Porn Sunday

They know where you've been (the IP address, and hence the domain) but they don't know what you saw. At the moment, AFAIK, that's pretty much all they're logging at the moment anyway, i.e. which numbers you phone, which addresses you send email to, which websites you visit, but not the content. The server will record the actual http requests, so if they (the Feds) seize the web server logs, they can tie your IP address to a particular file on a particualr date and time, but they still have to do some work to prove what the content of a particular file consisted of at that time, because they don't store a copy of the content as they snoop on the request.

That's the gist of it.

Or in simple terms, everything between you and the server is secure and cannot be monitored.

The server can still have traces of your visit, if the server bothers to record that. This server (LFGSS) does not keep server logs, and many don't. It's not a paranoia measure, it's a performance one... I don't want to degrade performance by having a file write each time a file is requested... we simply don't keep logs at all. Performance is the reason, but privacy is a side effect.

If you're worried, when you access a website, try to see whether that site is also available over SSL. This one is, gmail is, many are.