For the second one, I believe you can still ID what sites a user is likely using if you're in the middle, regardless of https, via eg reverse IP lookups- just not what they're sending to that site. A VPN covers that.