Why does this article claim that attestation is unlikely? We know Google loves the idea - see Web Environment Integrity (WEI).
Also, what's stopping us from falling into the passkey version of the world we got with OpenID, where many services force you to log in with your BigTech account?
> Why does this article claim that attestation is unlikely?
Facebook is still going to want me on their websites even if I’m running Firefox. Most websites people visit will not do any chrome WEI attestation. Likely exceptions are sites which handle any legal, financial, or health-related data. Not credit cards. I doubt most Google properties will use WEI.
They still want to slurp up all my juicy Firefox usage data and I bet they think a lot of such users will drop their services like a rock if it meant otherwise dropping their browser.
I'm willing to bet otherwise (w.r.t. your first statement). They probably consider the sliver of such users expendable. They probably also (rightly) assume that a significant percentage of that sliver will continue using their service (e.g. via sanctioned Chrome on sanctioned hardware) if push comes to shove.
Or at least they will at some point in the near future.
Facebook went out of their way to make an onion address available for the application (https://en.m.wikipedia.org/wiki/Facebook_onion_address). They consider nobody to be “expendable” when it comes to their desire to profile individuals. Forcing their users into a specific browser will do nothing for them when what they want is for people to make requests against their servers.
Also, what's stopping us from falling into the passkey version of the world we got with OpenID, where many services force you to log in with your BigTech account?