> If the website uses https then surely all they can store is the IP address you called?
No, they can store the FQDN as well.
That is, assuming the client used SNI when establishing the SSL/TLS session - take a quick PCAP and look at the initial handshake, you'll see the domain name of the site you're visiting in the early packets.
Obviously they still can't see whether you visited https://www.google.com/search?q=cuddly+cats or https://www.google.com/search?q=howto+be+a+terrifying+terrorist but they can see the names of the sites you visited.
Biting the hand that feeds IT
