Ah, ok... a transparent proxy just to hide the origin IP. Thanks for clarifying. A lot of people are assuming full proxying, but I understand you were describing a hypothetical.

Right. What I proposed is scarcely different from doing HTTPS over a SOCKS5 proxy. It's just that the proxy would infer your destination from the ClientHello rather than being instructed by the client in advance (Edit: and it would have to assume port 443 -- a safe assumption in the context of a service whose feature is bypassing website content blocking).