It’s impossible to de-google or meaningfully remove unwanted stuff from Smart TVs while keeping them usable for streaming purposes.

What you want to do is factory reset, don’t connect to the internet, go into settings and turn off whatever you can, and then use a streaming box.

Yes it’s an additional cost but it’s BETTER. The processors and memory in those TVs are lousy, the apps are often sluggish, the experience is simply not great. Frankly the hardware was built not to be usable for you, they are data collection platforms that include minimal low quality streaming experiences in order to collect data. No software is going to fix that.

Want something that “just works” and supports all the major streamers? Get an Apple TV 4k. It’s pretty private but importantly no ads, clean interface, powerful hardware. Is it maximally private? No. But it is easy.

Want to put in effort? You can get either a Dune-HD box (some have dual-OS without reboot where one is Netflix certified to get you full resolution while passing DRM checks while another is unlocked bootloader which you can install all kinds of things like Plex and Kodi on) or get some other Android streaming device of your choice (Walmart’s Onn brand 4k devices used to be very good and cheap though you might need to check as I heard rumors the latest devices can’t be unlocked).

You’ll have a better experience on more powerful hardware and will never want to go back to the bad on-board TV experience.

Wait until you find out they offer apps with ties to:

• FBI
• US military
• CIA
• NSA
• The most awful fascist ghouls on podcasts and youtube
• The “israeli” state and its war criminal institutions.

Curious then you pick on vague ties to China to fearmonger.

I mean FFS Microsoft and Google are actively abetting the most documented genocide in a century. Where is the outrage from these garbage people over that? Where’s the push to help boycott and pressure them to stop assisting the slaughter? Children are being killed right now in Gaza with the help of these American companies and where are the stories encouraging people to stop using them?

IMO focus on purchasing physical content from creators or distributors who NEED to get paid.

It’s one thing to foolishly throw money at these big companies for blurays of an already very successful series while they’re throwing their old libraries in the trash or ‘the vault’ or just shoveling most of their money towards low quality reality garbage.

It’s another to buy a Criterion or BFI or Vinegar Syndrome bluray of something out of print that they need to recoup the costs of restoring and scanning.

If someone buys a bluray of an MCU movie they are a chump, firstly for liking that stuff, secondly for giving Disney more money for it when those things already earn piles of cash in theaters and that alone would be enough to keep them paying salaries and producing that stuff.

Spend money on independent film-makers/releases, on restorations, on series you like on the verge of cancellation.

Sadly I think the conclusion is already written, physical media’s days are numbered, the big companies are going to shut down the overwhelming majority of bluray and dvd production within 5-10 years is my feeling because why sell you for $20-$30 a copy of something when they can get your rent in the form of streaming monthly payments for the rest of your natural life?

And best of all with the rent they can push ads which further increase their revenue. That bluray is a one-time payment, ads for watching the movie on streaming are a continual revenue stream. I predict that they will either have completely killed off ad-free tiers of streaming to push most of their audience into an even bigger and more valuable ad pool to sell to advertisers OR the prices of the ad-free tiers will grow dramatically away from the ad-supported tiers. Right now it’s a few bucks a month, I suspect within 10 years it will be 170-300% the cost of the ad-supported version.

Because their founder (Marlinspike) is probably under a National Security Letter, maybe it’s just that, maybe he’s done some crimes they’re also holding over him. If you look at his behavior it’s that of someone very paranoid that they’re going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who’s terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.

This doesn’t necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it’s also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.

And those saying it has to do with spam prevention, that’s kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn’t. Third it’s possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there’s no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).

This is going to get DV victims killed. At least on phone tracking like iPhone’s family sharing makes it clear it’s happening and often has a way of disabling it when you make your final run for it allowing you to keep your phone.

Interesting project. Thanks for the link and I do appreciate it and could see some very good uses for that but it’s not quite what I meant.

