Show privacy level on dashboard

To increase the confidence of a pi-hole service, it would be advantageous if the user could see which privacy level is set.

What would prevent this from being spoofed? Carries about the same confidence building weight as the network admin telling me to "trust" them.

2 Likes

And, how would users know what any privacy level means? If they see "paranoia mode", as an example, will that have any significance to them?

Hi, I made an account to request this feature, and saw it had an existing request here.

I understand the concern that it is possible for any user with sudoer on the RPi to spoof this, but I believe it still has significant applications, as a large number of people use networks whose admins they trust enough to not maliciously spoof software, but not necessarily enough to not (intentionally or unintentionally) enable logging features they would prefer be disabled.

I recently set up my Pi-hole and, being concerned for my household's privacy, set the log level to Anonymous so I would never be in the position to view their DNS queries. I also gave all members of the household the admin password for the Pi-hole web interface so that they (and I) can audit this setting whenever we so choose. However, I was only able to do this because they are all adults who I can trust with the responsibility of that access. Were they, for example, teenagers, I would still want them to be able to audit the logging level to ensure their privacy was being respected, but not to have full administration of the service.

And in an office environment, you might trust your local sysadmin not to maliciously spoof a service, but you might not trust them not to carelessly leave an intrusive logging setting enabled. Requesting admin access to network infrastructure would be unreasonable, but requesting the ability to audit its privacy settings would be considered reasonable at many companies. Even better if no "request" is necessary at all - out of concern for its users' privacy, the Pi-hole could always display the current logging level on the pre-login web interface, available for any employees to glance at whenever they please. If a company really wants to have undisclosed logging of their employees' activity, that may be their legal prerogative in some jurisdictions, but I'd argue Pi-hole should not support that use case. They can manually edit the Pi-hole software themselves or use some other software if they want that behavior.

Of course, I would suggest that this come with associated explanation, which could just be a link to the privacy levels page in the documentation.

Thanks! Hope the wall of text doesn't read as me "coming in hot" - I just wanted to make a thorough post to address as many concerns as possible. Happy to discuss further, I'm just really passionate about mitigating admin abuse, especially in the home setting.

I concur. Any user with sudo powers can do anything arbitrarily malicious on the box in any case. At worst, they may download Pi-hole FTL source code and simply remove any privacy settings. As effect, the user would set a privacy level but in reality nothing changes at all.

I suspect this is always the case in any company. And may it only be for debugging/support-request proposes.

When we're already here: This indicator should not only show the privacy level but also if logging is enabled (please from within Pi-hole's memory, do never trust the config file).