A Security Note About Your Pi-hole Logs

It has come to our attention that there are third parties asking you to upload your Pi-hole logs to them.  This is not something we recommend, condone, or otherwise find in any way acceptable.

We have designed Pi-hole to help maintain your privacy by blocking advertisements/trackers, and the act of providing your logs to anyone outside the Pi-hole project is counter-intuitive to our ideals and goals.

Log Types

Please note that there are two different logs that are being referenced in this article.  One is the log file generated by dnsmasq (which we name/var/log/pihole.log)–the critical software that makes Pi-hole possible.  This log contains records of all of the domain names that have been queried on your network, which is why the parties in question want to acquire them.  Please note that it is also possible to disable logging and still use Pi-hole.

The other type of log, which we describe below, is a debug log, which does contain a snippet of the dnsmasq log but is just a small portion of the file.  Uploading the debug log to us is voluntary and it contains information that helps us diagnose your installation, such as if port 53 is in use by another program (which would cause Pi-hole to not work).

Opt-in

That being said, we do not automatically collect any data about your installation, and the only time we do so is if you opt-in to upload your debug logs (not your entire pihole.log) when you run our software debugger (pihole -d).

When you opt in, your debug log is transmitted securely via SSL, is stored on an extremely secure server and self-destructs after 48 hours.  The members of the development team are the only ones with access to this server, and the information provided is used to help step you through problems with your installation.

Private DNS Servers Should Remain Private

Pi-hole is designed to operate as a private DNS server so your logs are only stored locally (when logs are enabled). These logs have information that could potentially be used to identify you, including, but not limited to:

  • Your unique IPv6 address, if enabled
  • Your hashed Pi-hole admin password
  • Your blacklisted, whitelisted, wildcarded, and excluded domains
  • The browsing history of anyone on your network who is using Pi-hole for the past 24 hours
  • Identifying information of each device on the network, such as name and LAN IP

The Bottom Line

  • We do not suggest you submit your pihole.log‘s to anyone
  • We do not automatically collect your information unless you opt in when running the debugger
  • The information we do collect is used for debugging your installation and is never used to identify who you are

If you have questions or concerns, please contact us directly via Discourse, Twitter, Reddit, or email ([email protected]).

Start the discussion at discourse.pi-hole.net