[bfulgham]

The point of the video was that when using the device as the authenticator, attestation reveals details of the phone (such as the unique private key used to prove the phone is valid to a manufacturer). The anonymous attestation authority here allows Apple to be assert to the qualities of the device without the device having to reveal identifiers externally.

This is akin to a batch of identifiers the size of all Apple products, while still allowing the device owner (or Apple) to disavow a particular device if it is lost or stolen.

The implementation also ensures that the same device creating multiple identities for the same website will have no signing characteristics linking one account to the other.

[tialaramex]

It doesn't reveal "the unique private key" that would be crazy, the revealed key is a public key. And mostly sites should not ask for attestation and users should refuse to grant it if asked (Firefox asks, you can just say "No" but I'd be comfortable with clients just always saying "No" on my behalf instead)

There are already designs if you are quite sure you must have attestation and yet you don't want device identification. You can do blinded attestation and agl has written up a much fancier approach on his blog too.

But again, Don't Ask, Don't Tell. The video shows this silly demo "Shiny picture" site asking for attestation and that's a bad idea you should not replicate, write "none" instead of "direct" and then the problem goes away for your site.