Most consumer-grade broadband connections issue your home a new IP address every time you reboot your broadband modem, which is why the scheme wants ISPs to retain this data for two years, so they can determine who was using a specific IP address at any given time. Of course identifying the account holder isn't necessarily the same as identifying the perpetrator, but it's obviously a strong lead.

In theory you can bypass the metadata retention scheme by using a VPN, proxy server or proxy chain to mask the IP address allocated by your ISP. The outside world will only trace your activities back to the IP address of the middleman, seemingly keeping your true IP address safe – assuming the middleman isn't forced to dob you in.

This might be enough to protect your privacy in some circumstances, but it's important to realise that your IP address isn't the only digital fingerprint that you leave behind on the internet. Much harder to hide is the fingerprint left by your web browser, which remains intact regardless of how you mask your web traffic.

When you visit a website, it asks your web browser for a user-agent string in order to serve up the best possible page – for example "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36" if you're running Chrome on Windows 7 64-bit.

This might not seem too incriminating, but the website can also examine other details of your computer like your browser plugins and system fonts to build up a more distinct profile. For example, according to browser fingerprint research website Panopticlick, my browser fingerprint is unique among the 5.2 million tested so far. That means that if two different websites record that exact browser fingerprint, and you know for sure the first one was me, there's a pretty good chance the second one was also me. This isn't just theoretical, many websites already use browser fingerprinting to identify users and groups like Electronic Frontier Foundation see it as a major privacy threat.