qole's tips seem to work for me. I will confirm tomorrow by tunnelling home from work.

In theory, since MicroB is a Gecko browser, there should be a place to put a file called all.js with a line:

pref("network.proxy.type", 1); // Force proxy use

I found just such a file at /usr/lib/microb-engine/greprefs. I changed it, but it is still getting overridden somewhere and set to 0.

Another note, after having used my proxy-hack for a while: I find if I close the browser and then re-open it, I can't just go to the "Use Proxy" bookmark, I have to go to it and click on the "Set Preference" button.

Yes, I have also been clicking the Set Pref button just to be safe.
If you're going to all this trouble to surf securely, you do not want to slip up at the last hurdle and end up surfing insecurely! It also pays to do an ip check afterwards, just to be sure.

For downloading tsocks, use the repository in my signature

Sorry, I really have no time at the moment, try it like I said with wget first. I guess you need to put the socks proxy info somewhere, look at the webpage of tsocks.
This hasn't been tested, and it's only my second package on the device.

Try Privoxy if tsocks doesn't work. Privoxy is really good I use it but not for socks.
I read quickly qole's method, from what I understand you need an ssh endpoint, which is not always available. But it's a nice way of doing it.

Bye

I am not sure why you would want to do this at all if you don't have an SSH endpoint. Any other proxy would be insecure.

You really do need a SSH endpoint if you want to use web e-mail securely on an insecure AP or hotspot. Without an SSH-proxy, you are at risk of getting passwords stolen, etc. An SSH proxy is an encrypted tunnel from your N800 to a trusted network through which you can put all of your sensitive data.

I recommend buying a $50 Linux-based router like the WRT-54GL and flashing it with DD-WRT firmware. Then set a non-default password and enable SSH. You now have an SSH endpoint from which to securely surf the web. If you have a dynamic IP, the DD-WRT firmware lets you update a no-ip account, so you can do something like "ssh -D 3123 root@myname.sytes.net" from your N800.

Well, on _any_ unencrypted connection you can get your passwords stolen, AP or not. Obviously you can use an ssh tunnel to another network and read your web e-mail from there, but why not do one better and just go encrypted end-to-end? You can do that with gmail, and this is typically standard for webmail services set up by workplaces too. For other, improvised setups an ssh tunnel can be very useful. I use it a lot. But let's not forget VPN for connection to you nominal private network.

My SSH tunnel is my "poor man's" VPN. Once you have set up an SSH proxy (especially if you use your remote network's DNS) you are doing much better than encrypting individual connections, you are encrypting all browser-related traffic from your tablet. So I would say that is "one better" than the temporary encrypted sessions you get with gmail, since it is less vulnerable to man-in-the-middle, etc.

To where?
To your ssh tunnel output, which I guess is not gmail directly.

I'm not using gmail but if they don't provide you SSL with certificate authority, forget about gmail.

If they do, I don't think you can easily do a mitm attack. Otherwise you can compromise any bank, ebay, online paying in general.

Don't mix link layer security with application layer security. TLS on top of WPA 2 is pretty secure AFAIK..

Here's how I'm looking at it: if I don't encrypt the entire session, then switching from an encrypted gmail connection to an unencrypted google maps connection might leave any cookies open to hijacking. I don't want to take the risk that someone can determine personally identifiable information--no matter how seemingly innocuous--while I'm browsing. It appears that most users, even perhaps users of these forums, view information privacy as a secondary concern. For me, information privacy is primary.

It is also for me, I use https with a certificate. And my webmail is much simpler than gmail which could open other unencrypted page. Even if this is the case, cookies should only be accessible from the site that created it.
In theory