Unfortunately HTTPS makes proxy-based privacy stuff unusable without invalidating your SSL/TLS certificate in the browser. Extensions are the only reliable method AFAIK for browsing ad-free, securely. That is, if you consider the extension secure.
You could move all SSL validation off to your proxy, and generate certificates from your own CA on the fly. Then within your browser or OS you can remove everything except your own CA from the trust store.
That would open up sniffing on your local machine/network would it not? I see the benefit of blocking malicious domains at a proxy or hosts file level. But aren't you sacrificing a lot of usability by blocking at a network level?
