[jbverschoor]

Run your own exit node for tailscale or zerotier somewhere

[nofunsir]

or bog-standard ssh server + bitvise local client.

EDIT to clarify because i feel many might not be aware how easy it is: 1) enable port forwarding in your sshd config (implies you can't just do this on a server which you don't admin and which has this disabled) 2) point bitvise's socks5 proxy server feature at the ssh server 3) point anything that needs to be tunneled at the bitvise client's port (default 1080) e.g. firefox. 4) voila, packets leave and return via the ssh server's public IP.

[ndheebebe]

So I open say Firefox and it routes it all through that. No gotchas?

[nofunsir]

firefox > about:preferences > Network Settings (at bottom) > Manual proxy configuration > SOCKS v5 (enter details and your password if you set it up in bitvise) > also check "Proxy DNS when using SOCKS v5" at bottom

[justonenote]

Does Firefox route WebRTC through a socks proxy? Does it leak your locally configured IP when WebRTC is initiated?

Even if the specific case of Firefox can be configured correctly and you have the source to verify that's it only sending traffic over the socks proxy, manually configuring every app to use a socks proxy is brittle and error pone, and for some apps just won't work.

Much more straightforward to just have a system wide VPN as the only available route for outbound traffic so that all apps use it transparently.

[nofunsir]

media.peerconnection.enabled = false

also, this sounds like fud.

[ndheebebe]

TFA is about forgetting to configure something and the VPN doesn't work while informing your ISP and probably your state of what you did.

Therefore I don't think this is fud for the wider privacy case.

[justonenote]

so you gave 3 steps to get it working for firefox but forget one step that results in an IP leak.

so not fud, it's a more brittle way to do it.

[letters90]

or just a portable mingw coming with an openssh and a dynamic proxy

there you go with an easy socks5 proxy.