Surveillance happens today at the server level: the Feds claim that, under the PATRIOT act, they can get the records of all visits and all 'cloud' data straight from the server - this is the "PRISM" project, but shades of it have been going for the past decade.
They don't need your client end. They get the server logs, they get the server history of visits, and reverse-lookup you and then collate all visits to as many web services as they can from the particular IP and MAC address, and that's how they put together your history.
Cookies, SSL, HTTPS, none of that matters. The only thing that would escape it is to route through anonymous proxies.