that's the beauty of webauthn!
this login process tied your device to the email address you provided, on passkeys.guru - no access/permission was granted to the website!
the only thing shared with passkeys.guru is the pubic key of your device (which was generated specifically for passkeys.guru and cannot be used to identify you or your device on other websites)
no biometrics or any other PII was shared with passkeys.guru in the process.
technically, you can use any identifier you want with passkeys, even just a dummy username - we chose to use email as it allows pairing with other authentication methods (oauth, magiclink, etc.) that are email based
This article is from 2020, I can definitely testify things have changed for the better.
We started Descope.com in 2022 and WebAuthN was one of the first things we implemented, it was easy to integrate with the rest of our system and it’s becoming the primary MFA option for our customers
AKA: We do Auth, you do you.