this post was submitted on 19 Jun 2026
316 points (95.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

69501 readers
589 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

We heartily recommend visiting the free port of freemediaheckyeah (aka FMHY) while you sail the high seas, for all the freshest links the ocean has to offer.

📜 c/Piracy Wiki (Community Edition):

🏴‍☠️ Other communities

FUCK ADOBE!

Torrenting/P2P:

Gaming:

💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 3 years ago
MODERATORS
db0@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
Andromxda@lemmy.dbzer0.com
CosmicTurtle0@lemmy.dbzer0.com
tenchiken@lemmy.dbzer0.com
unruffled@anarchist.nexus
316
Plex price gouging any users they have left (lazysoci.al)
submitted 1 day ago* (last edited 1 day ago) by lazynooblet@lazysoci.al to c/piracy@lemmy.dbzer0.com
154 comments fedilink hide all child comments
 

I bought Plex pass years ago for £79. The new price of $749.99 is INSANE.

No wonder all the cool people are using Jellyfin.

you are viewing a single comment's thread
view the rest of the comments
[–] dan@upvote.au 2 points 14 hours ago* (last edited 14 hours ago) (1 children)

If a service is publicly accessible, anyone can access it. Even if it's secured, there can be security issues in the auth layer of the app, improperly secured endpoints, etc.

If a service is only available over VPN, nobody can access it unless they're on the VPN. The service isn't visible over the public internet and other people won't even know it exists. You can require two factor auth to connect to the VPN.

I'm not sure why you seem to think that a private network isn't more secure than a public network. There's a reason why practically every company requires people working remotely to connect to a VPN to access company resources.

[–] jatone@lemmy.dbzer0.com 0 points 13 hours ago* (last edited 13 hours ago) (1 children)

If a service is publicly accessible, anyone can access it.

false.

Even if it’s secured, there can be security issues in the auth layer of the app, improperly secured endpoints, etc.

true, fun fact a VPN is also an application with an auth layer. dun dun dun!

If a service is only available over VPN, nobody can access it unless they’re on the VPN.

which is basically anyone soon as a browser is in the mix. which it is.

I’m not sure why you seem to think that a private network isn’t more secure than a public network.

because I've done network hardening and know that they are only as secure as the devices and people that are a part of that network. it has nothing to do w/ private vs public and everything to do with what you do while within that network.

There’s a reason why practically every company requires people working remotely to connect to a VPN to access company resources.

uh huh. heard of lemmings? appeals to authority? etc, etc, etc. thats you right now. federal agencies guidelines regarding VPNs search terms for you: Federal Zero Trust Strategy (notably via OMB Memo M-22-09). Individuals like yourself are literally the reason they had to release these updated guidelines. because people kept quoting out of date security practices from their old guidelines as 'good enough for the feds must be best practices'

like i said you dont know what you're talking about. historical foot note: when the federal agency updated their recommendations regarding VPNs they were criticized by security experts for taking so fucking long to finally remove the misguided position that VPNs improve security that you hold.

here is a relevant snippet for everyone:

Regardless of the approach selected, agencies must move away from the practice of maintaining a broad enterprise-wide network that allows enhanced visibility or access to many distinct applications and enterprise functions. Accordingly, agencies should choose their zero trust approach early enough to permit them to align that approach with their plans for IT investment

Literally use 'authn/authz' and dont rely on VPNs for ACL. Here is another gem from that memo for today's lucky 10,000:

Agencies must remove password policies that require special characters and regular password rotation from all systems

and yet companies still put that nonsense into their security policies.

[–] dan@upvote.au 1 points 4 hours ago* (last edited 4 hours ago)

I never said anything about using the VPN as an ACL. All I said was to only expose the service over the VPN. That doesn't necessarily mean that the app doesn't have authentication or authorization.

I'm also only talking about residential use cases, where it's a common practice (when not using a VPN) to just expose everything via port forwarding. Businesses aren't setting up Jellyfin on their servers.

true, fun fact a VPN is also an application with an auth layer. dun dun dun!

Sure, but someone would have to first get on the VPN, and then find vulnerable apps once on the internal network, as opposed to just scanning the internet for public-facing vulnerable systems. Wireguard (and thus Tailscale) doesn't respond to port scans at all - it only responds to packets that are signed with a known key.

Admittedly, networking and network security isn't my specialty so I'm absolutely sure you've got more knowledge in this area.