Google will degrade their services for non-DRM browsers. They have a long history of "oops" with UA sniffs and serving slow buggy alternatives to Chrome-only JS.
You'll be filling in captchas 10 times a day, getting randomly locked out of your Google account in the name of security, and whatever new feature they add to their services, they'll find an excuse to require the DRM for it.
Don't you think people will inevitably crack the software side of things (as has been done with the lower levels of Widevine)?
The end game is probably integration with a TPM that produces the token, or at least whatever part of it verifies that the chrome binary is genuine and that there is no forbidden software running on the client machine.
The end game is probably integration with a TPM that produces the token, or at least whatever part of it verifies that the chrome binary is genuine and that there is no forbidden software running on the client machine.
That is exactly the goal of this, and why it needs to be opposed fiercely.
That doesn't make any difference. There will be websites that will only allow people using approved browsers to access them. Instead of whatever you expect, you'll get a link to download Chrome (or whatever), and possibly install $COMPANY's attestation software.
Then, people will DDOS the attestation endpoints because why not.
