Robby Pedrica's Tech Blog

Plex Discover: a lesson in privacy

by

Robby Pedrica
in , ,

Audio Transcript

It’s a common refrain: my data isn’t important so I don’t need to protect it, I’m unimportant so my information doesn’t matter …

There’s recently been some horror stories of overly ‘ambitious’ policing of internet-related activities. Like the father who sent pictures of his son with a developing issue to their doctor for diagnosis – but these pictures were flagged by Google as CSAM (child sexual abuse material) and they sent the father’s details on to police for investigation. Notwithstanding the fact that the police cleared the father, he has lost access to all his Google services including access to other online accounts that used his gmail email address for verification.

The recent Plex Discover watchlist sharing fiasco is another lesson in why privacy matters to everyone. Let’s dive into what Plex Discover is, what Plex did wrong and why it matters.

Plex is a media server and service offering a 1-stop shop for streaming and local media access. And like many other social media services, Plex wants to get in on the data collection sharing and monetization arena. Their tool of choice is Discover Together, which allows Plex users to share their watch histories, watch lists, and ratings of recently watched TV shows and movies with their Plex friends.

Anyone see the issue yet?

Your Plex profile can automatically track what you’ve watched from Plex’s own catalog of streaming videos, as well as videos you’ve streamed from a personal Plex server—including your own, or someone else’s.

When Plex rolled out the Discover Together feature to its general user base last month, it served up a series of onboarding screens that included privacy controls, which are initially set to “private.” But your privacy settings will be changed to “Friends Only” for your watch history, watch list, and ratings, and “Friends of Friends” for your friends list, unless you manually change those settings back to “Private” before clicking the Finish button during the Discover Together onboarding process. 

Sneaky much? So while initially saying the feature is private, Plex then changes it after the fact.

Plex users also didn’t realize that anyone with whom they’d shared their personal Plex libraries were automatically added to their Plex friends list—meaning, in some cases, that near-perfect strangers were getting weekly email digests of their viewing histories.

Affected users became aware of the issue only after Plex sent out activity emails, and realised they may have clicked through the privacy settings without understanding the implications of some of the settings. To be clear here, Plex opted users IN to the service automatically rather than set it opt-out by default.

In another episode of “what could possibly go wrong”? … Plex shows us that absent any action on your part, your personal information can be shared with others to your detriment. This incident is not perhaps the worst that could happen, but it’s still an example of how your information is more important than you think and how that information can be compromised in ways that are more far-reaching than you might think.

There are a whole raft of privacy aspects that need careful consideration including:

  1. Identity Theft: Cybercriminals often attempt to steal personal information, such as usernames, passwords, and financial details, to commit identity theft. By securing your online accounts and practicing good password hygiene, you can reduce the risk of unauthorized access to your personal information.
  2. Financial Security: Many people conduct financial transactions online, such as online banking, shopping, and investment activities. Without proper security measures, your financial information can be vulnerable to theft, leading to unauthorized transactions and financial losses.
  3. Privacy Protection: Personal security helps safeguard your privacy by preventing unauthorized access to your personal data. Protecting your online identity ensures that your sensitive information, such as personal messages, photos, and browsing history, remains private and is not misused.
  4. Data Breaches: Large-scale data breaches have become increasingly common, where cybercriminals gain unauthorized access to databases containing user information. Personal security practices, such as using unique passwords and enabling two-factor authentication, can minimize the impact of such breaches on your accounts.
  5. Protecting Personal Devices: With the proliferation of smartphones, tablets, and other connected devices, personal security is essential to protect these devices from malware, viruses, and other malicious software that could compromise your data or even turn your device into a tool for cyber attacks.
  6. Safeguarding Personal Reputation: Online activities can have a significant impact on your personal and professional reputation. Ensuring that your online presence is secure helps prevent unauthorized access, manipulation, or misuse of your accounts, protecting your reputation from potential harm.
  7. Staying Safe from Scams: The internet is rife with scams and phishing attempts designed to trick users into providing sensitive information. Being aware of these threats and practicing good security habits can help you avoid falling victim to scams.

So when next you think that you and your data are unimportant, think beyond initial concerns to a wider net of considerations that could potentially impact you in ways you’d never think of. Privacy is important. For everyone.

x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security