aside from that. Apps for most platforms or access in a web browser.
You should not expose a Jellyfin server to the open internet.
You should not expose a Jellyfin server to the open internet.You should not expose a Jellyfin server to the open internet if you don’t know what you’re doing.
FTFY
Please tell me, oh wise one, how do you fix the glaring security issues that are the reason even Jellyfin Stans admit that you should use a VPN?
Port forward, filter ips, take reasonable precautions on the trust of networks.
It’s not rocket science, as you mentioned in your other vitriol.
What? How is port forwarding adding anything to security? How does blocking IP ranges help prevent attacks on the unsecured backend?
I think you don’t understand the nature of the exploit.
Anybody who can see the Jellyfin login page can use the Jellyfin server’s permissions to play media directly from your media library.
Port forwarding doesn’t matter. Jellyfin hosts on port 80/443 which you have to allow for the service to function. Most clients are on dynamic IPs or CGNATs so unless you’re going to manually change the IP filter for every single user every few days, IP filters are not a reasonable solution.
‘Take reasonable precautions on the trust of networks’ doesn’t even make sense. Your Jellyfin server is either available to the Internet or not available to the Internet. If you choose not to trust the Internet (the actual mitigation) then you obtain access to your Jellyfin server through a VPN.
No, I understand the nature of the unencrypted transport. I understand that the credentials are exchanged unencrypted (although the passwd isnt in plaintext, even on jellyfin). I also understand what is on the trusted network, my kid’s subnet.
The mitigations are the following:
Correct, that’s the idea and that’s why the IP is filtered. When my kid’s IP changes, his PC posts a notice to me about it, and I change the the fw rule. This happens once a year on average.
Also correct, it is available to the internet, which from jellyfin’s point of view is one single /32.
There is a body of suggested action to take in the interest of security that is repeated here and in other self-hosted spaces, and what you’re saying is valid and sound advice. I want to acknowledge that I don’t take your comment as wrong, it’s very prudent for someone just getting into managing their own stuff.
However, security is my job, and I do take it seriously. And there are more ways than one to get it done.
I keep my data back ends on encrypted channels, backups on another, and I control very tightly what has access to everything else. The model I use is something like “zero trust”, where I assume the clients even on my own network are malicious. In that context, extending my lan to a single remote lan on a single port isn’t really much different than allowing an iot device I don’t trust on my actual lan; it sees no other hosts but a gateway and whatever my acls allow it to.
So in the end, what can a device do at large on the internet to my jellyfin “network”? Nothing. What can a pwned device do on my kid’s network with jellyfin? It can watch TV and movies, because the api calls from jellyfin clients to jellyfin front end are nondestructive.
I work in security as well.
If you only have a single user that accesses via a single static IP then it isn’t much of an issue to manually maintain an IP whitelist.
Allowing access to multiple users across many different networks, means that you’re going to have to deal with their IP changing frequently often multiple times per day. You’d have to be available full-time to update your whitelist if done manually.
If you’re going to run software on those machines to check for their public IP and report it to you (or a script you run) in order to update your firewall’s whitelist then you could just as easily (or, I’d argue, more easily) run a Tailscale client on their machine and only give them access to Jellyfin via Tailscale’s ACL.
I just mean that you can’t simply put Jellyfin behind a reverse proxy and alter some port forwarding rules to protect against the argument injection vulnerability, since it executes the ffmpeg command as the Jellyfin’s service account so it would have access to any file that that account could access (which should be limited to the container, but some people run it bare metal still).
Using a VPN is just easier to deal with, to me, than trying to allow any access from Internet IPs. The firewall can simply block everything from the Internet that isn’t VPN traffic. This is especially true if you control all of the devices that will be connecting to your network.
All of my traffic, even LAN traffic, is on one VPN or another. Everything is done ‘locally’ on the VPNs regardless of where the device is located.
I think we’re arguing two sides of the same coin.
