Logon page phoning home (mb3admin), why ?

[NomadCF 15]

Why does emby need to phone home about every user and device (from the end users devices) at the sign in screen.

 

Every users device is calling: "https://mb3admin.com/admin/service/registration/validateDevice?serverId=REMOVED&deviceId=REMOVED&deviceName=Chrome&appName=Emby%20Mobile&appVersion=4.0.0.2&viewOnly=true"

 

With a return page (json) of: {"cacheExpirationDays":7,"resultCode":"GOOD","message":"Device Grandfathered"}

 

I though usage tracking was removed with 4.0 ? 

 

[Luke 37062]

It was removed, but it's a Premiere check on the server for the themes feature and Get Emby Premiere button in the header. We should be able to clean this up though and defer it to later. Thanks.

[NomadCF 15]

It was removed, but it's a Premiere check on the server for the themes feature and Get Emby Premiere button in the header. We should be able to clean this up though and defer it to later. Thanks.

 

Why does this need to happen at all on the clients side. Again this is happening from the clients device and not from the server. Every client connected to a emby server is reporting back to mb3admin about the server it's connecting to, the clients device ID along with the server version, client IP, etc. This is still usage tracking. It may not be what users are watching. But you are clearly still tracking what,when and how every user is being connected to every emby server.

 

If it is a premier check, that check should be between the user client and the server. If it's a paid app VS a free server. Then the client should be connecting to the mb3admin on it's own. But not this is the case. The emby login page is telling client to make this call.   

Edited January 17, 2019 by NomadCF

[Luke 37062]

It is simply checking the registration status of particular features, and yes this can be improved in future updates.

 

By the way, I'm curious, if I recall you previously had issues where an internet outage caused severe slowdowns with your server. Has this improved now? I spent a fair amount of time looking at this. Thanks.

[NomadCF 15]

My response was deleted, But I did respond.

 

Also if this is true  and "It is simply checking the registration status of particular features" why are you collecting extra data about how our users and how they are connecting to us ?

 

I mean they connected to use using 

https://mb3admin.com/admin/service/registration/validateDevice?deviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1&deviceName=Chrome&appName=Emby%20Mobile&appVersion=4.0.0.2&viewOnly=true

In this case the device ID 

TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1 

which is just a base64 decodes into 

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36|15477632076655 

Isn't the validation just between between the server and emby servers, why are you involving our users ?  

What happens if they can't reach mb3admin.com ?

Answer They get the get emby premier banner !

How is this GDPR complaint, since you are tracking both a users IP and usernames ? 

[NomadCF 15]

It is simply checking the registration status of particular features, and yes this can be improved in future updates.

 

By the way, I'm curious, if I recall you previously had issues where an internet outage caused severe slowdowns with your server. Has this improved now? I spent a fair amount of time looking at this. Thanks.

 

Just to check for a total of 30 min I blocked both the server and the all local clients from accessing mb3admin.com and with in that time. EVERY USER started to get the "Get Premier" banner. And the admin console started reporting that key was no longer premier status (Well stopped reporting that it was a premier key). So I guess really nothing has changed. If anything It's gotten worse.

[Spaceboy 2493]

My response was deleted, But I did respond.

 

Also if this is true and "It is simply checking the registration status of particular features" why are you collecting extra data about how our users and how they are connecting to us ?

 

I mean they connected to use using

https://mb3admin.com/admin/service/registration/validateDevice?deviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1&deviceName=Chrome&appName=Emby%20Mobile&appVersion=4.0.0.2&viewOnly=true

In this case the device ID

TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1

which is just a base64 decodes into

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36|15477632076655

Isn't the validation just between between the server and emby servers, why are you involving our users ?

What happens if they can't reach mb3admin.com ?

Answer They get the get emby premier banner !

How is this GDPR complaint, since you are tracking both a users IP and usernames ?

an answer is definitely required here, specifically the last point

[ebr 14912]

 

My response was deleted, But I did respond.

 

Also if this is true  and "It is simply checking the registration status of particular features" why are you collecting extra data about how our users and how they are connecting to us ?

