So if you can just trick someone into trusting a bogus root CA, take control of their DNS resolution, and get them to open an attacker controlled domain in Chrome then you can... Use this API to get information about their current CPU utilisation.
As we saw recently with Mastodon, for a very large section of users, views on "open-source, self-hostable and super customizable" will range from "don't care" at best to "that's too much hassle, pass" at worst.
People just want to write their article and have it come up at the top of Google search results, that's the hype.
Wow some attack you got there.