Ignoring the loud protests of net activists, lawmakers passed the controversial law which allows investigators access to information which could identify a user by their temporarily-assigned IP address.
Any self-respecting hacker would tell you that using a pseudonym has never been enough to hide your identity online, but, in Germany at least, staying incognito on the web just got that bit harder.
The law will enable police and security services to demand internet providers hand over customers' names, addresses, and account info, surfing history and mobile phone data if they deem it necessary to solve a crime - even for petty offences such as a parking ticket.
"It's unbelievable that police, secret services, criminal investigators and customs officials will be allowed to identify internet users even for petty offences," Katharina Nocun, opponent and Pirate Party member told The Local.
Most controversially, authorities can ask internet providers to trace and reveal to them who was assigned a temporary IP address at a particular time, making it possible to tell who has done what and when, online.
Net activists were disappointed by the upper house vote, where a majority voted to pass amendments to German telecommunications law, despite last-minute attempts to limit the new rules.
Critics had wanted authorities to only be allowed to demand users' information from internet providers where there was proof they were preventing a clear danger to public safety.
German data protection officials had also wanted police to have to get a court order before they could find out who had been using dynamic IP addresses at what time.
Many say the new law does not protect users' right to secrecy of communications - which is guaranteed in the German constitution. Civil rights activists are already preparing a challenge to bring to Germany's Constitutional Court.