this post was submitted on 02 Apr 2025
213 points (100.0% liked)
Technology
38432 readers
479 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If my server is already open to everyone, what kind of potential attacks do i need to be worried a about? I dont keep personal files on my streaming server, its just videos, music and isos/roms. I dont restrict sign ups, so the idea of an unauthorized user doing something like download a video is a non issue for me really.
I do see where there could be problems for folks running jfin on the same server they keep private photos or for people who charge users for acess, but thats not me.
Am i missing something or is the main result of most of these that a "malicious" actor could dowload files jellyfin has access to without authentication?
I guess the worst thing is that your server starts attacking the US military servers because you've become part of a botnet.
That happened to my friend one time when I installed Linux on his computer. He made the username and password the same 4-character word. Got a letter from the DoD.
I dont think they would be so forgiving these days. Especially if you're brown.
With unrestricted signups, they can obtain their own account easily. With their own account they can enumerate all your other users.
If they have their own account they can just find your instance, make a login, collect all the proof they need that you're hosting content you don't own (illegally own) then serve you a court summons and ruin your life.
I wouldn't worry about the vulnerability in the link since your already wide open. But I wouldn't leave Jellyfin wide open either. Movie and TV studios are quite litigious.
I hope you're at least gatekeeping behind a vpn or something.
Edit: typo
Well it's hosted in The Netherlands and I did take some steps to protect my own identity in regards to registration info, but if the studios did take an interest i'd probably have some fun with it by decaliring bankrupcy and dragging out the appeals.
I mean, sure... but you'd actually have to reasonably liquidate most of your assets at that point. You can't just "claim" bankruptcy and do literally nothing to sate your debts. Of course this is different on a jurisdictional basis... but overall, you have to sell a lot of your stuff in order to do a proper bankruptcy.
https://www.financestrategists.com/financial-advisor/bankruptcy/what-can-you-keep-after-filing-bankruptcy
It can decimate any savings you have for retirement.
What assets?🤣
Fair enough if you don't actually have any... but the courts will still make that decision for you. Some things might count that you don't expect.