Unfortunately as it notes it works as a companion for reverse proxies so it doesn’t solve the big hurdle there which is handling secure and working flow (specifically ingress) of Jellyfin traffic into a network as a turn-key solution. All this does is change the authorization mechanism but my users don’t have an issue with writing down passwords and emails. Still leaves the burden of:

• choosing and setting up the reverse proxy,
• certificates for that,
• paying for a domain so I can properly use certificates for encryption,
• making sure that works,
• chore of updating the reverse proxy, refreshing certs (and it breaking if we forget or the process fails), etc

Which is a hassle and a half for technically proficient users and the point that most other people would give up.

By contrast with Plex how many steps are there?

1. Install (going to skip media library setup as Jellyfin requires that too so it’s assumed)
2. Set up any port settings, open any relevant ports on firewall, enable remote access in setting with a tickbox
3. Set up users
4. Done, it now works and doesn’t need to be touched. It will handle connecting clients directly to the server. Users just need to install Plex client, login to their account and they have access.

By contrast this still requires the hoster set up a reverse proxy (major hassle if done securely with certificates as well as an expense for a domain which works out to probably $5 a year), to then have their users point their jellyfin at a domain-name (possibly a hard to remember one as majesticstuffbox[.]xyz is a lot cheaper than the dot com/org/net equivalents or a shorter domain that’s more to the point), auth and so on. It’s many, many, many more steps and software and configurations and chances for the hosting party to mess something up.

My point was I and many others would rather take the $5 we’d spend a year on a domain name and pay it for this kind of turn-key solution for ourselves and our users even if provided by a third party but that were Jellyfin to integrate this as an option it could provide some revenue for them and get the kinds of people who don’t want to mess with reverse proxies and certificates into their ecosystem and off Plex.

Jellyfin needs to partner with someone people can pay a very low and reasonable and/or one-time fee to enable remote streaming without the fuss of setting up either dangerous port-forwarding or the complexity of reverse proxies (paying for a domain-name, the set-up itself including certificates, keeping it updated for security purposes).

And no a VPN is not a solution, the difficulty for non-technical users in setting up a VPN (if it’s even possible, on smart-tvs it’s almost always not, and I don’t think devices like AppleTV and other streaming boxes often support them) is too high and it’s an unwanted annoyance even for technical users.

I’m not talking about streaming video’s through someone else’s servers or using their bandwidth. I’m talking about the connection phase of clients and servers where Plex acts like an enhanced dynamic DNS service with authentication. They have an agent on the local media server which sends to the remote web service of the third party the IP address, the port configured for use, the account or server name, etc. When a client tries to connect they go to this remote web service with the servername/username info, the web service authenticates them then gives them the current IP address and any other information necessary. It then sends some data to the local Jellyfin server about the connecting client to enable that connection and then the local media Jellyfin server and the client talk directly and stream directly.

Importantly the cost of running this authentication and IP address tracking scheme would be minimal per Jellyfin server. You could charge $5/year for up to 20 unique remote clients and come out ahead with a slight profit which could be put back into Jellyfin development and things like their own hosting costs for code, etc. Even better if they offer lifetime for this at $60-$80 they’d get a decent chunk of cash up-front to use for development (with reasonable use restrictions per account so someone hosting stuff in Hetzner or whatever and serving 300 people with 400 devices will need to pay more because they’re clearly doing this for profit and can afford to throw some more money at Jellyfin).

Until Jellyfin offers something that JUST WORKS like that it’s not going to be a replacement for Plex, whatever other improvements they offer to users it’s still a burden for the server runner to set up remote streaming in a way that isn’t either incredibly dangerous (port forwarding) OR either involves paying money to third parties AND/OR the trouble of running your own reverse proxy and/or involves walking users through complicated set-up process for each device that you have to repeat if you change anything major like your domain name when using a VPN.

Look less suspicious. Be fingerprintable easily. Look unique but in a normal way. Be logged in. Look like a “normal” web user not using a hardened browser. That’s what tends to trigger them and what tends to escalate them to demanding more work to get past them.

There’s no turn-key solution that fakes all of this flawlessly I’m afraid.

