It is a great article that explains exactly how users have been bypassing filters over the years. I wanted to disagree on the part about encrypted proxies however:

Encryption brings us to the frontline of today’s war on circumvention. Encrypted proxies have been a hard target to hit. Because encryption involves keys and algorithms, there’s nowhere near enough processing power in an Internet filtering server to decrypt secure communications between client and server on the fly. It’s also unreasonable to block all HTTPS traffic on a district’s network because many transactions that are part of the daily business of running a school are conducted through such secure sites.

There is enough processing power to proxy SSL sessions. Blue Coat, Secure Computing and Palo Alto all do it. (Palo Alto does it fastest.) It can be a pain though. Some of the vendors make it easier to manage than others by maintaining your list of certificates for you and letting you control which types of sites you proxy for, e.g. you can ignore banking and shopping traffic but proxy other SSL traffic. If you deem the risk large enough to warrant the hassle of pushing your own cert to the browsers and pointing them to the proxy, then there is ample processing power to do this.

What I think is more effective than URL filtering is just straight monitoring of all internet use (not just the blocked sites) and reporting on activity by username to hold users accountable. Stan mentions this at the end of the article. Most filters offer the type of reporting that HR departments require. I also recommend Vericept to schools that want to augment their filter and increase their visibility into user behavior.