Yeah, I’m not disagreeing with you either, just adding more to the conversation
You do know that there are security issues with that, right? For example, if someone can guess your media files they can watch them github.com/jellyfin/jellyfin/issues/5415
Some of those aren’t great, but I don’t consider any of them critical in terms of risk. I understand that others may feel differently.
Agree, I don’t consider most of them a risk, but I do like to bring this to the attention of people who are exposing Jellyfin to the web so they can make an informed decision.
Thanks for this. There is a lot of apologia in the FOSS community, and Jellyfin fans are some of the worst. I have 100% seen comments along the lines of “lol I’ve had my Jellyfin port forwarded for years and I’ve been fine” as if it’s a valid security audit. The unfortunate fact is that Jellyfin is not secure, and the devs have openly stated that they have no intention of ever fixing these vulnerabilities. Because fixing them would require completely divesting from the Emby fork that the entire project was originally built on.
Jellyfin should never be available externally. And that means anything incapable of running a VPN will be incapable of connecting.
Yup, but all that being said I still run Jellyfin and have no intention of switching to Plex. And while I would like to see them fix these issues, I understand (in part) why they won’t and I’m okay with my tail scale setup. Also the vast majority of issues are very minor, but the ability to watch any media without login is so major that I think it’s worth bringing up every time someone mentions exposing Jellyfin online.
.
The sad reality is that Jellyfin’s authentication system is insecure, and there are “anyone can view your content without a valid login” exploits that are not going to be patched. The only way to stop someone would be to include a secondary username+password on your reverse proxy, to prevent attackers from even reaching your Jellyfin login page. Because if you can reach Jellyfin’s login page, you can exploit it without logging in. But that would break basically everything except for web browsers, because none of the various apps have support for more than Jellyfin’s authentication.
I mean, that’s not great, but it’s also not very concerning to me. Like the risk of someone doing that, and the potential harm resulting seems minimal to me.
The problem is that every single person uses the Trash Guide to set up their system. And the guide includes instructions on how to set up your file names.
You’re correct that in isolation the risk is minimal. But nearly every setup is using the trash guide’s suggested naming scheme, which makes guessing it dead simple.
I’m not familiar with the trash guide. I set mine up with swizzin community edition.
Edit: either way though, what is the real risk? Someone streams your media without your permission?
I am outraged that someone would commit piracy on my pirated content!
Honestly, if someone is going through all that trouble then they’ve earned it… and it saves me the effort of needing to create them an account.
Ease of use, and actual secure and usable external access.
Friends/family make an account and tell you their account name or email address, you invite them to your library and that’s it, they can watch/listen to your media on pretty much any device they have. No vpn needed.
Jellyfin is not meant to be exposed to the internet for remote viewing. It also doesn’t have a client on most devices people use to watch tv/movies.
I’ve got a bunch of friends accessing my jellyfin server. It has clients for most devices now.
I didn’t say it’s not possible, I said it’s not secure and/or easy.
It’s definitely easy, and the secure part is debatable.
Doing it insecurely is easy.
The secure part isn’t debatable. Even the devs will tell you it’s not secure.
Secure isn’t a binary. Depending on your threat model, using Plex is impossible to use securely!
I was Osama bin Laden and I can confirm that this is true.
Huge disagree on the last part. Jellyfin has a bunch of Android, Roku, Google tv and PC clients. I struggle to think of a device me or my friends use that has a Plex client but not a Jellyfin one.
For me, the killer app for Plex is Plexamp, the music client. It's superb, and AFAIK Jellyfin doesn't really have an equivalent (there are 3P options, but they're lacking).
I didn’t try any of them because I additionally set up Navidrome to handle my music collection. But Fintunes, Jamfish and Finamp all look like great music players.
I have a navidrome server. Nothing, really nothing comes close to Plexamp and its features … sadly … but they all ain’t bad and got the basic stuff right
What features do you like? Not trying to convince you, I’m just curious.
Not the same person, but Plexamp uses plexs data / algorithms and had a way to create playlists and selected good songs. Hard to beat when not collecting data.
