There will be some additional time and resources required to read and write encrypted data, even if minor.

Previous versions of Windows only permitted drive encryption in their premium tiers, and it seems like the current one possibly requires a TPM chip for it, so a lot of hardware won’t even support it. So basically greed or greed.

For what it’s worth it’s not always a default with Linux installations either. There’s a usually minor performance hit, though I can’t say it ever bothered me. Personally I have less fear of bad actors obtaining physical access than I do myself breaking something catastrophically and losing my access, so I don’t use it now.

They’d have to connect to it, and possibly reconnect. That aspect is the issue.

My users aren’t going to figure that out.

Oh no they’ll see I’m watching TNG

They prohibit large amounts of media being streamed, and they reserve the right to suspend or terminate accounts for it. Multiple years in, that has not happened.

Edit: here, you can read https://blog.cloudflare.com/updated-tos/

Skill issue

CloudFlare tunnel with Zero Trust, plus their bot and abuse blocking. Users can get in with the right oauth, plus only allowed from the countries I know they’re in. Then just their username and password on jellyfin.