Also, there probably
will be per-device keys, it's just that they are only used in the communication between the attester and the device, and not exposed to the web page.
So you're at the complete mercy of the attester (and of whatever deals it made with the sites) but the sites technically can't use the token to track you. Privacy!!!