Originally Posted by
VegasGambler
They can't even see that. They can see the
domains you have visited, not the paths, unless the sites are using plain http, rather than https, which almost no site does any more.
Suppose you visit
https://example.com/path/to/page. Your browser does a TLS handshake with
https://example.com to set up a secure connection (basically, a pair of keys that can be used to encrypt traffic back and forth, which a middleman (like an ISP) cannot decrypt). Then, once that is established, your browser sends a "GET /path/to/page" over that secure connection. So while someone in the middle (like the people who run the hotel wifi, or your ISP, or your mobile carrier if you are using your phone's mobile data) can see that you visited "example.com", they cannot see which pages on that site you accessed.
Of course, the domains that you visited could be valuable information (eg, for ad targeting) but it's not as much information as the full history.
The domain name is not always exposed. Use of domain fronting (a largely deprecated kludge) or ESNI will keep the target domain encrypted. In such cases, only the target IP address—which might correspond to dozens of domains hosted on the same box—is transmitted in the clear.