w/r to package managers, apt is usually unencrypted. Of course, there's signature validation that makes sure you don't get altered packages, but traffic can be snooped none the less.
You can ask Firefox to do the DNS lookup at the proxy end, as long as it supports SOCKS5 (I tunnel from my Windows machine to a remote Linux VPS using PuTTY, and this setup works great)
w/r to package managers, apt is usually unencrypted. Of course, there's signature validation that makes sure you don't get altered packages, but traffic can be snooped none the less.