Waryle

https://www.legifrance.gouv.fr/juri/id/JURITEXT000030635061/

Case law from the Cour de Cassation, where the defendant was convicted, by Articles 323-1 and 323-5, of having extracted data freely following a proven failure of the protection system.

The complainant just had to show that the data SHOULD have been inaccessible, by expressing this “with a special warning” :

"3°) alors qu'en l'absence de dispositif de protection des données, la maître du système doit manifester clairement et expressément manifester, par une mise en garde spéciale, sa volonté d'interdire ou de restreindre l'accès aux données ; qu'en déduisant de la seule présence d'un contrôle d'accès sur la page d'accueil du site de l'ANSES que M. X... s'était irrégulièrement maintenu dans le système contre le gré de son propriétaire, la cour d'appel a violé l'article 323-1 du code pénal ;

Translated :

“3°) whereas in the absence of a data protection system, the master of the system must clearly and expressly manifest, by means of a special warning, his intention to prohibit or restrict access to the data; that in deducing from the mere presence of an access control on the home page of the ANSES site that Mr. X... had irregularly maintained himself in the system against the owner's will, the Court of Appeal violated article 323-1 of the French Penal Code ;

In my case, the first thing you see when you arrive at my Jellyfin instance is a login form blocking your entry, and you have to go through a backdoor to access my data, so there's no ambiguity on this point.

You're wrong, period. Stop trying to debate laws interpretation of a country you don't even speak the language of.

I live in France, and these are the relevant laws :

• Article 323-1 : you access my server without my authorization -> 3 years of prison, 100k€ fine
• Article 323-3 : you touch my data in any way -> 5 years of prison, 150k fine

Using a flaw in a software to retrieve data you should not have access to is illegal where I live, the same way as you're not suddenly allowed to enter my house and fetch my drawers just because I left a window open. I won't debate this point further.

Keeping that copy on a web accessible platform that is accessible by anyone on the internet(unauthenticated) isn't covered by your rights at a bare minimum.

It's as accessible as my DVD collection in my living room: anyone can get into my home without a key by illegally breaking a window.

Using a flaw in my Jellyfin to access my content is illegal and can't be used against me to sue me, period. The idea of rights holders who would hack me to sue me is just plain ridiculous.

Depending on the content "timing" if they trigger on something that doesn't have a physical/consumer release yet... or all sorts of other "impossible" conditions. This is obviously reliant on what content you actually have on your server.

And again, the only proof they would have could not be used in courts.

For real, you're just fear-mongering at this point.

I was sincerely hoping someone would bring some real concerns, like how one of these security breaches listed in the OP could allow privilege escalation or something, but if all you got is "Universal might hire hackers to break through your server and sue you", you're comforting me in my idea that I don't have much to fear

Where I live, I have the legal right to have a copy of a film of which I have a legal version, they can watch my media library as much as they want, it's not enough to prove that it's illegal.

And hacking my server is illegal, they can't go to court by presenting evidence obtained through hacking, they would risk much more than me.

My Jellyfin server is behind Cloudflare with IP outside of my country banned.

I got Crowdsec set up on Cloudflare, Traefik and Debian directly.

I got Jellyfin up in a docker container behind Traefik, my router opens only 80 and 443 ports and direct them to Traefik.

Jellyfin has only access to my media files which are just downloaded movies and shows hardlinked by Sonarr/Radarr from my download folder.

It is publicly exposed to be able to watch it from anywhere, and share it to family and friends.

So what? They might access the movies, even delete them, I don't care, I'll just hardlink them back or re-download them. What harm can they do that would justify locking everything down?

Now let's do intercity trains and tramways then

Thanks for sharing your researches

So we can have autonomous metros, buses and taxis that allow people anywhere when they need it so they don't rely on having a car?

I live 2000km from Chernobyl

Chernobyl is not comparable to a nuclear bomb. Chernobyl is a reactor, made to release a steadily amount of radiations for years to make electricity.

Chernobyl irradiated a large area because the graphite that was located in the reactor core has burned, and the fumes have been carried by the wind, taking a lot of high-level activity nuclear waste hundred or thousands of kilometers away.

A bomb is way smaller than a reactor, and is designed to release most of its energy instantly to make the biggest explosion possible. That means a short burst of radioactivity very high level of radioactivity, with a very small half-life.

A few days after a bomb explodes, most of the radiations would have depleted.

Anyone who has a different opinion than mine is necessarily an idiot