I kinda hoped that TLS 1.3 had some magick in it so that those MITM proxies would no longer work because they can be recognized by the browser and the browser can say: how about no.
Also, wasn't there some security issues relating to the possibility to downgrade the encryption of a connection?