You absolutely shouldn't do that because a vulnerability in the kernel can be immediately escalated into decloaking your real IP. /s

(TBF this is presumably why parent specified that proxying ought to happen on separate hardware.)