So you only browse sites whose SSL cert was issued by Mozilla? Or do you trust the SSL root Store provided by Mozilla and your OS and, transitively, everyone they trust?
No, I do not trust the entire set of root authorities provided by Mozilla. I have disabled some of the certs. The entire PKI system - as currently implemented - is another abuse of trust. The user needs to be informed about the chain-of-trust that is currently vouching the website they are using. The user also needs an easy way to indicate who they trust and the scope/limits of their trust. A proper web of trust[1] can respect the user.
That you've disabled some of the Mozilla roots is laudable. However you're still trusting every other root to trust their intermediaries to trust their intermediaries and on and on to trust the people they issue certs to. This is fundamentally how the modern internet works. The same is true for DNS as SSL.
As for your solution: a web of trust is also transitive, unless your depth of trust is one. If your depth of trust is one, the only way you're productively browsing the internet is by doing TOFU for every single cert at which point I have other questions.
You're completely missing the point; this isn't about technical protocols, nor is it about minimizing trust. I can choose to agree with Mozilla or a root CA[1]. Trusting intermediaries does not necessarily involve transitive trust. Someone that trusts Mozilla does not necessarily also trust a 3rd party simply because Mozilla trusts them. Mozilla cannot simply force anyone to trust a 3rd party by fiat, and attempting to do so (such as in the current situation) can easily be seen as a betrayal.
[1] re: root CAs and "trust the people they issue certs to" - that isn't how the current PKI system works. The CA is only vouching for the validity of a certificate. Trusting a CA's claims about the identify of the other end of a SSL connection is orthogonal to the trustworthiness of the 2nd party at the other side of the SSL socket.
SSL or not, websites are someone else's computer(s), they should not be trusted and you shouldn't be sending anymore personal data then necessary to use the service. My point is that the software on my computer should not betray me and it's relatively easy to tell if it could. If there's no code in the software to send data out then it's good to go, no one needed to write any code and no one needed to opt-in or opt-out.
So you only browse sites whose SSL cert was issued by Mozilla? Or do you trust the SSL root Store provided by Mozilla and your OS and, transitively, everyone they trust?