Sonic Analysis and the amount of radios like style or mood radio for example.
I quote Plex here just because I’m lazy:
“Your Plex Media Server can perform a “sonic analysis” of your local music files to catalog detailed characteristics about the actual music itself. That data can then be used in a variety of ways, allowing you to see sonically similar artists/albums/tracks, play a Track Radio, or even suggest specific mixes for you, based on what you’ve already listened to.
It’s a powerful tool, allowing you to explore your music library in Plex like never before!”
It works quite impressive for my library.
For me (Android) I have used these:
And Symfonium can do many sources and is the moat powerful.
Finamp is neat but couldnt do casting to my soundbar via google cast
Symfonium with Jellyfin all the way!
Realistically the only advantage of Plex is being able to watch it over the internet without a VPN. Which means it makes it easier to get friends and family access to your server or to access it yourself from random smart tvs outside your house.
If you only watch at home or have a fire stick that you take with you to watch abroad or your friends/family members have one and can setup a VPN on it it’s not needed.
Plexamp is just far superior for music. It doesn’t even come close sadly … since I only use it for my music collection I simply prefer Plex … but only because I got lifetime a long time ago for 60 bucks or something …
HDR, hardware transcoding, remote access.
My Jellyfin has all of these things.
Mine too. And I appreciates that.
Seems funny that they continue to increase the price as that value sharply declines with the limited life left in it.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
7 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #302 for this comm, first seen 20th May 2026, 01:50] [FAQ] [Full list] [Contact] [Source code]
Jellyfin has lots and lots of tutorials, fyi. it’s not as intimidating as it seems once you get going with it.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
My comment wasn’t for you then, it’s for people curious in an alternative but may be hesitant. Some people enjoy learning new things.
And it is ok to accept that Plex is getting worse and worse. Only reason why ppl use it these days is because they still have an old lifetime pass. As soon as they take it away or introduce a new tier of features or even removing features of it, they will swarming away from Plex.
And they will!
OC never said anything to do with your comment, you seem to be really offended by recommending an alternative to a tool that you use.
Jellyfin also „just works“. Getting it going is just as simple as plex.
Have you tried Jellyfin?
People who dont know a lot of tech stuff cant set it up to access while outside the house so i wouldnt say it “just works”
I have it running in parallel with Plex to keep an eye on its progress. There is a lot of things that do not just work. Hardware Encoding for example, or safe remote access
This is the most hilarious lie I think I’ve seen in a while from open source on here. To be clear I use it as my daily driver, I switched off Plex a long time ago when I saw the writing on the wall.
But I still have issues with media matching to this day, issues where subtitles on certain devices just refuse to display no matter what you do. And the server still loves to randomly take up absolutely massive amounts of memory for seemingly no reason whatsoever I ended up making a strip to just forcibly kill it and restart it every 12 hours to prevent it from eating the entire system’s memory.
And no my file naming is not the media issue everything I do is properly named exactly as jelly fin documentation says it wants by sonarr. Not to mention you are expected to maintain a VPN system just for accessing your media away from home as the web interface is so hilariously unsecured as to be a constant source of major system vulnerability.
It’s usable, but it’s not as just works as Plex I have thousands of TV shows, anime, and movies as in thousands of each of those categories and Plex never once failed to match to the correct media, never had a problem just playing subtitles on any client, and I think only ever had one major issue with the web interface in terms of security? There’s been lots of minor ones that would give people essentially just access to Plex but not the underlying system
I’ll admit I haven’t really looked into it, but how is the Jellyfin web interface insecure? I don’t currently, but in the past I’ve used ssh reverse port forwarding to my VPS and then used an Apache proxy and letsencrypt for ssl on a subdomain. Maybe I was just lucky, but I never had any problems.
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
Personally I am not a fan of the language they chose, and I think it directly leads to a lot of these problems but that’s just like my opinion man.
