That's a great summary, thank you.

I'm certain that once governments (and people like Elon) realise that they can do age and ID verification for accessing sites, they will start demanding it.

These devices (with their DRM-like remote attestation and revocation capabilities) are just going to further prepare people to accept the idea that their "security" relies on running unauditable software/hardware to do anything online.

Eventually, ISPs will be mandated to check that you're not running a system with an unlocked bootloader, and then governments only need to instruct the major OS vendors to detect VPNs and Tor and E2EE messengers as being "malware".

Yes this seems particularly scary to me, vendor lock in seems to be more and more ubiquitous. I understand passwords have their pitfalls like phishing and reuse but FIDO's bluetooth / close device detection seems very invasive and potentially flawed.