This future is just O.K. because in the age of digital weapons what else is supposed for governments to be?
The problem is that HTTPS is too government-addicted thing while a decent anti-MITM feature might/should be just a Diffie-Hellman without any identity-preserving features, I mean just E2EE. At least for sites like HN (not banks).
Duffie-Hellman can be MITMed if nothing checks that the value you get from the other party actually comes from the intended other party. I.e., an identity check.
That's still not OK. Think about this: you are encrypting your traffic to prevent some third party from seeing/modifying it. But without authentication, you don't know who you're communicating with. So it could be that you're talking with the very third party that you were trying to protect from in the first place.
The problem is that HTTPS is too government-addicted thing while a decent anti-MITM feature might/should be just a Diffie-Hellman without any identity-preserving features, I mean just E2EE. At least for sites like HN (not banks).