You do know his wife is a Republican right? A proud Bush/Obama era Republican? They literally met at the GOP convention in 2008.

What is with liberals and playing fantasy games with politics? On the one hand liberals will say elections are important and have consequences and on the other they’ll treat it like a game of putting in your celebrity faves without bothering to care about their actual views.

Who knows what Jon himself actually thinks given he married a proud Republican and the fact he’s a TV comedian playing a character. For all you know deep down he could personally be a never-Trump Republican himself.

I doubt they would be allowed to hand out keys (which they do not hold) to another government that would compromise American businesses, agencies, etc.

Um, yes they would. The very point of eyes agreements is they allow countries intelligence agencies which aren’t allowed to spy on their own people to spy on each other’s people then pass each other the data. Snowden revealed this all a decade ago.

The CIA and FBI do not store classified sensitive info on iPhones that are backed up anywhere. At least not anything that would come as a surprise to the British or be a risk. Nothing they wouldn’t have access to via the existing intelligence sharing.

The UK and the US are thick as thieves and have been since the end of WW2.

This is frightening.

They do not have the ability to just remove e2e back-ups in the UK alone and walk away from this, that’s not how the law is written as I understand it.

The snooper’s charter gives the UK government the RIGHT to DEMAND access to encryption keys of any user GLOBALLY. The law is that they can force the cooperation of Apple to decrypt the account of an American user, of a German user, of a Russian user, of a South African user, of a Brazilian user, of a Japanese user who have never stepped foot in the UK.

So they’re claiming that this protects their users, that they haven’t complied but the only way to avoid complying with these secret gag orders for compromising encryption GLOBALLY at the demand of the UK government is to remove themselves entirely from the jurisdiction of the UK. Is to remove all executives and technical personnel from UK soil, to not hire such people who live in or are citizens of the UK as technical personnel as they could be gag ordered and compelled to cooperate. To basically entirely pull out of any presence but maybe storefronts in the UK and take steps to prevent the arrest and pressuring of their executives and key technical people with access from being subject to UK coercion.

That they haven’t done that means all users globally are still at risk. This may be a big PR stunt to convince people they haven’t caved when in fact they have in secret and will hand over data of global users to the UK which shares it via eyes agreements with the US, with France, Australia, etc. This has the added benefit of allowing the UK to keep such access secret by acting annoyed with Apple but not actually pressing any case. If they try and actually prosecute or pressure Apple that’s a sign that they haven’t cooperated globally, if they only offer angry words to the press IMO that’s a sign that in secret they’ve given access globally and only informed UK users that their cloud data isn’t protected.

An interactive firewall.

One that blocks programs from accessing the internet and prompts the first time they try until you click a button that says allow or you choose the alternative which is deny. A program like this you’d have no reason to give it internet access, it’s something whose operations should be entirely local.

Yet another reason for people to run a default prompt (deny until prompt answer) firewall.

As an extra step you can block DNS requests to external services from within your network to prevent devices trying to reach hardcoded for example Google DNS servers to bypass your filtering which isn’t uncommon with some IoT/streaming devices. Best to both block the known IPs as well as have DNS redirects for the urls that point back to your firewall at whatever IP it’s using to serve DNS from. There is a list called DoH servers by name or something like that which you can add to the blocklist to try and prevent usage of any DNS but your own.

Yeah they include a gigabit ethernet port which is really useful for full quality 4k, amazing how many cheaper streaming devices only have 10/100 ports which I suppose is adequate if all you do is stream Netflix.

But to me it’s just cheaping out to save a dollar or two on the manufacturer’s part that with ethernet & protocol overhead could result in problems potentially even for 1080p streams. Whereas gigabit even with overhead and lackluster conditions you’re going to get 700-800mbps sustained. People think for 1080p bluray dumps for instance that oh bitrates are only around 40-50mbps average but if you fast forward, if you’re seeking around the actual bitrate being consumed jumps to double or more at times and that 100mbps port will choke on that and buffer whereas the gigabit will not flinch. And though I don’t use the playback speed option myself much Infuse does allow playing back at 1.5 and 2x speeds which consume around 1.5x and 2x the bitrate respectively.

