I whitelist my friends IP blocks, seems to work well enough.

No way in hell I'm convincing them to install tailscale or similar on their TV / router.

There was just another one recently actually. It was the final straw that convinced me to stop making my Jellyfin server publicly accessible (for my family abroad) and move to a VPN based solution instead (WireGuard or Tailscale I haven’t set it up yet).