The server itself also has tons of issues like the constant memory leaks that cause it to eat up endless amounts of memory that they don’t seem interested in fixing and basically once again push it to the users to deal with and a bunch of the boot lickers are like yeah you just need to put it in a Docker and limit its maximum memory as if that’s just normal and expected to need to do
Ah, yeah, guess I never realized it’s a .NET program. Never understood why an open source dev would choose .NET, but what can you do.
Also despise Docker (especially the modern over-reliance on it), but that always gets me into trouble when I admit that publicly.
I am right there with you on the docker hate I get the idea but the docker system itself is a huge problem. The amount of people that do not realize it completely bypasses system firewalls is very sad and unfortunate and leaves a lot of people vulnerable.
I personally try to use lxc containers that I set up myself for containerizing services and install them natively within the container
So they had an RCE that got fixed therefore the software is bad and insecure. Therefore every OS and basically any enterprise software that was ever used is insecure.
Got it.
That would be the case, however the devs official stance is it’s unsafe and should not be used other than over vpn. So they also agree
But for complete other reasons than RCEs or similar.
As an FOSS project that inherited lots of shitty code this is basically the best thing they could do.
Not sure why, but you get specific about once RCE but not about other problems and keep vague about them. Is it the lack of understanding or disingenuousness?
Once? No jellyfin has had about 4 major RCE issues since the fork. At least 4 that I’m aware of. Blaming it on the previous code only makes sense if the split is recent. They have had time to completely rewrite if they really want.
I’d like to see plex die entirely, but I know too many less technical people that use it . They are not going to set up a VPN , end of story end of discussion. And I’m not going to tell them to use jellyfin when it will likely continue to have major security issues and could compromise their systems. I have no doubt that Plex leadership is fully aware of this, they know that even with them pushing more subscriptions and higher costs they are going to continue to have users because the alternatives are just not able to keep up and are not viable for the average person just the technical users which they would have lost to alternatives regardless
It absolutely makes sense, otherwise they would have had to throw everything away.
The EFcore refacotring was like 6 years in the making.
And all that from just a few single ppl. Look at the ckntributer list, and how many contribution. Not many active devs are working on jellyfin on their free time. The problems that jellyfin has, is not from a lack of trying but a from a lack of finger and arms.
And you need to take it like it is.
Ok? I will take it like it is. Jellyfin is a flawed product not currently suitable to replace Plex for the average person and is only particularly usable by technically inclined users capable of protecting themselves through VPN or other means. As well as dealing with things like failed matched media and memory leaks that are frequent.
That is how it is, and that’s how I’ve been taking it from the start.
No, not really. But what should i expect from someone who states as an ‘objective opinion’ “I do not like the programming language so the project is bad”
If i had to guess, since you are jumping on the memory leaks, you got an issue, reported it and did not get treatet like they fix it with a priority.
You keep jumping on “They had an RCE so the security must be completely broken”
Actually, i mentioned the memory leaks as it’s been a consistent issue for years now. Again normal people cant and won’t setup special containers with memory limits as a crappy work around.
You may not like that i don’t blindly glaze jellyfin because it’s open source. However I’m just being realistic about what it needs to actually be a viable replacement for plex for the masses.
It needs to be able to match media properly, it still struggles with this even when you go out of your way to make sure the media is named in the exact manner the documentation dictates. It needs to be able to be used remotely simply through the web, having to set up a VPN is not a viable approach, it needs to be able to function long-term without eating up all the system’s memory and requiring regular restarts to prevent it from going out of control. Subtitles need to work on all clients, as it stands right now Roku subtitles are non-functional like 80% of the time no matter what you do, some TV browsers struggle with it as well.
I am sorry that that upsets you, but it is the reality and it is the reason the projects like these tend to mostly be used by the technically inclined. Including myself, I was able to put it in an unprivileged secured lxc container, so that I could use it through the web and set memory limits, but most people cannot and will not do that. I would prefer to see it be successful and be able to tell everyone never touch Plex again, but I know that telling people it’s ready to go while it has a myriad of basic issues is not helpful.
