Collision, not pre-image attack (the two are different)

This is FUD. There is no publicly known pre-image attack against SHA1, the hash used in mainline DHT.

Do not expose Jellyfin to the general Internet. They have security issues, I would not trust that (no cloudflare does not save you by default).

There are basically two ways: VPN, or authenticated reverse proxy. VPN is probably the easiest to setup and the most flexible, but it’s a bit of a pita to use.

Authenticated reverse proxy will break apps, but the web app will work (and you can setup your reverse proxy to allow specific user agents from the VPN to bypass it, allowing apps on the VPN to work). I currently do this so I can look at metadata on my phone without a VPN setup.

You don’t even need the vps unless you’re behind cgnat Though you should never expose Jellyfin to the Internet, they have had and continue to have major security problems

Fair, have never looked at the price, I just have a Linux mini PC running Jellyfin lol

And here I just press the right arrow key lol

Plex has so many antifeatures I can’t ever imagine using it, and Jellyfin is okay enough to use.

There’s an addon for that (I haven’t used it)

Why not just attach a non shitty device over HDMI and use that?

Lots of people do that, the Nvidia shield is one I hear a lot about