This is the one I'd be worried about. Thought it was annoying to not be able to use banking apps on a rooted Android? Think about how annoying it will be when you can't do much of anything, even on the Web, unless it's from a sealed, signed Apple/Google/Microsoft image-based OS...
I realize the way Firefox's user share is going, it might not matter or they might feel they don't have a choice but I really, really hope Mozilla doesn't even remotely consider implementing this.
Apologies for the simple question, but wouldn't forks of popular browsers crop up without this attestation API implemented? Or is it a thing where websites themselves would potentially refuse traffic from browsers that didn't support it?