If your position is that monitoring HTTP traffic is useless because favicons can be embedded into webpages, what method would you propose to monitor employees browsing habits then?
Furthermore, how would you monitor the HTTP traffic of suspected terrorists? After all, anyone can embed an image to "www.isis.com/blackflag.jpg" into any webpage, so shouldn't we stop monitoring all such traffic?
Your original assertion was that "it's a pretty crappy check", but I think what you are missing here is that it's the only possible check, minor irrelevant flaws and all.
No, it isn't the only possible check, but besides that the 'HTTP traffic of suspected terrorists' will be nicely encrypted in a way that you won't be able to intercept the URLS.
Lots of fearmongering here, if you want to monitor your employees browsing behavior then you're going to have to supply them with the hardware they do the browsing on, lock that hardware down and install some nannyware to do the monitoring. That way you won't have to MITM each and every connection and you'll have a more secure setup overall.
Furthermore, how would you monitor the HTTP traffic of suspected terrorists? After all, anyone can embed an image to "www.isis.com/blackflag.jpg" into any webpage, so shouldn't we stop monitoring all such traffic?
Your original assertion was that "it's a pretty crappy check", but I think what you are missing here is that it's the only possible check, minor irrelevant flaws and all.