 

I mean they connected to use using 

https://mb3admin.com/admin/service/registration/validateDevice?deviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1&deviceName=Chrome&appName=Emby%20Mobile&appVersion=4.0.0.2&viewOnly=true

In this case the device ID 

TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzcxLjAuMzU3OC45OCBTYWZhcmkvNTM3LjM2fDE1NDc3NjMyMDc2NjU1 

which is just a base64 decodes into 

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36|15477632076655 

Isn't the validation just between between the server and emby servers, why are you involving our users ?  

What happens if they can't reach mb3admin.com ?

Answer They get the get emby premier banner !

How is this GDPR complaint, since you are tracking both a users IP and usernames ? 

 

 

So that one day we can potentially have an interface you can see from your server showing these devices and do so in a way that is human understandable.  Some of that information is also just legacy and not used for anything anymore so we can probably look at removing it.

 

However, the user name you are seeing there is the name you created on your local server.  It doesn't tie back to anything personally identifiable and it is under your control.  Again, we store it so that we may be able to show you a list of devices and who last used each one.  We haven't done that yet for security and privacy reasons.

[CBers 6771]

Why are clients/apps contacting the admin website?

 

Surely they should just contact the Emby server for Premier validation?

 

The client/app could connect to multiple servers, so Premier status may be different per server.

 

If a server has Premier, then all clients/app that connect to it are Premier.

 

Device limits are so confusing, they need to be made much, much simpler, or removed all together.

[ebr 14912]

Why are clients/apps contacting the admin website?

 

Surely they should just contact the Emby server for Premier validation?

 

The client/app could connect to multiple servers, so Premier status may be different per server.

 

If a server has Premier, then all clients/app that connect to it are Premier.

 

Device limits are so confusing, they need to be made much, much simpler, or removed all together.

 

We've been over this a lot...

 

Can you please tell me what questions the following document, still doesn't answer?

 

Thanks.

 

Is there a limit to Premiere?

[CBers 6771]

It's just too complicated.

You say "In our experience over a number of years, this standard license is sufficient for 95%+ of our users.", so why not just change the Device Limit methodology and allow the client/app contact the server and have the server manage it all in the background, thereby not having clients/apps having to communicate with the MB3Admin site, which was the OP's question?

If you set a hard limit of all devices connecting to an Emby server to a decent limit (25?), then drop them off the list if no access after 7/14/28 days, then it'll make sense for everyone.

If Emby server Admins require more than the default Device Limit (25?), then they would need to manage his devices correctly, or if he needs more than the default Device Limit, then he would need to get in touch with yourselves and request a different level, which you already provide.

It would stop 99% of these repeated questions about device limits and clients/apps contacting the MB3Admin site, freeing up yourself and Luke to further develop Emby in all the areas that need it.
 

I know you've said that you will be adding a Device Usage screen to the Dashboard, but we've heard lots of things are "planned for the future", but they don't always materialise. 

 

Sorry, I don't have any issues with Premier and Device Limits, so my view may be too simplistic, but I think the whole of Premier itself needs reviewing to stop confusion.

 

[ebr 14912]

so why not just change the Device Limit methodology and allow the client/app contact the server and have the server manage it all in the background, thereby not having clients/apps having to communicate with the MB3Admin site, which was the OP's question?

 

We've explained that over and over again.  The limit isn't related to servers it is related to devices and a key.  So a single server cannot validate the device limit.  There are also other, pure protection against theft reasons, that the apps must validate directly.  I don't know how else to explain it.

 

 

If you set a hard limit of all devices connecting to an Emby server to a decent limit (25?), then drop them off the list if no access after 7/14/28 days, then it'll make sense for everyone.

 

 

I don't understand how changing the numbers makes it any less complicated...

[CBers 6771]

We've explained that over and over again.  The limit isn't related to servers it is related to devices and a key.  So a single server cannot validate the device limit.  There are also other, pure protection against theft reasons, that the apps must validate directly.  I don't know how else to explain it.

That's the point. If it did, it would make more sense to people.

 

The device limit is associated with the Premier key, which is the same one that is on the Emby server.

 

If a device accesses multiple Emby servers, then the Emby server that it is connected to manages the device within it's own limits, meaning that the device itself doesn't need Premier, just a connection to a Premier server.

 

I don't understand how changing the numbers makes it any less complicated...

 

It doesn't, 25 was just arbitrary number.