As the article mentions, for better or worse, TLS-piercing proxies aren't exactly unusual anymore. An ISP may not be able to just jam one in front of their customers, but use cases involving a corporate entity owning computers such that they can push a root cert update and wanting such a cache are still unaffected.