All TLS/HTTPS clients have a set of Certificate Authority keys which they trust. Your client will only accept a public key which is signed by a trusted CA’s key. A proper CA will not sign a key for a domain when it has not verified that the entity that wants it’s key signed actually controls the domain.

The text is also incredible misleading. The data will still be harvested and monetized, just not for ads.

Wdym?

This is typical enshittification. Make an impossibly good service to gain marketshare. Then make it worse once you’ve eliminated all competition and dominate the market.