[nofunsir]

or bog-standard ssh server + bitvise local client.

EDIT to clarify because i feel many might not be aware how easy it is: 1) enable port forwarding in your sshd config (implies you can't just do this on a server which you don't admin and which has this disabled) 2) point bitvise's socks5 proxy server feature at the ssh server 3) point anything that needs to be tunneled at the bitvise client's port (default 1080) e.g. firefox. 4) voila, packets leave and return via the ssh server's public IP.

[ndheebebe]

So I open say Firefox and it routes it all through that. No gotchas?

[nofunsir]

firefox > about:preferences > Network Settings (at bottom) > Manual proxy configuration > SOCKS v5 (enter details and your password if you set it up in bitvise) > also check "Proxy DNS when using SOCKS v5" at bottom

[justonenote]

Does Firefox route WebRTC through a socks proxy? Does it leak your locally configured IP when WebRTC is initiated?

Even if the specific case of Firefox can be configured correctly and you have the source to verify that's it only sending traffic over the socks proxy, manually configuring every app to use a socks proxy is brittle and error pone, and for some apps just won't work.

Much more straightforward to just have a system wide VPN as the only available route for outbound traffic so that all apps use it transparently.

[nofunsir]

media.peerconnection.enabled = false

also, this sounds like fud.

[ndheebebe]

TFA is about forgetting to configure something and the VPN doesn't work while informing your ISP and probably your state of what you did.

Therefore I don't think this is fud for the wider privacy case.

[nofunsir]

Calm down. If you're down the road about privacy, and you didn't already know about the webRTC thing, I don't know what to tell you. Do you want me to hold your hand and pretend you're my grandma, or are you a smart HN commenter? Seven proxies won't hide your IP if it's leaked by design implementation, and you have it enabled in a layer above the session layer. Hence why I prefer to assume a system is compromised and ONLY trust the apps I have verified and validated... If I'm doing something that needs that. "Whole-system" vpns are naieve. You're just looking to blame people.

When you get down from your horse, go and learn the Greenhills kernel and why everything from the nsa to the f35 uses it.

[justonenote]

so you gave 3 steps to get it working for firefox but forget one step that results in an IP leak.

so not fud, it's a more brittle way to do it.

[letters90]

or just a portable mingw coming with an openssh and a dynamic proxy

there you go with an easy socks5 proxy.