I run a Plex server for family. But "family" turned into friends, then friends of friends, then some guy my cousin works with. I started wondering who was actually using my server and if accounts were getting passed around.
Other tools show you what happened. They don't tell you when something looks off. So I built Tracearr. Started in December. Turns out a lot of people had the same problem.
What it Does
Tracearr is a media server analytics tool. Full watch history, playback stats, active session monitoring—the stuff you'd expect. Every stream gets logged with IP geolocation: city, region, country, device info.
The sharing detection runs on five rule types:
- Impossible Travel - NYC then London 30 minutes later? Uses Haversine formula to calculate distance. Flying faster than 1000 km/h? Not happening. VPN hopping becomes really obvious once you track it
- Simultaneous locations - Same account streaming from two cities at once. Instant notification.
- Device velocity - Too many unique IPs in a short window. Usually means shared credentials.
- Concurrent streams - Set limits per user. Simple but catches the obvious stuff.
- Geo restrictions - Block entire countries if you want.
Trust scores drop automatically when someone violates rules. Impossible travel hits harder than going over concurrent stream limits. Alerts go to Discord, ntfy, or custom webhooks.
There's a stream map that shows where your streams come from on an interactive world map, live or historical. Honestly just fun to look at.
Multi-server support means Plex, Jellyfin, and Emby all in one dashboard. You can kill streams directly from the UI. And if you're already running Tautulli or Jellystat, import your history so you're not starting from zero. Took me way too long to get the import logic right, but it works now.
What I Found on My Own Server
Once I had this running, some patterns became obvious:
- A "family member" streaming from Boston and Detroit on the same day
- One account shared between at least 3 people in 2 different countries
- Someone who hit 15 unique IPs in a single month
The data was there in Tautulli, just sitting there, but nothing was actually watching for patterns. That's what made me want to share this. Figured I couldn't be the only one staring at logs wondering who the hell was streaming from Kuczek, Kazakhstan.
Tracearr vs. The Usual Tools
Tautulli and Jellystat do watch history, stats, session monitoring. Tracearr adds sharing detection on top. You can run them all together if you want—they don't step on each other.
| Feature | Tautulli | Jellystat | Tracearr |
|---|---|---|---|
| Watch history | Yes | Yes | Yes |
| Account sharing detection | No | No | Yes |
| Impossible travel alerts | No | No | Yes |
| Trust scoring | No | No | Yes |
| Plex support | Yes | No | Yes |
| Jellyfin support | No | Yes | Yes |
| Emby support | No | Yes | Yes |
| Multi-server support | No | No | Yes |
The other tools tend to slow down when you throw years of data at them. And if you run multiple servers, you need multiple instances.
I went with TimescaleDB because session history is literally time-series data. Continuous aggregates mean dashboard stats are pre-computed, not recalculated every time you load a page. Fast queries, even with years of history.
Plex servers stream session updates via SSE (Server-Sent Events) so detection is instant. Jellyfin and Emby still poll because they don't support SSE, but it works.
Getting Started
There's an all-in-one supervised image that bundles TimescaleDB and Redis in a single container:
connorgallopo
If you'd rather run your own database and Redis, there are standard images too.
Still Working On
Automated stream kills via rules. Right now termination is manual from the UI. Email and Telegram notifications are coming; Discord and webhooks work now.
Mobile app exists but it's still in beta.
Everything self-hosted. No cloud, no telemetry, nothing phones home.
Final Notes
This started as a personal project to solve my own problem. Turns out I wasn't the only one dealing with this. The Discord folks have been beating this thing to death in ways I never imagined. Half the features came from them.
GitHub repo is here. Star it if it's useful. Discord is active if you get stuck or just want to chat.
If you're running Jellyfin or Emby, let me know how it holds up. I've beaten on Plex pretty hard, but the others need more real-world testing. Ideas for new detection rules? I'm all ears.
Discussion