Seems to be dangerously encroaching on the namespace of Privoxy[1] which offers a somewhat overlapping solution.
I'm only somewhat versed in networking and proxies - how is this different from something like SquidGuard?
Really cool idea, will be watching for this to hit production readiness.
Subverting browser trust by installing a mitm root is not a good way to implement network policy. Many have tried to do this, such as AV vendors, and it generally ends badly. Do I trust your TLS and certificate trust implementation over a mainline browsers? Do you understand the nuances of implementing webPKI for browsers?
I think asking the user to give up traffic authentication and confidentiality for a privacy features are best be implemented as a browser extension without this trade-off.