But it’s just nice to not have to deal with wireless hiccups too.

Putting this here as another comment so as to not get too lengthy in my original reply:

The only other things I can recommend in the streaming space would be Dune-HD’s products which are more expensive than Apple TV (though not more than Nvidia shield pro) and are not quite as simple and easy to use but do offer customization and a nice virtualized linux+androidtv system on some of their models AND maybe the Nvidia Shield Pro with caveats. But I have a bit of a bone to pick with the Shield for a number of reasons:

1. Price. They haven’t updated the hardware in 5 years and have changed it from a premium product without ads to standard AndroidTV with ads on the homescreen yet charge the same $200 price, meanwhile Apple dropped the price on their AppleTV and is eating their lunch with annual hardware updates and regular software updates that bring new functionality
2. Features. The shield still has bugs around things like framerate switching while AppleTV does not nor does Dune-HD’s products
3. The lack of updates, the move from a premium android experience without homescreen ads to one with ads. I feel it could be killed off any moment, they’re just lazily milking the product which is probably the only reason they haven’t. You /can/ with some effort alter the launcher to a 3rd party launcher to lose the ads but it’s not easy, it usually requires revisiting and you can do the same thing with the Dune-HD products and they care a lot more and offer a lot more IMO.

The only reason you might really prefer Dune-HD over an Apple TV is the ability to side-load a modded youtube app if you use that a ton but even that feels up in the air with how hard Google is going in their war on anyone using things like that and how successful they’ve been against it. You can’t block ads in ad-supported major streaming services (Netflix, Max, Hulu, Disney+, etc), neither with pihole nor any other way I’m aware of.

Beware I have heard that the latest revision of the Onn 4k box locks down the bootloader and prevents people from doing this as they found out and obviously wanted that data. Specifically I believe only models from before 2024 (should be model number that indicates this) still work with this.

Yes. An Apple TV will be about as private as you can get for something that supports mainstream streaming apps (running a mini-pc won’t allow better than 720p quality and you’ll struggle to get remotes to work, it’ll be a clunky experience via web browsers often). It will be a lot better than a smart TV, especially a Roku who are among the worst.

If you want a bit more privacy consider running a pihole and redirecting DNS traffic at your firewall to your pihole or blocking all DNS traffic not from your pihole. I run a firewall solution that includes DNS redirection and blocking and there are a lot of measurement endpoints for streaming apps that you can block without the app breaking so that’s another little ounce. This doesn’t require a ton more effort though it is more effort it can be a set and forget type of thing. Importantly this does not block in-app ads.

For me the fact they don’t have any ads is what sells me on it. I don’t want ads on my homescreen. I don’t even want them in the apps but getting that peace and lack of clutter on the homescreen is so nice.

Apple TVs are also just so smooth. Smart TV’s feel sluggish and pathetic compared to how well everything just works on a device that’s properly powered for the task and not constantly sucking up all your data.

Apple TVs also have a lot of Apple privacy settings though obviously some of them apps may not allow like many streaming apps require a location check at least intermittently for licensing reasons to prove you’re still in the country but you can limit it as much as possible.

If you have a decent wifi network and you know you’re not going to be streaming say homemade BluRay rips the wifi entry model is excellent (currently it supports wifi 6 and has a really good wifi chip). I personally run Plex and a media server so I choose the wifi+ethernet model to have the reliability of ethernet and don’t regret it but it’s understandable if your situation precludes being able to use a wired connection or you want to save the $20 extra they charge.

