Privacy-Defaults Linter and Audit Layer for Self-Hosted Apps After the Plex Discover Together Opt-Out Disaster
Plex's Discover Together (rolled out late 2025) defaulted users to sharing their watch history with their 'Plex friends' via weekly emails. The r/selfhosted thread hit 1.7k upvotes and became the canonical example of 'self-hosted does not mean privacy-respecting, it just means you own the box.' Demand is for a tool that scans a self-hosted app's first-run config (Plex, Immich, Jellyfin, Nextcloud, etc.) and flags every default that opt-outs to a more public state, plus monitors changes to those defaults across upgrades and yells when an upgrade re-flips a switch.
Start as a CLI that ships a YAML rule pack per popular self-hosted app, scans the running config, and tells you which switches are 'leaky'. Donate the rule packs to selfh.st. Monetize the auto-monitor-and-alert SaaS that watches your stack across upgrades. Don't try to be Wiz; try to be a homelab nag.
landscape (3 existing solutions)
The space is editorial (Privacy Guides) and security-oriented (OWASP). Nobody is shipping a runtime privacy-defaults linter for self-hosted apps.