@sysadmin1138@octodon.social just a random add on, the proposals default example of an attester is the Google Play store on android. So the plausible deniability you discuss might very well be an android phone (largely google) being attested by the “3rd party” Google Play (google) so they can watch videos on youtube (google) which makes money by selling advertisement space (also brokered by google)

Seems p obvious that it’s now in google’s best interest to quietly ask *themselves* to not attest adblock plugins, web browsers downloaded through alternative app stores, etc etc as “insecure”