Text:
I consent to Plex to: (i) sell certain personal information (hashed emails, advertising identifiers) to third-parties for advertising and marketing purposes; and (ii) store and/or access certain personal information (advertising identifiers, IP address, content being watched) on my device(s) and share that information with Plex’s advertising partners. This data is used to deliver personalised ads and content, ad and content measurement, audience insights and product development. Your consent applies to all devices on which you have Plex installed. You can withdraw your consent at any time in Account Settings or using this page.
Soure: https://www.plex.tv/vendors/ (Might have to clear cache)
Can also read about the changes here: https://www.plex.tv/about/privacy-legal/
Was about to say this.
I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.
In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)
There is no option where someone did not either knowingly do or provoke this.