[wkat4242]

Attestation is a huge problem because it can be used to exclude self-hosted systems, which is the only way I would even consider using passkeys. I abhor "sign in with Google/Microsoft/Meta...etc" things too.

For example the admins at my work refuse to "certify" any security keys other than yubikeys. And because those do support attestation it is not possible to circumvent it. For work it's not an issue, they will just have to supply me a key if they want me to use the damn thing, but I don't want consumer-focused sites to use it obviously. Attestation is inherently evil and anti-FOSS.

I just won't opt in to it until attestation is gone, but thanks to iCloud not offering it, it is currently not demanded by any of the sites.