We design DiStefano: an efficient, maliciously-secure framework for generating private commitments over
TLS-encrypted web traffic, for a designated third-party. DiStefano provides many improvements over previous TLS commitment systems, including: a modular protocol specific to
TLS 1.3, support for arbitrary verifiable claims over encrypted
data, client browsing history privacy amongst pre-approved
TLS servers, and various optimisations to ensure fast online
performance of the TLS 1.3 session. We build a permissive
open-source implementation of DiStefano integrated into the
BoringSSL cryptographic library (used by Chromium-based
Internet browsers). We show that DiStefano is practical in
both LAN and WAN settings for committing to facts in
arbitrary TLS traffic, requiring < 1 s and ≤ 5 KiB to execute
the online phase.