this post was submitted on 13 Jul 2023
25 points (100.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54424 readers
334 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

I am setting up my first jellyfin server via docker, and I am offered the option to either use TMDB or OMDB. I have jellyfin on a LAN-connected device w/o VPN connection, and I am concerned queries to those DBs with file names of torrented files can get tracked and reported to my ISP. Could that be the case? And if so what to do about it? Are there more privacy-preserving metadata services than others?

top 11 comments
sorted by: hot top controversial new old
[–] saduser@lemmy.dbzer0.com 8 points 1 year ago

I'm currently using the default metadata downloaders including some made for Anime and I never had any problem with them. Maybe consider that most network traffic with these sites is encrypted. As long as you are not using the default DNS servers provided by your ISP and using DNS over TLS or HTTPS the ISP does not have a high chance of knowing what you are sending to these API's

[–] brownmustardminion@lemmy.ml 7 points 1 year ago (1 children)

Another alternative is run Jellyfin and all of your *arr apps as docker containers and run them through a docker container called gluetun. Essentially this will route all incoming traffic (tvdb, torrents, etc) through a vpn and all outgoing (sonarr, Jellyfin, etc web gui) can be accessed locally.

[–] trivial99@lemmy.ml 4 points 1 year ago (1 children)

I didn't know about this, this sounds great! My question then is, can I still access jellyfin on LAN after it connects to the internet via the VPN?

[–] theRealBassist@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Yes. You have to mount a port on the Gluetun container instead of the jellyfin container. As an extreme example, here is my docker-compose for my *arr apps and qbit torrent behind gluetun with traefik as a reverse proxy. I have sanitized this to remove any private info, and as such one or two necessar lines from Gluetun are missing. Do not try to copy/paste this.

gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
      
[–] tiwenty@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

Firstly connections to those API should be encrypted, so parameters such as the filename shouldn't be visible by a MitM. Also, as someone else pointed, you could rename the file beforehand to something neutral.

[–] JelloBrains@kbin.social 4 points 1 year ago

I have been renaming files with filebot and then scraping the nfos, images, and posters with MediaElch for years and never had a problem.

[–] TrenchcoatFullofBats@belfry.rip 3 points 1 year ago (1 children)

First, change your DNS servers to something like Quad 9 so your ISP can't track you that way. Then maybe consider switching to usenet, which is more secure in that you're downloading from a server (or servers) over an encrypted connection instead of via torrent, where you're both uploading (distributing) and downloading, and your IP address is available to anyone else downloading.

With usenet, all copyright-holders can really do is issue a takedown request to the indexer or host, neither of which is you.

[–] tiwenty@lemmy.world 1 points 1 year ago (1 children)

His problem isn't the part where he downloads parts. Jellyfin queries 3rd party metadata providers, such as TMDB. What he's concerned with is JF sending the filename to TMDB and getting spied on by the ISP.

[–] TrenchcoatFullofBats@belfry.rip 2 points 1 year ago (1 children)

I know. But it's not illegal to look up stuff from TMDB. It only becomes a problem if the copyright holder already has your IP address, knows what you've downloaded, and also subpoenas a list of addresses you've visited, which could provide them with additional evidence that you did in fact download their IP in a court case against you.

"See, Judge? He downloaded Shrek 12: The Enshrekening AND he also downloaded movie posters and a plot synopsis from TMDB for this same movie, which proves that he was in possession of our property."

If they don't already have evidence that you've "stolen" from them, a TMDB query won't be evidence of anything useful.

It's pretty easy to get flagged for illegal downloads with torrents, but almost impossible to do the same with usenet downloads.

[–] operator@kbin.social 1 points 1 year ago

How does the usenet work exactly?

[–] Swimmerman96@beehaw.org 2 points 1 year ago

Based on a quick glance of the API documentation it looks like TMDM/OMDB doesn't receive your filenames, they use unique IDs assigned to their shows and potentially searches based on titles/episode numbers that Jellyfin is already aware of.
Even if Jellyfin used the filename to search OMDB/TMDB, the headers, body, and the path of the URL (api.themoviedb.org/) are all encrypted by the TLS connection so would not be visible to your ISP.

load more comments
view more: next ›