Yes, absolutely. And they can drag Canonical into it as well if they wish though it’s harder. Being UK based doesn’t protect them from the long arm of US law including arresting any US personnel, freezing and seizing their funds, putting out arrest warrants for and harassing those in the UK with the fear of arrest and rendition to the US if they go to a third country (for a conference, vacation, etc, most would buckle rather than live under that). Additionally the US could sanction them for non-cooperation by making it illegal for US companies to sell them products and services, for US citizens to work for or aid them, etc.

They can go after community led projects too, just send the feds over to the houses of some senior US developers and threaten and intimidate them, intimate their imminent arrest and prison sentence unless they stop contact and work with parties from whatever countries the US wishes to choose to name. Raid their houses, seize their electronics, detain them for hours in poor conditions. Lots of ways to apply pressure that doesn’t even have to stand up to extensive legal scrutiny (they can keep devices and things and the people would have to sue to get them back).

The code itself is likely to exist in multiple places so if someone wanted to fork from say next week’s builds for an EU build they could and there would be little the US could do to stop that but they could stop cooperation and force these developers to apply technical measures to attempt to prevent downloads from IP addresses known to belong to sanctioned countries of their choosing.

It’s not like the US can slam the door and take its Linux home and China and the EU and Russia are left with nothing, they’d still have old builds and code and could develop off of those though with broken international cooperation it would be a fragmented process prone to various teething issues.

Interesting project. Thanks for the link and I do appreciate it and could see some very good uses for that but it’s not quite what I meant.

Unfortunately as it notes it works as a companion for reverse proxies so it doesn’t solve the big hurdle there which is handling secure and working flow (specifically ingress) of Jellyfin traffic into a network as a turn-key solution. All this does is change the authorization mechanism but my users don’t have an issue with writing down passwords and emails. Still leaves the burden of:

• choosing and setting up the reverse proxy,
• certificates for that,
• paying for a domain so I can properly use certificates for encryption,
• making sure that works,
• chore of updating the reverse proxy, refreshing certs (and it breaking if we forget or the process fails), etc

Which is a hassle and a half for technically proficient users and the point that most other people would give up.

By contrast with Plex how many steps are there?

1. Install (going to skip media library setup as Jellyfin requires that too so it’s assumed)
2. Set up any port settings, open any relevant ports on firewall, enable remote access in setting with a tickbox
3. Set up users
4. Done, it now works and doesn’t need to be touched. It will handle connecting clients directly to the server. Users just need to install Plex client, login to their account and they have access.

By contrast this still requires the hoster set up a reverse proxy (major hassle if done securely with certificates as well as an expense for a domain which works out to probably $5 a year), to then have their users point their jellyfin at a domain-name (possibly a hard to remember one as majesticstuffbox[.]xyz is a lot cheaper than the dot com/org/net equivalents or a shorter domain that’s more to the point), auth and so on. It’s many, many, many more steps and software and configurations and chances for the hosting party to mess something up.

My point was I and many others would rather take the $5 we’d spend a year on a domain name and pay it for this kind of turn-key solution for ourselves and our users even if provided by a third party but that were Jellyfin to integrate this as an option it could provide some revenue for them and get the kinds of people who don’t want to mess with reverse proxies and certificates into their ecosystem and off Plex.

Simplewall.

There is AFAIK no way to do this.

Apple’s never open-sourced the APIs and interfaces and it only works on Macs and Windows. For this you will need to have either a Windows install (recommend separate drive so it doesn’t break Linux bootloader) or a persistent or not Windows VM with USB passthrough. I’m not even sure how well the VM situation works but it probably should. You don’t even have to have a license for Windows, you can just run it in the VM for this purpose alone but it does mean oh at least 40GB set aside on your drive for the VM image plus more if you want to do things like back-up the phone.

Jellyfin needs to partner with someone people can pay a very low and reasonable and/or one-time fee to enable remote streaming without the fuss of setting up either dangerous port-forwarding or the complexity of reverse proxies (paying for a domain-name, the set-up itself including certificates, keeping it updated for security purposes).

And no a VPN is not a solution, the difficulty for non-technical users in setting up a VPN (if it’s even possible, on smart-tvs it’s almost always not, and I don’t think devices like AppleTV and other streaming boxes often support them) is too high and it’s an unwanted annoyance even for technical users.

I’m not talking about streaming video’s through someone else’s servers or using their bandwidth. I’m talking about the connection phase of clients and servers where Plex acts like an enhanced dynamic DNS service with authentication. They have an agent on the local media server which sends to the remote web service of the third party the IP address, the port configured for use, the account or server name, etc. When a client tries to connect they go to this remote web service with the servername/username info, the web service authenticates them then gives them the current IP address and any other information necessary. It then sends some data to the local Jellyfin server about the connecting client to enable that connection and then the local media Jellyfin server and the client talk directly and stream directly.

Importantly the cost of running this authentication and IP address tracking scheme would be minimal per Jellyfin server. You could charge $5/year for up to 20 unique remote clients and come out ahead with a slight profit which could be put back into Jellyfin development and things like their own hosting costs for code, etc. Even better if they offer lifetime for this at $60-$80 they’d get a decent chunk of cash up-front to use for development (with reasonable use restrictions per account so someone hosting stuff in Hetzner or whatever and serving 300 people with 400 devices will need to pay more because they’re clearly doing this for profit and can afford to throw some more money at Jellyfin).

Until Jellyfin offers something that JUST WORKS like that it’s not going to be a replacement for Plex, whatever other improvements they offer to users it’s still a burden for the server runner to set up remote streaming in a way that isn’t either incredibly dangerous (port forwarding) OR either involves paying money to third parties AND/OR the trouble of running your own reverse proxy and/or involves walking users through complicated set-up process for each device that you have to repeat if you change anything major like your domain name when using a VPN.