It uses MPC and ZK to prove some data from a server (that uses TLS) is authentic given some request.
One of the simple demos is proving you received a DM from someone on twitter, without sharing your session token or login credentials with the other party.
Another idea is proving you know some exploit (think sql injection) without revealing how you did it.
Or proving you purchased some item off a website so you can review it on a neutral platform (amazon reviews but without amazon being able to manipulate the votes)
Yeah, I don’t think SSH tunnel can snoop either, but maybe I misunderstand them.