zlacker

One provides encryption over the wire (TLS), but in modern implementations (extended validation certs are more or less dead in the browser space) hardly provides the user any guarantee that the website is who they think it is.

The other provides the website the ability to ensure that the user's device is one of an approved set of devices, with an approved set of operating system builds, with an approved set of browsers.

These are fundamentally different, surely you can see that.

> similarly both can be avoided if you're willing to not participate.

Actually, no. Unless your definition of "avoided" is simply not using a website which requires attestation, which, over time, could become most of them