Hypothetically, I wonder if it would be possible to spoof this if you also had an actual unmodified attested device. Something like a device in your home network that would, if you have an iPhone as well as an unattested computer that you actually want to use: get request for attestation from a website, send that request to your iphone instead, as if your iphone had opened the page and was receiving the request (or just have the iphone also try to load the page), intercept the signature the iphone sends to the website, and have your computer send it to the website instead.
Now I’m curious if this would actually be a viable business model, if it’d have any legal or practical issues, and if anyone already does it. Like, there exist companies that collect trash already, clearly that part is already viable, so if information could be collected and sold to advertisers for even a little more than the cost to collect that information, then it would be extra profit for the trash company as long as it didn’t negatively impact their core business of trash collection. Could be even more insidious and hard to opt out of than actually having someone look through one’s individual trash too, for example, if one could, say, sort out the cans from the trash for recycling purposes, one might also try to have a machine look for brand logos on those cans, and store information about which route a given load came from, potentially giving information about what kinds of beverages people in a given neighborhood are more or less likely to buy.
While I agree with the idea that there is merit to a proper and well designed national id for official uses, I disagree with the idea of attaching it to R18 content. The way I see it, trying to do so inevitably intrudes on people’s privacy in some way (content providers might collect that ID to check against government records, leading to the risk that they improperly store it, for example, or the government might be tempted to police the activities of adults to an unreasonable level, or at least creates the infrastructure to do so if a more restrictive government came into power). Further, it will not and fundamentally cannot stop kids from accessing things deemed inappropriate for them, because kids are curious, and the things one wants to restrict in this way are generally information, which is trivially easy for them to copy and distribute among themselves. I think we need better education, both to children/teenagers (depending on the subject) about those topics we as a society seem averse to the idea of them knowing about, but which they will inevitably learn of anyway (things like sex-ed, or how to deal with drug addiction or its presence among people they might know (and not just in the counterproductive way that things like DARE used to do)), and to parents about how to deal with children becoming curious about or trying to access restricted topics. Beyond that, I think we should generally leave it to parents to parent their children. While it might not be ideal if some kid gets access to a video game rated for adults, it also isnt physically dangerous to them in the way that something like alcohol is, so treating it the same way is overkill at best.