One way of thinking about it is that each bit has maximal information because knowing the entire previous history should give you no information about what the next bit will be ahead of it being revealed.
Quantum Key Distribution. You can prove that the key hasn't been intercepted. But since that means you need a direct point to point connection with no routers, switches, hubs, amplifiers/repeaters etc., it only works for a tiny fraction of cases.
https://en.wikipedia.org/wiki/Quantum_key_distribution
If the user installs a Firefox update and then all their HTTPS connections stop working, most users will blame Firefox unless the error messages are very specific about Lenovo's involvement, which simple blacklisting won't do.
Users who follow technical news and understand the problem will already have removed the certificate manually (and removed the proxy).
I doubt it. Most non-techie users will probably not get around to installing another browser, so seeing that neither bank nor gmail nor facebook works, they'll blame their ISP.
