Feature Request: Enhanced Privacy Mode

It looks like these type of feature requests should be posted here, and not on GitHub, so here goes.

I’d love to see a toggle (Enhanced Privacy Mode On/Off), or a drop down box (Privacy Mode: Standard/Warn/Strict) which allows you to:

• Disallow overriding local DNS servers (see this thread for an example).
• Disallow official components/integration/add-ons to send telemetry, or use any cloud based services, without opting in (example: I discovered the multicast container reaches out to https://205.234.31.120 (which presents a self signed cert: “Kubernetes Ingress Controller Fake Certificate”). What/Why?
• Integration/Add-On connectivity statement: explain if this component will reach out to the internet, and why.

It’s absolutely amazing how far & quick Home Assistant has progressed. Since one of the mission statements is “Open source home automation that puts local control and privacy first”, I’m hoping this is a reasonable request.

I agree. I recall having read “something” uses google dns or telemetry as well.

I think this is right up the alley for HA. In fact the name might be the inverse… something like ‘unlock the front door’ mode that defaults to off.

Fully agree. I have my own DNS servers and am happy to manage that for client machines.
HA isn’t exactly plug-and-play, many users of the platform are technical and know a bit about networking or will even have specific objections to DNS queries going out in to the world, outside of their control or even visibility.

behavior is still there.

seeing continuous DOT requests to 1.1.1.1 and 1.0.0.1 in my firewall log.
homeassistant should use dhcp given dns servers.

voted

Likewise. My Sophos UTM is going mental as DNS outbound is only permitted from my pi-hole. While I’m happy this isn’t a malicious exfiltration of data etc it is rather annoying.

Same issue for me. Snort catches / blocks DNS traffic to 1.1.1.1 which is being generated by HA. Snort log below:

ET POLICY Connection to previously unallocated address space 1.1.1.0/24

Just found my firewall log full with this alerts and found this thread so it is still an unsolved problem with HA:
Oct 28 13:52:01 VL101 Block not local DNS over TLS (1553846843) 192.168.101.134:58056 1.1.1.1:853 TCP:S
Oct 28 13:51:55 VL101 Block not local DNS over TLS (1553846843) 192.168.101.134:34698 1.0.0.1:853 TCP:S

I came here because of my filling firewall logs.
I’d say, the lack of privacy-by-default is a bug, not a feature that you have to ask for.

I even set “coredns.json” to my own pihole but hassio_dns seems to fall back to 1.1.1.1 anyway.
Any news on this topic?

Very disappointed that this isn’t getting more attention. Based on the response below, I wouldn’t be surprised this is a ‘feature’, and probably won’t change, but would love to be proven wrong.

I don’t think this will ever be fixed, because from 118 I noticed that HA is starting to show ads, so it could be worse.

Yes, I also wondered

Damn, this is getting out of control.
Ads on HA!
(You can skip this on with Clicking on the “X”, it will offer you to buy stuff but disappears)

I am late to the party, but I agree too. It is only that I enabled pfblockerng on my firewall end went through some digging where the requests to 1.1.1.1 came from.

Where are these ads? Never noticed one?

Last year in December in settings it was a new menu/notification that invited to buy tickets to HA conference… without possibility to disable.
This year we had an annoying notification to upgrade that you can’t disable… at least on windows you can disable it.
For some time already HA use DNS TLS that you can’t disable easy…
Maybe some people like to have a sw that control his home, report back to HQ and offer him stuff to buy… Microsoft, Google and Facebook will be interested in this for sure.

So still bumping on this…

Anyone tried setting up his own https-dns-proxy? and hijacking the DNS traffic to his own ?

openwrt example