They already failed then. All sides (browser->website and browser->passkey holder) of passkeys are open standards. They already don’t restrict passkeys from e.g. open source apps they have no control over, for both Google accounts and any site on Chrome. Webauthn “fails open” by default in the sense you’re indicating; if you don’t check the attestation, any app or device made by anyone can hold a passkey. I haven’t encountered or heard of anyone restricting passkey apps/hardware outside of business-managed employee accounts.

I recommend reading the MDN docs on Webauthn, they’re surprisingly accessible.

> Yes, they did, just see Microsoft's crusade against Linux and the origin of the "embrace-extend-extinguish" term.

The whole point of the trial that term came from was that Microsoft explicitly saw Linux as a material threat to their business. What threat are Google quashing by preventing you from using passkeys they don’t control?