If someone knows my wifi password (be it WEP or WPA) what can they see on my screen? Do they just see URLs I visit, or can they see everything in my browser,....or can they see everything I do on my computer? Does using HTTPS make any difference?
They can't see anything on your screen (unless you've enabled some sort of unencrypted remote desktop screen sharing program).
They can, however, observe all the data being sent to and from your computer (I'm assuming for WPA/WPA2 they observed the 4-way handshake at the beginning of each session; or trivially forced your computer to start another handshake), unless you encrypted that data using a protocol like HTTPS. They would typically run a packet capture program like wireshark to decrypt the wifi encryption.
Again, they'd be able to see what HTTP webpages you requested, what links you click, the HTML content of the webpages you requested, any information you post to a web site, as well as all data (e.g., any images/movies) sent to you or by you. They can also interfere with the traffic being sent to you (e.g., alter the content you see). Granted anyone nearby can always interfere and cause denial of wifi service without knowing your password (e.g., often turning on a microwave oven will interfere with all wifi traffic being sent to you). Or have their own computer/router that they fully control that sends impersonated messages as you or your router.
If you visit HTTPS sites only, they can't decrypt the data (unless they have somehow additionally compromised your computer). However, even with HTTPS they can see what IP addresses you are sending/getting data from (which usually will let them tell what domain e.g. if you went to 69.59.197.21 it's stackexchange.com
). They also will know when and how much encrypted data is being sent. This is possibly enough to give away private information. Imagine you went to a webpage via HTTPS that had results of your HIV test, and an eavesdropper was listening. If the web page for a negative result showed 3 images (of specific sizes) and a 10 MB PDF file on safe sex, while the page for positive results had 15 images and three PDF files that were 8MB, 15MB, and 25 MB respectively you may be able to figure out what their results were by observing how much data was sent and when. This style of attack has been used to figure out what people were searching for on a popular search engine (from the instant results provided for different queries) or roughly estimate what kind of income someone had at an https tax site. See Side-Channel Leaks in Web Applications (pdf).
Granted all this information is also available to your ISP as well and to every intermediary router between your computer and the server you are trying to visit.
Secondly, if the attacker does NOT live nearby, is it possible for them to set up a laptop in my neighbours house for example, and programatically record all my traffic...or alternatively can they relay the data from the laptop to their own computer elsewhere, via the web?
Either is trivial to program up assuming your neighbor doesn't mind them putting a laptop in their house (or they found a power source and place to hide their computer).