I wanted to know more about who developed this but the “About Us” on the main pi-hole.net page doesn’t appear to have a link. I think you should give information on the team because it’s more difficult to give if it seems to go into a black hole
Thanks. Most of are privacy-oriented but I can understand your request. We’ll discuss it internally, and the other devs can put there feedback to your request here.
We discussed it internally and decided our GitHub profiles are enough information. At this time, we won’t be making an About Us page.
Ok I respect your decision.
Being an aged geek, my problem was that I don’t do social stuff like twitter or facebook, I tend to ignore links under social. So I didn’t even see your pi-hole/people page on github. I could have found it via the github link if I’d known there was some value there. It doesn’t seem to me like it should be under social.
Most of us are pretty selective about which social accounts we use, but you’re really the first person that has inquired more about us. Thanks for the feedback!
Part of the reason for asking about you is the security angle. As you know, to allow a script to control your DNS lookups is potentially dangerous as the DNS could be poisoned by a malicious script. For a person coming to the site for the first time he/she will either be capable of checking the source or want to have sufficient trust in the people behind it. I have done some bash scripting and one git project (with only the most basic understanding of git) but I’d have to spend a great deal of time and energy to become sufficiently able to understand the script. So I’d rather trust the team by getting a feel for them. I expect there are others who decided to cut and run at this point although a lot of people obviously have gone ahead and used it and not reported any obvious malfeasance.
Originally I found out about it from Steve Gibson’s Security Now podcast.
Steve’s pretty cute and is unlikely to be mentioning something he hasn’t got a reasonable gut feel for being genuine although he didn’t claim to have vetted it. Also it’s a pretty popular podcast so I expect this generated a decent number of users who would have screamed if they found problems. So I wasn’t too concerned.
Also I was impressed by the way you described the workings of the script in a page somewhere I forget where (I think it was a deprecated how to install). A nice job of explanation.
It all helps to feel comfortable using it. At the end of the day you’ve got to trust somebody.
The link was most likely https://jacobsalmela.com/2015/06/16/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/
Thanks for the trust!
I do understand this concern. Many users are also uncomfortable
curling and piping to
bash. We made a blog post about this topic and the trust user’s put into software programs. One thing we tried to get across in the post is that despite having trust in developer x or y, you should still take precautions.
One thing I also find interesting is that people will blindly run
apt-get update && apt-get upgrade without a second thought. Does every user read every line of code in every piece of software installed on their system? Not very likely.
Since it’s inception, Pi-hole has been open source and we’ve remained open about everything the software does. True, our documentation still leaves something to be desired (something I have been working on lately to change), but when it comes down to it, the qualms people have about curling a bashpipe are interesting to me when those same users do zero research on some other critical programs they use.
And what about closed-source code? People run it if it works for them and yet they have no idea what the software is doing underneath.
What’s also interesting is that someone had to be the first person to install Pi-hole using the automated installer. And then another person, and another…until it got to the point where we had built up trust with the userbase.
I’ll get off the soapbox now and respond to a few of your other comments.
I’m actively working on changing this, starting with the new debug script. I am putting comments on just about every line of code so new users can learn and understand the script(s).
Yeah, @Mcat12 linked to the article you are describing. Pi-hole simply started out as a blog post with some commands you could run to set up the server. Since it was just shell commands being run, there was no reason I could see to not automate the process inside of a script so the user didn’t have to enter each command manually. From there, it blossomed into a complex install script. Automating this complexity is what helped make Pi-hole popular. The technology already existed and anyone could have done it, we just made it easy to do.
This nicely sums up my wall of text and also the reason our project continues to remain open source.
I love comments, makes everything super clean feeling,
The people actively contributing to this software (including me) are concerned about their private data and very aware that the Internet does not forget anything. I invest my time because I think Pi-hole is an awesome way of easing a significant part of (meta-)data ownership controlling.
I could write down details about me as an individual, starting from what I do at work or what I like to do in my free-time (well, except from participating in Pi-hole ). However, I don’t immediately see what for a difference it makes if I’m an IT-student that just wants to make the big money or a master baker that just likes to help out in the digital world.
Nevertheless, there is a reason for why I’m not not going to tell all this information and this it is closely related to the fact that I’m also not using any “social” media platforms.
If you want to assess me without looking at my code contributions, then you should do it on the basis that I’m very much concerned about privacy and do my best to implement my knowledge into the Pi-hole project to help others do the same with little effort as advertisements and in-page displayed thumbs-up buttons are more than a simple cause of inconvenience in these days. They are used to profile you (even if you are not a “member” of these platforms) and I simply don’t like to get profiled.