[kibwen]

Note that you don't need an extension to proxy in Firefox, which has built-in support for SOCKS proxies (go to "Options" and search for "proxy"); all you need is an SSH client and a server that you can SSH into (`ssh -D 1234 foo@example.com`). I don't use it for privacy (rather, to prevent MITM on public networks), but it seems to avoid the pitfalls discussed in the article (e.g. does not allow split tunneling and DNS is resolved over the proxy). However, I suspect that if you were running a Flash or Java plugin then that could make network requests that bypass this proxy.

[_8j50]

Firefox has a checkbox to force DNS through the tunnel. Also,turn on dns over https in firefox and it won't do DNS lookups. I don't know if plugins are allowed to interface with host system's network stack,but if they're not then even plugins may not be able to bypass.

[dylz]

Plugins run through the host network stack. Ensure you disable java/flash/etc.