I am setting up my first jellyfin server via docker, and I am offered the option to either use TMDB or OMDB. I have jellyfin on a LAN-connected device w/o VPN connection, and I am concerned queries to those DBs with file names of torrented files can get tracked and reported to my ISP. Could that be the case? And if so what to do about it? Are there more privacy-preserving metadata services than others?
I’m currently using the default metadata downloaders including some made for Anime and I never had any problem with them. Maybe consider that most network traffic with these sites is encrypted. As long as you are not using the default DNS servers provided by your ISP and using DNS over TLS or HTTPS the ISP does not have a high chance of knowing what you are sending to these API’s
Another alternative is run Jellyfin and all of your *arr apps as docker containers and run them through a docker container called gluetun. Essentially this will route all incoming traffic (tvdb, torrents, etc) through a vpn and all outgoing (sonarr, Jellyfin, etc web gui) can be accessed locally.
I didn’t know about this, this sounds great! My question then is, can I still access jellyfin on LAN after it connects to the internet via the VPN?
Yes. You have to mount a port on the Gluetun container instead of the jellyfin container. As an extreme example, here is my docker-compose for my *arr apps and qbit torrent behind gluetun with traefik as a reverse proxy. I have sanitized this to remove any private info, and as such one or two necessar lines from Gluetun are missing. Do not try to copy/paste this.
gluetun: image: qmcgaw/gluetun container_name: gluetun
Firstly connections to those API should be encrypted, so parameters such as the filename shouldn’t be visible by a MitM. Also, as someone else pointed, you could rename the file beforehand to something neutral.
Based on a quick glance of the API documentation it looks like TMDM/OMDB doesn’t receive your filenames, they use unique IDs assigned to their shows and potentially searches based on titles/episode numbers that Jellyfin is already aware of.
Even if Jellyfin used the filename to search OMDB/TMDB, the headers, body, and the path of the URL (api.themoviedb.org/<path>) are all encrypted by the TLS connection so would not be visible to your ISP.
