I guess the idea is that the “fraudsters” would have to opt out of every attestation, so after many requests, the client can be identified as likely refusing every attestation. I agree with your first point: many sites will do everything they can to get an attestation from the client.
I guess the idea is that the “fraudsters” would have to opt out of every attestation, so after many requests, the client can be identified as likely refusing every attestation. I agree with your first point: many sites will do everything they can to get an attestation from the client.