Basically, the idea is that a server can refuse to serve you (or degrade your experience with captchas/heavier restrictions) unless you (your device) complete a "challenge". This could be something like the browser (through a system API) checking some device details like

• root/admin
• unlocked bootloader
• extensions (either bad extensions or something like an Adblock)
• VPN (potentially "if you have nothing to hide you have nothing to fear")
• installed apps (Adblock via DNS like blokada,
• device emulation
• TPM (generate secure key to make sure device is "real")
• OS state (heavily modified?, untrusted OS?)

etc. Basically making sure the "environment" is clean and not tampered with (trusted).

The problem is with what defines a "trusted" environment. It could start at just making sure the device isn't rooted (like Android's Safetynet/Play Integrity check; most people don't root their device & don't/won't care, also easily justifiable since it can be a security vulnerability because the device is "wide open").

Then, like the article mentions, the device makers (Google (phones, chromebooks), Microsoft (Windows, Xbox), Apple (macOS, iOS, visionOS, etc), Meta/Facebook (Oculus), etc) could change their terms for attestation and deny approval on stricter, potentially anti-consumer criteria such as device age (forcing you to buy more things).