Having open source implementions does not make a difference, because a Google, or implementing website, server will control whether the content is served. Having the mechanism of access open sourced makes no difference in this situation.
It is the same situation with the "latent" passkey attestation mechanism. Apple and Google have general guidelines that the feature will not be used, but that only true currently. This should not be part of the browser for the same as with passkeys, it gives corporations final say in what you are allowed to use.