The only other things I can recommend in the streaming space would be Dune-HD’s products which are more expensive than Apple TV (though not more than Nvidia shield pro) and are not quite as simple and easy to use but do offer customization and a nice virtualized linux+androidtv system on some of their models AND maybe the Nvidia Shield Pro with caveats. But I have a bit of a bone to pick with the Shield for a number of reasons:

1. Price. They haven’t updated the hardware in 5 years and have changed it from a premium product without ads to standard AndroidTV with ads on the homescreen yet charge the same $200 price, meanwhile Apple dropped the price on their AppleTV and is eating their lunch with annual hardware updates and regular software updates that bring new functionality
2. Features. The shield still has bugs around things like framerate switching while AppleTV does not nor does Dune-HD’s products
3. The lack of updates, the move from a premium android experience without homescreen ads to one with ads. I feel it could be killed off any moment, they’re just lazily milking the product which is probably the only reason they haven’t. You /can/ with some effort alter the launcher to a 3rd party launcher to lose the ads but it’s not easy, it usually requires revisiting and you can do the same thing with the Dune-HD products and they care a lot more and offer a lot more IMO.

The only reason you might really prefer Dune-HD over an Apple TV is the ability to side-load a modded youtube app if you use that a ton but even that feels up in the air with how hard Google is going in their war on anyone using things like that and how successful they’ve been against it. You can’t block ads in ad-supported major streaming services (Netflix, Max, Hulu, Disney+, etc), neither with pihole nor any other way I’m aware of.

Why not HEVC 10bit? We’re quickly approaching the age of AV1 and HEVC has been on the scene for a decade now so might as well have a relatively recent codec and HEVC offers improvements of 20% bitrate reduction for same quality even for 480p content vs 264. Modern devices don’t have any issues decoding it either even in software and open source encoders are mature enough. AV1 might be an even better bet but encoding time takes a really noticeable hit compared to HEVC and client device support still isn’t entirely there, the encoders are also still a little more finicky than HEVC.

As to ripping DVDs to EAC3, I wouldn’t.

Almost all DVDs are natively AC3 regular dolby digital. You can’t add more quality by doing lossy conversions and the bitrates typically present for DVDs are low enough that doing a conversion to lower the bitrate doesn’t really make sense. We’re talking 512-640kbps for 5.1 audio (and 192 to 240 for stereo) which isn’t unreasonable and the damage incurred in conversion to save say half that IMO just doesn’t make sense with modern storage prices and the amount of storage being used for 480p content. You can easily save as much without damaging the audio by choosing HEVC10 as your video encoder. If you insist on doing a conversion for DVD audio I would suggest doing so to either AAC if you have a good encoder and know how to use it or Opus but I wouldn’t recommend it (all TVs pretty much natively play/decode AC3 audio so given you’re not saving that many bits you’re just inducing degradation of conversion from AC3 to AAC/Opus and again back to AC3 for playback).

Now for BluRays I fully agree converting from those massive 2000-4000kbps DTS-HD MA, TrueHD, PCM audio streams to EAC3 at 640kbps for multi-channel audio can save a fair amount of space at scale and doesn’t incur meaningful audio degradation (while offering equivalent quality to 1000kbps AC3).

Yeah as far as “just works” goes AppleTV with infuse is really high up there.

Support for all the lossless audio you want, dolby-vision, perfect framerate switching, etc. Either that or something like a Dune-HD box (no framerate switching bugs, lossless audio, DV, etc) or an NVIDIA Shield Pro (though the value of this last one is not great, hasn’t been refreshed in years hardware-wise, more expensive than AppleTV, still has issues with framerate switching not working as well as the looming fact that it feels like Nvidia could kill it and its support off any year now).

Biggest complaint with infuse would have to be lack of extras support after people have begged for it for a decade. Other than that and having not quite as many sort options as something like Kodi/Libelec it’s pretty great. It allows for directplay and pretty efficiently connects to Jellyfin, Plex, etc. You do have to pay for a pro subscription to infuse if your library has 4k/HDR/DV video or uses any audio codecs but AAC and FLAC as they even gate regular Dolby Digital behind payment (the patent on it has expired) and claim it’s because they use the official Dolby SDK and have to pay for that. Not a lot of money admittedly, $12 a year, it’s peanuts compared to what most spend on streaming services, less than the cost of one month ad-free anything.