Hi and thx for the Pi-Hole project
I wonder if it would be possible to add one privacy setting: "Hide Hosts" by analogy with "Hide Domains".
Reason: Using Pi-Hole within a network in some cases/countries it should not be available to see WHO was requesting 'whatsoever'-domain (user privacy) but WHICH domain was requested. That way the Pi-Hole-admin won't see who's requested which domain but can add unwanted domains to the filter without interfering user's privacy.
Alternate way might be to have one or two (4-eyes-principle) additional password to reveal the domains and/or clients.
The privacy setting is an increasing level in the sense that level 3 shows less than level 2 showing less than level 1. It would not be easy to fit in another intermediate level.
You can still filter out unwanted domains. All the filters work in privacy mode. We discussed this and it seems like the need for being able to hide the domains but leave the client's activity intact (which is what we have right now) is a meaningful modus operandi. However, the reverse seems strange. Why would you need to see all requested domains? This seems to foil the intention of the privacy levels.
Even if you'd not know which client exactly requested the content, you'd still look at the requested content for analyzing what you might want to block. I think adding this extra level would be dangerous.