Oh, right, it was basic auth (behind a reverse proxy, or even in general) that Jellyfin doesn’t support and isn’t planned to support IIRC.

Here is a GitHub issue where they said they don’t plan on supporting it: https://github.com/jellyfin/jellyfin-android/issues/123

And with ro rights to media, potential damage at least should be pretty limited.

Depends entirely on where you live I would think.

It does, yeah.

If they are providing the content, they can see that they are providing the content and that much is obvious.

If you are providing the content, you wouldn’t expect that they can identify what you are watching.

That’s the difference to me, yeah.

So I searched, and all of the results were talking about setting up a VPN or a reverse proxy or whatever.

The best thing is, you can’t use a reverse proxy with it, it doesn’t even support it.

FWIW apparently this is talking about their free content, not about user content.

This is basically my exact situation lol

I think I tried DamnSmallLinux in a VM around like 2008 or something which I thought was really cool, then I tried Fedora which I didn’t really like, then I tried Ubuntu which I really liked and still do, although I’m going to switch to Mint at some point because I prefer the idea of having a community-owned distro.

FOSS isn’t always more secure than closed-source, but it absolutely can be.

It depends on the priorities of the maintainers. It seems like Jellyfin’s maintainers might not be putting a huge emphasis on security, which is very disappointing, but they are volunteers at the end of the day.