Right, and I'm firmly in the camp that everything on the internet should be both anonymous and accessible to anyone from anywhere.

But clearly this isn't the way the internet is going. As much as I hate it, it seems inevitable that globally every government is introducing at least a requirement for websites to check the age of their users.

So right now this can be done(here in the UK anyway) either by scanning your ID with a 3rd party provider who "promises" to delete it straight away, or by linking your bank account(yes, I'm definitely going to do that to go on pornhub, 100%). Both methods have the problems you mentioned + the additional risk of leaking my personal details because they are getting more info than they need to fulfil their legal obligations.

But if the government could just issue me an expiring cert that says "yep, this user is 18", without any of my other data on it.....then that's vastly preferable to having to scan my passport or driving licence to browse reddit or discord or whatever? Like yeah, maybe someone could still track it somehow(don't see how if every certificate has a unique ID and doesn't contain any identifiable info other than "yep this is a valid certificate and yes the user is over 18", but let's just say they can), but at least my IDs are not at risk of being leaked anywhere.