[dwaite]

Not that everyone hates it. Competing models of usability/openness.

Security keyfob vendors have had attestations for years because they were selling primarily to corporate markets who have closed user bases and stringent authentication requirements, with some also provided to early adopter consumers.

Platforms and password managers are targeting consumer use cases, where preventing the user from leveraging the product would be a terrible thing, as would the 'user agent' problem where later entrants to the market have to beg to be on every site's allow list or lie and claim to be another product.

The synchronization doesn't break attestations. The idea of sites rejecting authenticators that synchronize means that attestations have become an anti-feature in the consumer space.