And the memory leaks get closed one after another? Dont they? Just because there are still issues does not mean it gets improved upon.
Media matching is no issue if you follow the naming sheme.
I am not upset at all, not sure why you think that.
Jellyfin will and connot be the replacement you wish it to be. Exposing something to the Internet is not a solution for the normal person. Heartbeat, Log4shell etc. etc. all of those are the reason why, not necessarily the service you are hosting by itself.
Especially in an age where tailscale is available to install on every major smart TV or other devices i do not get why you even want to recommend ppl to expose it.
Plex doesn’t “just work” I have lost access to my install more time than I can coun’t due to their weird prove you are the owner system.
I install Jellyfin using docker, go to the web address, make the credentials for it and I am up and running.
For Plex you need to do that whole gain ownership song and dance which is a pain if you don’t have full console and file access like on TrueNas.
I got this on Black Friday many years ago for ~70 and despite the pass I am slowly moving over to Jellyfin. I really don’t see how they came up with this valuation, seems like a last money squeeze before abandoning ship.
They don’t want lifetime licenses to sell, they want monthly subscriptions from everyone.
Everything changed when they signed that A24 deal, and its not even the good movies, its the shitty also-rans. They want revenue now.
I wish them luck, but it seems despite all the data collection they failed to understand who their customers are. Idgaf about their content, I block and remove it where I can. Instead now we have content that will not convince anyone to cancel their Netflix or HBO to move to them and I have a home server that barely runs anymore because the software is so bloated.
I “defend” plex against silly complaints, but jesus christ that is one giant leap for no gain. That’s stupid, no one will pay that - though I tend to think that’s the whole point.
Never used Plex. Jellyfin has always met my needs, so I never bothered to try it.
Plex has been around quite a while longer than JF. Before JF, the only way to really have a “self-hosted Netflix” was with Plex, so there are a lot of us who built our long-standing media setups around that.
That said, I have a JF instance running and matched almost 1:1 with Plex specifically for this situation, so I’m going to start pivoting everyone to that as I wind Plex down.
There’s a great project called WatchState that allows you to sync show progress between JF and Plex. Highly recommend it for while you’re switching over.
Meh, I’ve used dlna with PS2 over 20 years ago. Not exactly the same, but for my needs essentially the same.
That’s an interesting method. I actually have a PS2 myself, running PSBBN. Maybe I’ll try that out.
Isn’t that 300%
With the original price as $250, a 100% increase would be adding the entire value to itself once (i.e doubling) taking us to $500.
A 200% increase is adding the $250 to the original two times for a total of $750.
So calling it a “200% increase” is correct.
It is true to say that “$750 is 300% of $250” or that “The price has tripled” - both correct, but the increase is only 200% because increase doesn’t include the original as part of the value.
This makes perfect sense, thank you
Fine. Forget about it.
TBH—and I’m not a native English speaker—I think it’s a bit ambiguously phrased. “Increase by 200%” would be more clear.
the thing I hate the most about news like this is all the jellies screaming out “I iNsTaLlEd JeLlYfIn BeCaUsE i KnEw ThIs WoUlD hApPeN!”
we get it. you sniff your own farts.
Just to say: MythTv is still a thing…
Ahh, memories. The start of my Linux journey nearly 20 years ago
Enshittification in action.
enshitification isnt price hike all their “fonctionality” nobody were asking for are
Jellyfin isn’t great, but it sure doesn’t have this problem.
there are a lot of us still on Plex that hadn’t reached the threshold of issues vs effort that would motivate us to migrate to something like jellyfin.
looks like we’ve arrived.
I already have a lifetime Plex pass so this isn’t an issue for me. 6 months from now when Plex decides my lifetime pass has a new expiry, then I’ll be motivated.
this exactly. I got a lifetime pass in the before times (pre-pandemic) back when they were $100 bucks ish, but I know it’s only a matter of time before they come for us grandfathered-in fools.
