The next primary activity online is browsing the web. There are three major ways to track people’s web browsing activities (that I’ll discuss). The first tracking method is by controlling web servers and watching who comes to visit. Considering the number of web servers out there, this is probably not something that happens to any significant degree. There are probably some servers that are of interest to some entities that are compromized and are being watched (such as those promoting or serving up details related to illegal activities), though for the most part this is not something that an ethical law abiding person such as yourself should be concerned with.
The second major tracking method (and likely the most common) is by using cookies. Any server online from which content is requested has the ability to leave a cookie on your computer. A cookie is a file that stores some sort of information (usually an identifying characteristic and any data the server wants to keep on you) and can be called up any future time you visit the same server (or a similar server) to reference or update that information. It may not seem significant, but consider that every time you visit a web page, you’re likely retrieving information from many different servers. The text content may come from one server, the images from another, some embedded content from a third, an embedded movie from the Google servers responsible for YouTube, the ads from another server, and some tracking code from another server dedicated to giving the web site owner (and anyone else who pays for it) detailed statistics on you. The next web page you visit will have its own cookies, though if there is another YouTube movie embedded, Google can see the cookie information from the last page you visited. The same applies if the same company is (or set of companies are) used for statistics. Some web sites can even view the cookie information for others if they pretend to be them!
Some browsers have an option to enable a “Do Not Track” function. Remember that this means that the browser sends the web servers you visit the request to not track you, though ultimately there is no requirement for them to adhere to the request and they can pretty much do what they want.
Some browsers also have a “Private Browsing” option. What this means is that they will not keep a browser history or cookies, though the servers can still see your IP address, and possibly use plugins such as Java or Flash to identify you. There are correlation (analysis) techniques that will be able to determine that your “private browsing” session is the same computer that visited the site when using a normal browsing mode.
There are broser plugins and applications that clean out cookies and delete history. These can be useful, though beware what else the applications do. There have been many that appear to serve benign purposes, though ultimately are malware. There have even been cases where some advertizing companies have paid a cookie cleaning company to only delete their competitors’ information and cookies. You should never blindly trust what someone (especially a vendor) claims that their software will do.
The next tracking method is to tap into the internet backbone, and keep track of the sources and destinations of all communications. While this applies to just about every type of communication, in the case of web browsing it’s very easy to identify sources or destinations of interest.
A common suggestion to address the issue of private browsing is to use a VPN, though consider in the third major tracking method, there is a tap on all communications, so someone who is watching your online activities will know that you are using a VPN. If they are curious enough, then all they have to do is look at where your VPN server is located, and either compel (subpoena / court order / threatten) the VPN company to give your information up, or use their internet tap (provided they have one in the right place) to watch what the VPN server is accessing. By looking at the communications patterns from your computer to the VPN server, they may not be able to read the encrypted information, they can match that to patterns coming from the VPN server out to whatever you’re browsing and identify what you’re really browsing.
Using an anonymizing network such as TOR or I2P2 can reduce the likelihood of standard surveillance techniques being able to track you. The servers that you browse to on these networks will however be able to use the same techniques (cookies, plugins, etc) as standard internet servers to track you. If you use the same browser (and to a lesser degree computer) when using an anonymizing network as when browsing normally, the likelihood increases that someone will be able to determine who you are and link your “private” identity to your real identity.
The grand summary of web browsing is that if you’re using your normal computer to browse the internet, it is reasonable to believe that someone can be watching what you’re browsing. The only way for your browsing to be truly private is to use a new computer or tablet that hasn’t been used before with any identifying information from an internet connection that is not in your home (such as an internet cafe). It is especially important not to use any of your logins or personal information while doing so, and even then, if there are surveillance cameras at the internet cafe that capture your image and the time of that capture can be associated to some activities online for which an agency with the power to do so can identify you individually, then they will very likely be able to follow what you’re doing and where you’re browsing.