Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
I’m also an absolute dumbfuck. And I can confidently tell you, as a matter of fact, that I don’t know.
I’m running SWAG reverse proxy, my DNS is not tunneled, I share my Jellyfin with others outside my network.
My primary concern is my server gets hacked, or I get charged with distributing ‘public domain movies’
Hacking, even on an insecure system, would be illegal. Any copyright troll trying to sue a single user for having a private jellyfin instance which they hacked to find out about would probably have a hard time actually making a case.
“Yeah, this one guy was distributing films to himself and a few friends. I know because I hacked him” doesn’t seem like a good case.
Nothing about this is hacking. They’re not defeating any authentication mechanism to scan your system. That’s the whole problem here. Nothing illegal about running a crawler/scanner service.
The fact that you have their content publicly accessible is not a “bad case” at all. Open FTP sites were sued plenty. It may be a bit harder to prove distribution intentions… but wouldn’t be hard to make a case that you violated copyright for the content they could enumerate.
It’s not publicly accessible, though. An account is clearly needed.
No… that’s the point of this thread. There is no requirement to login in order to manually access endpoints. Up to and including pulling video data.