Mandating trusted CAs opens the door to fucking with the communication in progress. Ie undermining TLS whose job it is to protect that communication. Spinning this as an attack on the companies making the browser is a bit too creative for me. That’s like saying wiretaps are an attack on the telco, not the phone calls being listened in on.
No need, all you have to do is read the whitepaper. they home brewed the encryption algorithm and nobody actually knows if it’s worth a damn. That’s not exactly a secret.