I have the lifetime pass, bought it for like $80 many moons ago.
Agreed, this is the tipping point. This is where we will see Plex start to abandon the lifetime pass in favor of “imaginary money line go up forever” subscriptions.
Why not run both? That’s what I do, then if Plex is an issue for someone I can make them a Jellyfin account
I haven’t. I bought lifetime Plex Pass something like 15 years ago. A price change doesn’t effect me. It’s all their shitty updates and removing of features that makes me keep an eye on Jellyfin. I already have a sync setup for my watch status and a couple of my main users. Jellyfins apps are still worse.
I wish jellyfin and the apps could ship with something like wireguard setup by default so people that use the jellyfin apps could instantly watch media outside their house without learning what wireguard/tailscale is
The fact that’s needed at all is the problem. Developers need to stop making monolithic structures that have access to everything ever and putting it on the user to maintain to maintain a VPN network for security.
There’s no reason I should not be able to just use an nginx reverse proxy for remote access to my jellyfin and have that be safe. It should at worst give people a copy of my media if there’s a security issue.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but I got there. The host System is using the hardened kernel from Upstream and a series of sysctl lockdowns for example P Trace is not allowed even if you are the root user.
So I do indeed just nginx reverse proxy my instant because the worst case scenario even if they got complete shell access to the system they would be locked into an unprivileged container that had no access to any files other than my media files but the fact that I have to go to this level is already ridiculous
that’s not the worst possibility. the worst possibility is an RCE into your server.
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
that’s not the worst possibility. the worst possibility is an RCE into your server.
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
I am aware that an rce is the worst possibility I’m saying it shouldn’t be. The web portion is already its own isolated binary that you have to install but it’s designed with seemingly very little attention to security.
To the point that jellyfin has already had several major RCE and despite having full support for running over the web with http developers are basically just like you should not be using this without a VPN which is overall a pretty pathetic stance for a media server
Recently nginx had an RCE, so if your web server interface has an RCE, it doesn’t matter if jellyfin code is top-notch, if you happen to use a proxy with RCE in front of it. Wireguard has never had an RCE and I’m relatively certain it never will, because I believe you must be in possession of some keys to go very deep in the wireguard code, which in itself is not very large piece of code.
But yes, in principle I agree that we should code securely instead of depending on VPN to solve it for us, unfortunately it’s not the reality today. Memory safe programming languages help, but don’t completely protect against logic errors. VPN is general is pretty good for defence-in-depth.
The nginx rce relied an a series of requirements that affect almost nobody. You had to be using a very specific module and processing a specific type of data reverse proxy was not affected.
But regardless I get your point that anything can have an RCE. However as you say at the end in principle that does not mean you should just give up and expect external projects to handle your security. VPN is a great way to access your services and it is good defense and depth, but for the sake of being a successful project to the masses? It’s basically a dead end Road
My old kodi setup just works, year after year, and will work 10 years from now too…
Probably going to get hate for this. But I have easily gotten 750 dollars worth of value out of my lifetime subscription. I’m sure they are doing this to drive down lifetime subscriptions and increase month to month. But I legit think 750 over 20 years it’s still a legit price.
About $3/mo. But for a lifetime deal you’re also buying the risk. If they go bankrupt, stop honoring the lifetime deal, or any variation thereof tomorrow, you’re out $750 - lifetime deals, where they exist are often heavily discounted compared to normal rates due to this. 20 years is though quite a long time. Plex is only 16 years old.
In a perfect world a company would limit the amount of lifetime deals available and only have them in the beginning to get some quick cash allowing them to scale. I don’t think Plex is running a very good business, which also devalues the lifetime deal.
It;'s probably about 800 euro, but that is still 800 euro more than Emby/Kodi/Jellyfin or whatever other altnerative. I had a lot of issues with Plex due to them requiring that proof of ownership thing which didn’t really work on TrueNas core I think it was?
Jellyfin is way easier imo
Jellyfin