[Zak]

> remote attestation for web browsers has been around for a few years now.

May it always remain niche.

A world in which open source browsers are unusable for most people and new entries to the browser market are all but impossible sounds terrible.

[machinationu]

there is no contradiction between open-source and attestation

linux is open-source and a very common attestation target

[Zak]

Ask anyone who has tried to run banking apps on GrapheneOS how that works out in practice.

GrapheneOS supports attestation. GrapheneOS even provides the sort of security guarantees that would make risk management types at banks happy, but it isn't popular enough for them to be motivated to support it as an attestation target.

Now imagine it was practical for websites to require attestation from browsers. How likely do you think it that all the major services would accept anything other than Chrome, Safari, and Edge?