It might be interwoven, but at the end there are three interfaces:

1. the headers or tags that trigger it to be enabled for a website
2. the API towards the attester
3. the headers that are added to subsequent call to include the verdict of the attester

It should be enough to disable/sabotage nr. 1. If not, you can sabotage nr. 2 so it simply doesn’t attest shit. And finally you can suppress adding the verdict to the responses.

If the actual “fingerprinting” or whatever else is in there is still intact doesn’t matter if you just don’t trigger it.

Of course webservers would simply deny serving brave then. But it’s still a good move. The more browsers get “denied”, the easier it will be to make a case against websites for some kind of discrimination.