The internet activity of everyone in Britain will have to be stored for a year by service providers, under new surveillance law plans.
Police and intelligence officers will be able to see the names of sites people have visited without a warrant, Home Secretary Theresa May said.
But there would be new safeguards over MI5, MI6 and the police spying on the full content of people's web use.
Mrs May told MPs the proposed powers were needed to fight crime and terror.
The wide-ranging draft Investigatory Powers Bill also contains proposals covering how the state can hack devices and run operations to sweep up large amounts of data as it flows through the internet, enshrining in law the previously covert activities of GCHQ, as uncovered by whistleblower Edward Snowden.
The draft bill's measures include:
- Giving a panel of judges the power to block spying operations authorised by the home secretary
- A new criminal offence of "knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority", carrying a prison sentence of up to two years
- Local councils to retain some investigatory powers, such as surveillance of benefit cheats, but they will not be able to access online data stored by internet firms
- The Wilson doctrine - preventing surveillance of Parliamentarians' communications - to be written into law
- Police will not be able to access journalistic sources without the authorisation of a judge
- A legal duty on British companies to help law enforcement agencies hack devices to acquire information if it is reasonably practical to do so
- Former Appeal Court judge Sir Stanley Burnton is appointed as the new interception of communications commissioner
Mrs May told MPs the draft bill was a "significant departure" from previous plans, dubbed the "snooper's charter" by critics, which were blocked by the Lib Dems, and will "provide some of the strongest protections and safeguards anywhere in the democratic world and an approach that sets new standards for openness, transparency and oversight".
But Shami Chakrabarti, director of civil rights campaign Liberty, said: "After all the talk of climbdowns and safeguards, this long-awaited Bill constitutes a breath-taking attack on the internet security of every man, woman and child in our country.
"We must now look to Parliament to step in where ministers have failed and strike a better balance between privacy and surveillance."
And Mr Snowden warned the communications data covered by the proposed legislation was "the activity log of your life".
In a message on Twitter he said: "'It's only communications data' = 'It's only a comprehensive record of your private activities'."
The proposed legislation will be consulted on before a bill is formally introduced to Parliament in the New Year, Mrs May said. It will then have to pass votes in both houses of Parliament.
It would order communications companies, such as broadband firms, to hold basic details of the services that someone has accessed online - something that has been repeatedly proposed but never enacted.
This duty would include forcing firms to hold a schedule of which websites someone visits and the apps they connect to through computers, smartphones, tablets and other devices.
Police and other agencies would be then able to access these records in pursuit of criminals - but also seek to retrieve data in a wider range of inquiries, such as missing people.
Mrs May stressed that the authorities would not be able to access everyone's browsing history, just basic data, which was the "modern equivalent of an itemised phone bill".
But investigating officers will not have to obtain a warrant, just get their request signed off by a senior officer, just as they do now - some 517,000 such requests were granted last year.
If officers want to mount more intrusive spying operations, including accessing the content of emails, hacking into computers and tapping phones, they will still need a warrant from the home secretary or another senior minister - 2,700 such warrants were signed last year.
But the draft bill proposes giving a new panel of judges, known as the Investigatory Powers Commission, the ability to veto such requests.
Background briefings on the plans
When police or security agencies apply to intercept someone's communications, their plans would have to be first signed off by the home secretary but then approved by one of these judges.
In urgent situations, such as when someone's life is in danger or there is a unique opportunity to gather critical intelligence, the home secretary would have the power to approve an interception warrant without immediate judicial approval.
The judges would also be able to refer serious errors to an outside tribunal which could then decide to tell the individual their data has been illegally collected.
The bill does not propose forcing overseas companies to comply with these orders.
The bulk collection of internet messages flowing through the UK by GCHQ, as revealed by Edward Snowden, is currently in a legal grey area, covered by legislation originally meant for other purposes.
The security services argue they need access to large amounts of data to help them monitor suspected foreign terrorists or criminals deemed to pose a threat to the UK.
The new bill would aim to put bulk collection on a firm legal footing, with the home secretary given the power to issue warrants, as set out in the graph below.
The estimated cost to taxpayers of implementing the Bill is about £247m over the next 10 years, including storage of internet connection records and the new warrant approval regime.
The draft bill is a response in part to a review by the government's terror watchdog, David Anderson QC, who said in June the UK needed a "comprehensive" new surveillance law to replace the current "fragmented" rules.
Speaking on BBC Radio 4's PM programme, Mr Anderson gave Mrs May's proposals "four stars" but said it would be for Parliament to determine the extent of surveillance powers and safeguards.
He said: "This isn't a licence for the police to simply prowl over everything you have been doing, but I quite accept that a lot of data is being kept by these service providers and under the government's proposals it would be kept for a very long time."
This creates "obvious risks" he said, adding: "I simply wouldn't vote for this unless I had been very substantially satisfied that those risks had been minimised."
Labour's shadow home secretary Andy Burnham backed the draft bill, saying it was "neither a snooper's charter nor a plan for mass surveillance".
Former Lib Dem leader Nick Clegg said it was a "much improved model" of the legislation he blocked during the coalition government but said the "devil would be in the detail".