Will have to wait and see how Apple reacts with Safari. Mozilla dismissing the proposal is big, but Apple has the second largest mobile OS marketshare with iOS, and so Safari is very relevant for websites to support it.
"We work hard to build great products, and what consumers do with those tools is up to them â not Apple, and not broadband providers," Cynthia Hogan, VP of public policy at Apple
Prove it, then. Unlock the bootloader. Allow us to install our own apps. Let us install our own OS on the hardware. I get they don't want to open source their iOS, that's fine. They say "what consumers do with those tools is up to them", but then they lock those tools down TIGHT. Actions speak much louder than words. They say those tools are ours? They need to show us that this is true.
A part of Appleâs long term, multi-stage deployment to phase out passwords entirely. They announced it last year during WWDC and said it will be messy and not without hurdles, but theyâre committed to having strong cryptography without need for password at all.
Passkeys (which are broader than just Apple) and this are not related at all. Regardless, Apple absolutely has interest in controlling browsers. Hell, they already do it on iOS, where you can't use any rendering engine other than theirs.
The only reason they might be against this is because they feel they can't control it the way they want.
I don't think it's related at all. You can implement passwordless technologies like FIDO2 and Webauthn without browser attestation.
A far cry from what Google is trying to do or their long term plans
It's literally very similar technology though, and none of us know Apple's long-term plans for it. It's well-known in the digital ad industry that Apple are trying to increase the size of their ad network. Locking down tracking (app tracking transparency) is also advantageous to them as it only applies to third parties - Apple can still track users.
The focus here is primarily on removing captchas, and as such it's been integrated into Cloudflare (discussed here) and Fastly (here) as a mechanism for recognizing 'real' clients without needing other captcha mechanisms.
Fundamentally though, it's exactly the same concept: a way that web servers can demand your device prove it is a sufficiently 'legitimate' device before browsing the web.