It could be quite powerful to have pi-hole service running within PureOS, I could see if we could route DNS through the localized service, then block ads on the local level to the hardware, and have this option to enable/disable be below VPN/networking in the upper right drop-down settings menu in GNOME.
Can you test and see if there is a way to get pi-hole like service but local to the laptop/PureOS (rather than a separate DNS server on the network?
Theo,
Could you look into this as two possible implementations:
Todd.
@todd A comment in the script says:
- Must be root to use this tool
I don't go through all 429 lines of code but if we plan to use something like by default in PureOS we need to review it beforehand. Everytime an update is available it will have to be reviewed before being included.
Also we will not have controlled on what is filter. The blacklist are supplied externally, and even though I think they are probably nice guys, every filtering system is susceptible to false positives and false negatives. This can lead to hilarities like labeling Michelangelo's David as porn, for example.
Testing will be needed to establish if it plays well with our VPN. Our VPN uses it's own DNS resolvers. The queries from the VPN to the DNS resolvers are encrypted and no logs are kept. This is a safeguard against the DNS leaks headache. We need to ensure the usng Pi-hole will not negate the privacy of the VPN users and that the VPN will not limit the effectiveness of pi-hole.
I think we could offer/recommend this as an option to PureOS users/Purism customers but I feel a bit uneasy including this as default in PureOS.
When I tested pi-hole it demolished my machines network configuration making it unable to connect to network at all while uninstall script failed badly so I needed manually to hunt down changes and remove them...
While good idea, still not mature for prime time.
Pi-hole has an unusual license (EUPL v1.2). I've submitted it to FSD for evaluation on that front: https://directory.fsf.org/wiki/Pi-hole
(It needs to be approved. Click "View the most recent revision" to see details while we wait for that.)
I've reviewed Pi-hole and made some notes here: https://plan.puri.st/upstream/pihole
Highlights:
I'm still not sure how this think works. Do you rely on their DNS service or is it a local DNS service on the installed machine?
I gave it a try. The setup wizard promotes these DNS services (in this order):
The setup wizard asks for a static IP! That means this cannot be used on the laptops (unless it is contained in Docker as David suggested). We could give it a try on our VPN and use our own DNS Servers.