I said that this topic is not for political or ethical debates. I have dedicated and guaranteed, but limited bandwidth internet connectivity. And this is still network, which I manage. Youtube and some other services are bandwidth intensive. Opening other sites is fine. And I still decide how I will proceed and manage my network. Facebook is not okay at work, anyway. I will not explain any further, nor I like to participate in ethical debates. My primary goal is everything to work flawlessly, not people to be able to chat or watch youtube videos. If watching youtube hogs my connection to the world, then I will just block youtube. There is a reason why I want to block only websites, that are bandwidth intensive. And only youtube, but not gmail.
If you’re able to install a CA certificate on all computers in your network, then you can use something like the Fortigate firewall. Because you’ve installed the CA certificate on all computers, it can re-sign all encrypted connections. This gives it the ability to transparently inspect the content of an HTTPS connection. Then you can filter based on the Host header in the HTTP headers, or by attachment types and so on.
Yes, I probably can. But meanwhile, I prefer different solutions. A complete overhaul of the network is in progress. Also, Fortigate wirewall or Sophos firewall is significantly more expensive than Mikrotik. I will say 10-15x. It is prohibitively expensive at the moment. And I am one man army. Some day I may be able to do what you say. But not right now.