I don’t know how easy it would be to migrate to your own local machine, but what you’re describing sounds like Desktop-as-a-Service. All of the major cloud providers offer this in some form.

DroidFS has been working well for me. It’s available on F-Droid.

• Dec 2023 ~60 so far
• Nov 2023 ~200
• Oct 2023 ~100

If you take out the employer-side taxes and cost of benefits, maybe. A fair number of their employees must be software engineers, and that much compensation isn’t unreasonable for expert software engineers.

Where does the initial cryptographic verification come from? I’m not arguing that you can’t pin certificates.

There is no way a user can know the website is real the first time it’s visited, without it presenting a verifiable certificate. It would be disastrous to trust the site after the first time you connected. Users shouldn’t need to care about security to get the benefits of it. It should just be seamless.

There are proposals out there to do away with the CAs (Decentralized PKI), but they require adoption by Web clients. Meanwhile, the Web clients (chrome) are often owned by the same companies that own the Certificate Authorities, so there’s no real incentive for them to build and adopt technology that would kill their $100+ million CA industry.