The reason we can trust the CA certificates loaded in our browsers have proper processes and operate transparently is that the browser makers leverage those certificates being preloaded as bargaining power.
Would we have the opportunity to retain that sort of power in this decentralized world? Or do we start seeing the "essential" apps move out of the store and doing things like background monitoring of the user?
Who are users suppose to trust?
Back in the day users also trusted SourceForge....