Search the Community

Hello, I have question about privacy matter...strangely, I cant find any relevant topic on this so I ask here. I would like to know how seriously developers of MB taking the end user privacy. Are all of my data which I import into MB private and will stay that way? Or MB sending some "statistic" data back to devs? I understand that for functions like downloading info(picture, text, trailers etc) about movie MB will need to connect to some public services like tvdb,imdb etc. and ask for data and thats ok. Whats bothering me most is combo paypal+supporter key which can be very dangerous to privacy of end users as its very tightly binds real world end user to his own MB installation. My concerns are based on current situations. Who would have expected a few years ago that today there will be a massive presure on end user in form of letters from their own ISPs, proceedings, massive snooping on end users activities etc. Thats one of the reason I stop using services like last.fm, tract.tv for example, because how long it takes to bad guys to realize, that on those service they have the end users literally on the plate. So back to MB. I have few suggestion on improvements for end user privacy: -would be nice to have some statement, about end user privacy in program description and on home page of MB. -function for disabling MB communication(downloading new data, checking new updates-messages) - button on front page next to shutdown button? -feature showing actual network connections(created by MB), special log file for connections to outside world I understand that for folks with 10 DVDs and music cds is this not relevant, but I thing(base on reading through this forum) that MB have lot of users which have bigger collections... And yes you can call me paranoid.

Is anyone familiar with exactly what information AppleTV and Roku are collecting while using the Emby apps? Are they collecting information about watched media or more broadly just that the app is being used? Maybe somewhere in between (Bitrates, ect.)? Actually more concerned about Roku and than Apple. The Roku general privacy policy (read both of them) is extremely broad while Apple actually is more specific about what is collected and what is done with collected information. The issue is that nothing in either policy refers or references information collected from the usage of individual apps on each platform.

Good Day, As I was reading through the code of the media server, I found the following privacy and security issues: Unique device ids + user account names sent to mb3admin.com. Each device is generating a unique device id, which is then sent to mb3admin.com. This does also include the server's unique key and the user's username. This allows per user and per device tracking including public ip adresses. I understand that this is used to verify premiere licenses. But please proxy these requests through your local emby server - or even better - check those licenses locally. If you want to say that this is then easily crackable, please read until the end. "GET /admin/service/registration/validateDevice?serverId=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&deviceId=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY&embyUserName=XXXXXX&deviceName=Chrome&appName=Emby%20Mobile&appVersion=3.2.26.0 HTTP/1.1" 200 31 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Removing mobile app statistics collection or implementing an opt-in/out feature Please read ebr's answer to this point. Currently the Android mobile app sends statistics to mb3admin.com, whereas there is no notice to the user that data is sent nor is there an opt-in/out setting. This is definitivly violating the user's privacy. Please create a setting to opt-in to send statistics. opt-out would also be ok if you inform the user before sending any data. And again, this leaks the user's public ip adress "GET /admin/service/statistics/appAccess HTTP/1.1" 200 0 Emby server "registers" with Emby connect using the server's unique key Please only register with emby connect when there are actual users with an emby premiere email attached. This also leaks the server's unique key and enables tracking. Info HttpClient: HttpClientManager POST: https://connect.emby.media/service/Servers?id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Info HttpClient: HttpClientManager GET: https://connect.emby.media/service/ServerAuthorizations?serverId=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Adding HTTPS certificate validation Currently, the Emby-Server does not even bother to check the validity of the mb3admin.com-certificate. With that said, it is very easy to redirect victims to a malicious proxy, which then sends malware packaged in plugin updates. There is no validation of these plugins. The Android-App asks me in this case to trust the new emby server? What the hell? Some words about product piracy As I already mentioned, you want people to support this product. This is absolutely fine! The only problem is your style of enforcing the restrictions. I understand that you don't want people to sell emby premiere to thousands of users, and thus need to check whether this is the case. But you can also do this locally, as both systems are easy(!) to crack. People who want to support this software will buy it either, because it is freakin' awesome! And there will always be black-hats cracking it in 5 minutes. Please focus on privacy, not on tracking the hell out of people. Thanks. Stephan

Hey Folks, Little Question: Is it possible to disable the logging of IP Address on the server? I have a few mates using it and i kind of feel a bit bad because i get their IP Addresses everytime they login. So is there any possibility to disable this? or could you kindly point me in the right direction to remove it in the code? I even tried to do a reverse proxy in front of the reverse proxy of my emby server to disgintuish the users ip, but it still gets it. So if you have any advice, i would be happy Greetings

Hello I have been searching for several hours on how to disable the remote access and possibly make it more secure so no one else outside my network can see my files I read this topic "Disable Remote Access?" and many other topics - being newbie I have no idea how to disable it when I go to My_IP_ADDRESS:8096 from other internet networks, it brings up a page that has my profile, can someone please make a step by step instruction on how to disable the remote so no one outside the network can access / know about me running this server? thank you