AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard
verified publisher icon AdguardTeam

Anonymize hostnames in statistics and query log

Open superpower10 opened this issue 2 years ago • 11 comments

Prerequisites

  • [X] I have checked the Wiki and Discussions and found no answer

  • [X] I have searched other issues and found no duplicates

  • [X] I want to request a feature or enhancement and not ask a question

Description

Many people in my house can see the statistics.

Therefore I want the option (like PiHole already has) to anomize the DNS.

Nobody needs to know what other clients look at.

superpower10 avatar Feb 28 '23 19:02 superpower10

Hello. You can already disable both logs and statistics on the Settings → General settings page. If that's not what you need, please describe the feature request in more details.

ainar-g avatar Mar 01 '23 09:03 ainar-g

I know that.

But I want statistics to see how much queries made and how much are blocked.

I want to anomize the domains that where requested. „Top queried domains“ and „Top blocked domains“ should be not available and/or anomized. Nobody should be able to see what domains where used.

But if I need it, I can enable it for the future requests.

PiHole has that and it looks like that: 69F809D8-D5E7-4D0B-8993-AA8BD5EC972A

superpower10 avatar Mar 01 '23 13:03 superpower10

Ah, I see, thanks for the example.

ainar-g avatar Mar 01 '23 13:03 ainar-g

Also requesting this. Currently the only way to hide domains/clients in the log is to turn off statistics entirely, but that causes the front page to display zero requests served and zero blocked. It would be nice to get some idea of what percentage of requests are blocked just to make sure the filters are working. Or choose to see who is getting blocked without information why, in case someone may be flagging malware domains without being able to see their entire DNS history.

WittyNameHere avatar Mar 24 '23 22:03 WittyNameHere

I'd also love to see this feature. I would probably set it per-client (similar to how IgnoreQueryLog can currently be set for an individual single client).

From a quick glance at querylog.go, I would guess that the fields to redact would be Question, Answer, and OriginalAnswer.

If you'd prefer, and if you can provide a little guidance on how to approach the change and what to watch out for, I'd be happy to attempt a PR.

zehauser avatar Aug 17 '23 04:08 zehauser

Had it been to anonymise the client users, I'd have given this my full 100.0% support. But anonymising the domains instead? I'm honestly very unsure how to approach such an idea.

DandelionSprout avatar Mar 25 '24 09:03 DandelionSprout

Look at it this way: we're a house of adults and the unfiltered domains list is a bit too close to a browser history for our comfort. Keeping domains anonymous allows us to see if a specific client is setting off a great number of interventions and temporarily uncloak the domains to see what's triggering that, or allow a specific domain required for something to function.

Domain redaction is effectively equivalent to private browsing in browsers in this case.

WittyNameHere avatar Mar 25 '24 21:03 WittyNameHere

Look at it this way: we're a house of adults and the unfiltered domains list is a bit too close to a browser history for our comfort. Keeping domains anonymous allows us to see if a specific client is setting off a great number of interventions and temporarily uncloak the domains to see what's triggering that, or allow a specific domain required for something to function.

Domain redaction is effectively equivalent to private browsing in browsers in this case.

Yep, +1 to this explanation!

I think of it as the "small group (of adults)" setting. Whether that's adult family members (living in different places but on a Tailscale network, in my case), or a group of roommates, or whatever, we may want to look at overall patterns without seeing domain names, to respect everyone's privacy.

Interestingly, anonymising the clients while still showing domains would not help us in this case, from a privacy standpoint. That would totally help in a larger setting (e.g. a corporation), but in a small group setting, you can probably make a pretty good guess on which domains are being queried by which people based on the domain, the timestamp, etc.

zehauser avatar Mar 26 '24 05:03 zehauser

If you'd prefer, and if you can provide a little guidance on how to approach the change and what to watch out for, I'd be happy to attempt a PR.

I am happy to renew this offer if it's helpful. 😄

zehauser avatar Mar 26 '24 05:03 zehauser

Any news on this request?

superpower10 avatar Apr 25 '24 18:04 superpower10

I upgraded my AdGuardHome install today, and so I was thinking about this again. I would love to be able to have a query log with anonymised hostnames for certain clients, rather than just excluding those clients from the log altogether. Any news? Is this something I could help with?

zehauser avatar Jun 30 '24 08:06 zehauser