Ads are first-party content, in the sense that they are under the control of whoever is serving the webpage. One would hope that if the content provider were concerned about privacy, they would not choose to serve ads that violated that privacy.
On the other hand, using HTTP would open an otherwise harmless content provider to potential ad-insertion attacks by third parties. So in that sense, HTTPS really does matter here.
On the other hand, using HTTP would open an otherwise harmless content provider to potential ad-insertion attacks by third parties. So in that sense, HTTPS really does matter here.