I am setting up my first jellyfin server via docker, and I am offered the option to either use TMDB or OMDB. I have jellyfin on a LAN-connected device w/o VPN connection, and I am concerned queries to those DBs with file names of torrented files can get tracked and reported to my ISP. Could that be the case? And if so what to do about it? Are there more privacy-preserving metadata services than others?

  • tiwenty@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Firstly connections to those API should be encrypted, so parameters such as the filename shouldn’t be visible by a MitM. Also, as someone else pointed, you could rename the file beforehand to something neutral.

  • brownmustardminion@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Another alternative is run Jellyfin and all of your *arr apps as docker containers and run them through a docker container called gluetun. Essentially this will route all incoming traffic (tvdb, torrents, etc) through a vpn and all outgoing (sonarr, Jellyfin, etc web gui) can be accessed locally.

    • trivial99@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I didn’t know about this, this sounds great! My question then is, can I still access jellyfin on LAN after it connects to the internet via the VPN?

  • saduser@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I’m currently using the default metadata downloaders including some made for Anime and I never had any problem with them. Maybe consider that most network traffic with these sites is encrypted. As long as you are not using the default DNS servers provided by your ISP and using DNS over TLS or HTTPS the ISP does not have a high chance of knowing what you are sending to these API’s

  • JelloBrains@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I have been renaming files with filebot and then scraping the nfos, images, and posters with MediaElch for years and never had a problem.

  • Swimmerman96@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Based on a quick glance of the API documentation it looks like TMDM/OMDB doesn’t receive your filenames, they use unique IDs assigned to their shows and potentially searches based on titles/episode numbers that Jellyfin is already aware of.
    Even if Jellyfin used the filename to search OMDB/TMDB, the headers, body, and the path of the URL (api.themoviedb.org/<path>) are all encrypted by the TLS connection so would not be visible to your ISP.

  • TrenchcoatFullOfBats@belfry.rip
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    1 year ago

    First, change your DNS servers to something like Quad 9 so your ISP can’t track you that way. Then maybe consider switching to usenet, which is more secure in that you’re downloading from a server (or servers) over an encrypted connection instead of via torrent, where you’re both uploading (distributing) and downloading, and your IP address is available to anyone else downloading.

    With usenet, all copyright-holders can really do is issue a takedown request to the indexer or host, neither of which is you.

    • tiwenty@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      His problem isn’t the part where he downloads parts. Jellyfin queries 3rd party metadata providers, such as TMDB. What he’s concerned with is JF sending the filename to TMDB and getting spied on by the ISP.

      • TrenchcoatFullOfBats@belfry.rip
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I know. But it’s not illegal to look up stuff from TMDB. It only becomes a problem if the copyright holder already has your IP address, knows what you’ve downloaded, and also subpoenas a list of addresses you’ve visited, which could provide them with additional evidence that you did in fact download their IP in a court case against you.

        “See, Judge? He downloaded Shrek 12: The Enshrekening AND he also downloaded movie posters and a plot synopsis from TMDB for this same movie, which proves that he was in possession of our property.”

        If they don’t already have evidence that you’ve “stolen” from them, a TMDB query won’t be evidence of anything useful.

        It’s pretty easy to get flagged for illegal downloads with torrents, but almost impossible to do the same with usenet downloads.