The original google document was so vaguely written that I just assumed the smartasses were pretending they invented SSL certificates. Only now did I get it that it’s for the server to verify the client, not the other way around, and that’s a on a whole new level of absurd. Boy I sure love the idea of having anti-cheat for my browsers. The comments on github are fun to read, at the very least.

That, coupled with Manifest V3 preventing adblockers, is way more reason than one needs to completely forget Google as anything more than the video hosting service for Invidious.

From a github user kescherCode:

I believe that whenever possible, we shall implement this spec into our own websites - but reversed. Whenever the attestation passes, let users not access your site. When it fails or this proposed API is unavailable - let users access your site.

Edit: the mad lad actually started implementing it here.