Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone’s identity.

So I don’t know the details, but it makes a couple of points that either mean this isn’t the same thing as the google thing, or “attestation on the web” isn’t DRM, or something else. So far as I can interpret the article, it seems to suggest the feature is “is this a safari device on ios, if yes then skip captcha” but that seems to be up to the website’s discretion.