[cal85]

What are the potential benefits of a ‘MITM’ approach, compared to other approaches like acting as DNS (like pihole)?

Edit: I should have read the About section more carefully:

> Privaxy is also way more capable than DNS-based blockers as it is able to operate directly on URLs and to inject resources into web pages.

Makes sense. So it potentially has the fine-grained control of a browser-based blocker but also has good performance like a pihole. Sounds compelling. Now I’m interested to know why it’s not been done this way before? Is it just a hard problem to solve, and no one has attempted it yet?

[randomhodler84]

It’s been done for years and years but it’s considered a very bad idea these days. MITM https sessions is a trivial problem today. It’s just a bad idea as it breaks the entire trust model of the internet.

Most commercial firewalls for the last decade plus have such features.