Most of us may associate the HTTPS protocol (encrypted web traffic) with security and safety - entrusting it with passwords, credit card numbers and other sensitive information. However, this protocol is being used in links by some advertisers and this has some concerning side-effects. If anyone relies on an external filter or firewall to control web content (cookies, Java/VBScript, ActiveX, etc) then this filter will not do any filtering on HTTPS traffic (since all it sees is the encrypted data). So a site can, by using an HTTPS link, plant cookies or run code regardless of what restrictions you have set. The only exception to this that I know of is Proxomitron when the OpenSSL files libeay32.dll and SSLeay32.dll have been installed (availble from the "SSL Addons Section" of the Proxomitron Files page) and the Config/HTTP/Use SSLeay-OpenSSL box has been checked. Note that this will cause your browser to issue a certificate warning whenever you visit an encrypted website since it will see Proxomitron's certificate rather than the website's (see the Proxomitron readme for more details). Without these OpenSSL files, Proxomitron can do no filtering on HTTPS traffic. Browser-based controls on active content should work as normal (since the browser sees the decrypted traffic). However most browsers do not provide the same level of control as a purpose-built filter. Opera users can set their browser to prompt whenever an SSL connection is started - this will provide warning of any links to third party sites. To do this, in File/Preferences/Security/Authorities... check the "Warn before sending data to sites certified by this authority" box for each certificate authority (40 plus). Once this is done, Opera will prompt whenever a secure connection is started, giving you the chance to abort it. I do not know of an equivalent setting for Internet Explorer or Firefox/Mozilla - if anyone does, please post the details. Real-Life Examples Doubleclick have used this technique on secure parts of other websites. Since these typically deal with processing actual orders, it does provide them (in conjunction with other information) with an excellent record of online users' purchase history. However the most widespread user appears to be Paypal. Every site that requests donations via Paypal has an HTTPS link to Paypal's website for their icon. Furthermore, Paypal's home page includes a web-bug triggering another HTTPS connection to Omniture (102.112.2O7.net - note the last O, not a zero) which can include extra information as parameters to the URL like hardware details (like screen resolution) and the account number that you are making a payment to (I have queried this with Paypal but received no proper explanation). These connections can be blocked by creating the appropriate entries in your Hosts file (see elsewhere on this site for details on this), but this does assume that you know which domains to block. Non-Opera users can use HTTP monitoring software like Charles (shareware) or the free HTTPLog plugin for Outpost firewall to keep track of URLs visited in order to identify suspicious ones.