August 21, 2017 // 10:51 a.m.
Media streaming giant Plex has defended a change to its terms and conditions which prevents users from opting out of the company's data collection system, while adding a partial opt-out in an attempt to allay users' concerns.
The company's contentious change explained: 'In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection, but we do not sell or share your personally identifiable statistics,' the company's original announcement informed users. 'Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm.'
Following considerable user backlash - including, predictably, a number of threads on Reddit and other social media services lambasting the company's decision to remove the ability to opt out from the data collection - Plex chief executive Keith Valory posted a conciliatory message offering more detail regarding the data collection system and his company's decision to remove the ability to opt out from the same. 'We came to the conclusion that providing an "opt out" in the setup gives a false sense of privacy and feels disingenuous on our part,' Valory explains of his company's decision. 'That is, even if you opted out, there is still a bunch of data we are collecting that we tried to call out as exceptions. So rather than try to enumerate all of exceptions, we decided: (1) to make it even more clear that we don’t collect data that tells us what is in your library; (2) to remove the opt out provision primarily to be more clear up front (but also acknowledging that the data is clearly useful); and (3) to be very transparent about what we do, and don’t do, with the data (including Section F, which prohibits us from selling your data).
'Can’t you still deduce what is in my library,' Valory echoes of a question asked frequently following the change. 'This was clearly a detail we missed, and many of you have raised it after the fact. While we think it would be hard for someone to figure out the identity of a file based on some media information (e.g. media duration), it is certainly more than just a theoretical possibility. And, again, we have ZERO interest in knowing or being able to know what is any of your libraries. So, for you and for us, we’re going to make some changes to the policy ASAP.'
Those changes, Valory details, do not include the restoration of the centralised opt-out toggle, but do include features such as work to 'generalise' playback statistics which aim to prevent fingerprinting of individual files, individual opt-out toggles for crash reporting, marketing communications, and playback data reporting, and a new privacy tab which provides a complete list of 'all product events data' collected by the company. 'Our intention here is to provide full transparency,' claims Valory. 'Users will have one place where they can see what data is being collected and where they can opt out of playback data that they are not comfortable with (though we’ll do our best to get them comfortable!).'