If I am not mistaken, it also has an influence on the values returned by some functions in the api/api.c file. But those are indeed the only two places in the code that I could find where the privacylevel configuration value is used.
Currently, the approach is to ignore completely this file privacy-wise, and to warn the user that requests are completely logged anyway if the privacy level is non 0, and request logging is enabled, right ? Imho, we could keep doing that, because modifying the way dnsmasq logs the requests seems like a lot of work, but I could be wrong.
I don't know about OP's intent, but the per-group approach is what I had in mind. Since there are only 4 privacy levels, and since clients can belong to multiple groups, there is actually no need to create more than 4 groups with a non default privacy setting.
Clients could belong to one or many "filtering groups", and to one of the "privacy group". Those groups would not be fundamentally different, the "filtering groups" would have a privacy level set to the default value, and the "privacy groups" would have no ad list related to them, but a specific privacy level.
The algorithm to calculate a known client's privacy level would be, in pseudocode:
int client_privacylevel = -1;
/*List of group privacy levels:*/
array groups_privacylevels = [-1,-1,0,2];
for each privacylevel in groups_privacylevels:
client_privacylevel = max(client_privacylevel, privacylevel);
if (client_privacylevel < 0)
client_privacylevel = config.privacylevel;
And an unknown client's privacy level would always be equal to