I have gotten several questions from Plex server owners about how to counteract the use of PlexRipper and or at least prevent abuse. To be honest, I have no definite answer and as the creator of PlexRipper I'm also quite biased in wanting to make PlexRipper always work.
However, there should definitely be a balance. I don't condone abuse and support the right of Plex server owners to kick anyone who uses PlexRipper in a way they don't approve of. My answer below is what I send someone who asked about this but I would really appreciate any input, concerns or ideas.
Question:
I see you're Dutch :) I'm in Den Haag right now.
My team has noticed your project and while its exciting work we have concerns that it'll burn through a lot of bandwidth and probably impact the plex server if its doing tons and tons of calls getting the guids.
One of the bad things I see is that the plex server owners don't have a way of preventing abuse. Say my plex is running on a VPS with a 2TB traffic allocation, someone comes in with your app and pulls those 2TBs in short order and now I'm stuck with high traffic overages or that it's querying of the database tanks plex for everyone else. I can't watch shows because my 'friend' is sucking down my content.
I don't want to stop people from downloading but I do want to stop people from abusing and impacting me either watching or financially if I have to pay for the traffic.
Could we discuss ways to prevent the abuse? I was thinking we might have to come up with some way to filter it by the headers. If you added a 'plexripper' header then we can filter that out or we can try to rate limit it.
As I said, I'm not opposed to people downloading content but I am opposed to it impacting my own personal usage or other friends usage and if I get a bill for 200 euros because my friend decided to download all the 4K content on my server and blow my transfer limits out of the water.
Would you be willing to come up with a way for the plex admins to control its usage?
Thanks!
End of Question
Answer:
Thank you for your very fair and well put e-mail!
This is quite a complicated issue due to multiple factors in play:
-
PlexRipper is open source, so any limitations I put in place can be removed just as easily. Someone could make a limitations free fork of PlexRipper, which would make putting it in place in the first place almost useless. And having spent nearly 2000 hours over a period of almost 2 years developing this, I would not like to see alternative versions pop-up.
-
Although I would like to be a neutral arbiter between PlexRipper users and PSO's (Plex Server Owners), since I'm both, I do tend to lean towards PlexRipper reaching its full potential, which in turn might negatively impact PSO's. My feeling is that most don't want to be a download server for users, which is their right, or will soon implement tactics to just auto ban any account that has a PlexRipper header.
-
The ultimate power does lie with PSO's, PlexRipper can only download if it has access granted by a PSO. If a user commits abuse, then he can be banned from the server with no way in. Which is a good thing and I would also not approve of PlexRipper becoming a hacking tool to gain unauthorized access by exploiting vulnerabilities.
Having said that, I also strongly oppose abuse which would lead to huge bills for Plex Server owners. Most of us do it as a hobby, which is already expensive enough and abuse would understandably suck all the fun out of it.
These are my ideas which I think are reasonable:
-
Functionality to limit the download speed, which is per server configurable by the user. The default value could be 8mb/s, or however much it is to stream 1080p/4k content as not to suck up all the bandwidth. This is a high priority and I hope to have this in one of the next releases.
-
Plex server owners could place a config file somewhere on their server, which is retrieved by PlexRipper and would contain the abuse limitations. Things like, maximum download speed, which times of day to preferably download, maximum allotted download size a day, or just straight up "no downloading" etc. This config would be presented to the user to either automatically configure PlexRipper based on those settings or the user could choose to ignore that config. However, if the user chooses to ignore that config then the Plex server owner could receive a notification that this particular user is ignoring the config. The Plex server owner could then decide to ban that user. Again, this could be easily removed by anyone due to the open source nature of PlexRipper.
-
Retrieving all the metadata is I think one of the biggest database performance costs. This would ideally be only done once, after which PlexRipper will check once a day if there is any new content which is a very small request.
-
Caching of the thumbnails and banners is also one of the ideas I had, any image requested from the Plex server is stored locally and retrieved from there. This is a double win, less traffic for PSO's and faster loading for PlexRipper users at the cost of storage space for the user.
To answer your last question, I am absolutely willing to help out where I can and make it fair for PSO's as well.
I also think this is an important discussion to be had, so if you're willing you could copy you initial mail in the GitHub issues. I will respond with my answer and pin the thread to see what others think.
The above are just some of my ideas and any feedback or own ideas are of course very welcome!
End of answer
What do you guys think?