You have proof that someone visited a specific site because it uses a value derived from that site's SSL cert. You just don't have any more knowledge than that.
> Note that such a proof is not straightforward. We firstly
prove that a ciphertext, CS N I , is the result of an encryption
without disclosing the public key nor the plaintext. This
causes the highest overhead in our construction. We use
the construction presented in [7] for this purpose.
> Then we
need to link the public key encrypted in clause two, with
the one used in clause one. For this we use a proof that two
commitments hide the same secret [5].
> Finally the third clause
can be openly computed by A given that it received the public
key from R.
> Using this, S can convince A that the tunnel created is to
a domain that the latter considers valid, without disclosing
which one.