Passkeys do not help track people between sites, but if they are used in places that passwords never were, it might increase tracking within a site.
Hacker News, for instance, allows non-logged-in read-only usage. If Hacker News decided that Passkeys were so easy for the user that non-logged-in usage would be eliminated, then some degree of privacy would be lost.
Personally, I don't think it is that much of a risk. I DO worry about putting too much control in the hands of Apple and Google.
> If Hacker News decided that Passkeys were so easy for the user that non-logged-in usage would be eliminated, then some degree of privacy would be lost.
Not if you the user generates a new login upon every visit, which should be trivial.
If sites started going Passkey only even for "guest" access, you'd quickly see a rise in Passkey managers that quickly generate throwaway passkeys and you'd also see a rise in "globally shared" anonymous group passkeys, just as people already do today to get around paywalls and some walled gardens with passwords and "phone memberships" at rewards clubs (the notorious Jenny's Number being a common one there). The techniques don't really change that much. Passkeys really don't have any more identifying information than passwords or phone numbers and temporary anonymous passkeys or over-shared passkeys are likely to be a thing in some places as soon as they are seen as necessary.
Hacker News, for instance, allows non-logged-in read-only usage. If Hacker News decided that Passkeys were so easy for the user that non-logged-in usage would be eliminated, then some degree of privacy would be lost.
Personally, I don't think it is that much of a risk. I DO worry about putting too much control in the hands of Apple and Google.