OK, say you take them at their word and they're just logging sites you visit (as in the domain). Have you ever looked at all the domains you 'visit' when you open a 'modern' web page?
What's to stop a random site from including an iframe or other call to http://dodgy-jihadi-site.com/ in their page? Does that get logged? If not, what's to stop a site from just being a wrapper page that lets you browse dodgy sites without triggering their metadata capture? What's the chances that loads of sites will put malicious img requests in for a 1x1 pixel from dodgy-site?
"Our metadata shows that on the X of Y, you visited 'dodgy-jihadi-site.com'"
"No I didn't, look, I just visited 'random-site.com', it must have pulled something in!"
But as they don't keep the full request 'dodgy-jihadi-site.com/images/1x1pixel.jpg', you have no defense.
This is a complete mess.