The freedom problem is this: you will not be able to roll your own keys.
This is probably the biggest nail in the coffin for a ton of computers out there. In theory you could simulate via software the workings of a TPM. If you built a kernel module the browser would have no real way of knowing if it sent requests to a piece of hardware or a piece of software. But the fact that you would have to use Microsoft's or Apple's keys makes this completely impossible.
The hardware problem is this: you will not be able to use older or niche/independent hardware.
As we established that software simulation is impossible, this makes a ton of older devices utter e-waste for the near future. Most Chromebooks themselves don't have a TPM, so even though they are guaranteed updates for 10 years how are they going to browse the web? (maybe in that case Google could actually deploy a software TPM with their keys since it's closed source). I have a few old business laptops at home that have a 1.X version of the TPM. In theory it performs just as well as TPM 2.X, but they will not be supported because, again, I will not be able to use my own keys.
Lastly there is the social problem: is DRM the future of the web?
Maybe this trusted computing stuff really is what the web is bound to become, either using your certified TPM keys or maybe your Electronic National ID card or maybe both in order to attest the genuineness of the device that is making the requests. Maybe the Wild West era of the web was a silly dream fueled by novelty and inexperience and in the future we will look back and clearly see we needed more guarantees regarding web browsing, just like we need a central authority to guarantee and regulate SSL certificates or domain names.
This is the actual missing key bit. The problem that Google is trying to solve here is not actually a hardware / computational problem, it's a Real Identity problem. Hardware / TPMs are a poor proxy for solving that problem.
There's drastically less eWaste and impact on software freedom if you seek attestation from a national ID provider than if you seek attestation from one of a handful of personal electronics OEMs. National ID providers can offer to sign not only Real Identity attestations, but also anonymized attestations to protect citizen privacy. A web operator can decide whether to allow for attestations from only their own national ID provider, foreign national ID providers, private ID providers, or none at all if they just have a read-only site and don't really care.
The truth is that government inaction is forcing Big Tech down the road of violating user privacy and freedoms to solve Big Tech's problems. But getting the government to offer a flat Identity Provider playing field would solve these problems in a way that doesn't require such violation.
Being a Russian passport holder who lives abroad for years, I don't want to be in touch with my gov in any way possible, and moreover depend on it.
That's actually the case for millions of people from different countries with dictatorships, do you propose just to discriminate everyone outside of 20-30 countries with more or less democratic systems ? Those countries don't care about "citizen privacy".
Apart from that, we all see the bill in the UK which is as much a disaster to human freedoms as Russian and Chinese laws, for example. So even being a citizen of a more modern country is not a guarantee.
People don't always live in their country of citizenship, they don't always live in one place (see digital nomads) and have a residence, they don't always trust their government and they should not be discriminated on internet usage because of that. That makes a person more of a government property rather than a human being.
Being nobody's resident doesn't mean that you're not a human.
And anyway, there are a lot of people inside Russia, China, Iran, etc. And instead of helping them to use services with better privacy and consume uncensored views from outside id based system will give an impressive way to censor internet usage by government attesters. Have wrong views - say goodbye to the internet.
> to optimize their taxes
You can stay in UAE for half a year, start being their resident with 0% tax and then moving around stayng less than 183 days anywhere. It's of course better to be connected to UAE or other low tax jurisdiction in case of "personal connection" taxes requirements. Nothing unethical, illegal or bad in that. As far as it's perfectly legal in lots of countries, that's optimizing and not dodging or avoiding.
If you are staying UAE resident this way, you probably will have some troubles receiving gov services, because you don't live there in fact most of the time (and you are still just a tax resident and not always resident in terms of long-term living permit).
Anyway, placing a person to be "managed" by some government is a really dystopian concept.