While I applaud the privacy advocates, we knew this was coming when HTTP/2 (RFC 4750-4751) because an official standard in May 2015. The only way a country with limited bandwidth can operate a transparent proxy is to stick a new certificate in the root chain so that it can decode, cache and re-encode the traffic.

I don't like it anymore than anyone else, but I see a non-malicious purpose here.