chore(dns): deprecate BLOCK_SURVEILLANCE

Dockerfile

@@ -218,7 +218,6 @@ ENV VPN_SERVICE_PROVIDER=pia \
     DNS_CACHING=on \
     DNS_UPSTREAM_IPV6=off \
     BLOCK_MALICIOUS=on \
-    BLOCK_SURVEILLANCE=off \
     BLOCK_ADS=off \
     DNS_UNBLOCK_HOSTNAMES= \
     DNS_REBINDING_PROTECTION_EXEMPT_HOSTNAMES= \

README.md

@@ -69,7 +69,7 @@ Lightweight swiss-army-knife-like VPN client to multiple VPN service providers
   - More in progress, see [#134](https://github.com/passteque/gluetun/issues/134)
 - Supports AmneziaWG only with the custom provider for now
 - DNS over TLS baked in with service provider(s) of your choice
-- DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
+- DNS fine blocking of malicious/ads hostnames and IP addresses, with live update every 24 hours
 - Choose the vpn network protocol, `udp` or `tcp`
 - Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
 - Built in Shadowsocks proxy server (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)

internal/configuration/settings/deprecated.go

@@ -16,6 +16,7 @@ func readObsolete(r *reader.Reader) (warnings []string) {
 		"HEALTH_VPN_DURATION_ADDITION": "HEALTH_VPN_DURATION_ADDITION is obsolete",
 		"DNS_KEEP_NAMESERVER": "DNS_KEEP_NAMESERVER is obsolete because you should use the built-in server which now " +
 			"forwards local names to private DNS resolvers found in /etc/resolv.conf at container start",
+		"BLOCK_SURVEILLANCE": "BLOCK_SURVEILLANCE is obsolete because its DNS block lists are not longer maintained",
 	}
 	sortedKeys := slices.Collect(maps.Keys(keyToMessage))
 	slices.Sort(sortedKeys)

internal/configuration/settings/dnsblacklist.go

@@ -16,7 +16,6 @@ import (
 type DNSBlacklist struct {
 	BlockMalicious       *bool
 	BlockAds             *bool
-	BlockSurveillance    *bool
 	AllowedHosts         []string
 	AddBlockedHosts      []string
 	AddBlockedIPs        []netip.Addr
@@ -31,7 +30,6 @@ type DNSBlacklist struct {
 func (b *DNSBlacklist) setDefaults() {
 	b.BlockMalicious = gosettings.DefaultPointer(b.BlockMalicious, true)
 	b.BlockAds = gosettings.DefaultPointer(b.BlockAds, false)
-	b.BlockSurveillance = gosettings.DefaultPointer(b.BlockSurveillance, true)
 }
 
 var hostRegex = regexp.MustCompile(`^([a-zA-Z0-9]|[a-zA-Z0-9_][a-zA-Z0-9\-_]{0,61}[a-zA-Z0-9_])(\.([a-zA-Z0-9]|[a-zA-Z0-9_][a-zA-Z0-9\-_]{0,61}[a-zA-Z0-9]))*$`) //nolint:lll
@@ -65,7 +63,6 @@ func (b DNSBlacklist) copy() (copied DNSBlacklist) {
 	return DNSBlacklist{
 		BlockMalicious:                     gosettings.CopyPointer(b.BlockMalicious),
 		BlockAds:                           gosettings.CopyPointer(b.BlockAds),
-		BlockSurveillance:                  gosettings.CopyPointer(b.BlockSurveillance),
 		AllowedHosts:                       gosettings.CopySlice(b.AllowedHosts),
 		AddBlockedHosts:                    gosettings.CopySlice(b.AddBlockedHosts),
 		AddBlockedIPs:                      gosettings.CopySlice(b.AddBlockedIPs),
@@ -77,7 +74,6 @@ func (b DNSBlacklist) copy() (copied DNSBlacklist) {
 func (b *DNSBlacklist) overrideWith(other DNSBlacklist) {
 	b.BlockMalicious = gosettings.OverrideWithPointer(b.BlockMalicious, other.BlockMalicious)
 	b.BlockAds = gosettings.OverrideWithPointer(b.BlockAds, other.BlockAds)
-	b.BlockSurveillance = gosettings.OverrideWithPointer(b.BlockSurveillance, other.BlockSurveillance)
 	b.AllowedHosts = gosettings.OverrideWithSlice(b.AllowedHosts, other.AllowedHosts)
 	b.AddBlockedHosts = gosettings.OverrideWithSlice(b.AddBlockedHosts, other.AddBlockedHosts)
 	b.AddBlockedIPs = gosettings.OverrideWithSlice(b.AddBlockedIPs, other.AddBlockedIPs)
@@ -93,7 +89,6 @@ func (b DNSBlacklist) ToBlockBuilderSettings(client *http.Client) (
 		Client:               client,
 		BlockMalicious:       b.BlockMalicious,
 		BlockAds:             b.BlockAds,
-		BlockSurveillance:    b.BlockSurveillance,
 		AllowedHosts:         b.AllowedHosts,
 		AddBlockedHosts:      b.AddBlockedHosts,
 		AddBlockedIPs:        b.AddBlockedIPs,
@@ -110,7 +105,6 @@ func (b DNSBlacklist) toLinesNode() (node *gotree.Node) {
 
 	node.Appendf("Block malicious: %s", gosettings.BoolToYesNo(b.BlockMalicious))
 	node.Appendf("Block ads: %s", gosettings.BoolToYesNo(b.BlockAds))
-	node.Appendf("Block surveillance: %s", gosettings.BoolToYesNo(b.BlockSurveillance))
 
 	if len(b.AllowedHosts) > 0 {
 		allowedHostsNode := node.Append("Allowed hosts:")
@@ -156,12 +150,6 @@ func (b *DNSBlacklist) read(r *reader.Reader) (err error) {
 		return err
 	}
 
-	b.BlockSurveillance, err = r.BoolPtr("BLOCK_SURVEILLANCE",
-		reader.RetroKeys("BLOCK_NSA"))
-	if err != nil {
-		return err
-	}
-
 	b.BlockAds, err = r.BoolPtr("BLOCK_ADS")
 	if err != nil {
 		return err

internal/configuration/settings/settings_test.go

@@ -59,8 +59,7 @@ func Test_Settings_String(t *testing.T) {
 |   ├── Update period: every 24h0m0s
 |   └── DNS filtering settings:
 |       ├── Block malicious: yes
-|       ├── Block ads: no
+|       └── Block ads: no
-|       └── Block surveillance: yes
 ├── Firewall settings:
 |   ├── Enabled: yes
 |   └── Iptables settings: