I read, from a semi-reliable source, Lousiana has pretty good system for verifying age and protecting ID. But's focused on in-person ID for gambling.

The system was that they hired a company to make the cards, and assume civil liability for any privacy violations. They also required to the company to hold insurance in case of a claim.

So it fell to the insurance company to sign off on the standards, and allowed investors to make money by avoiding claims.

I might be half-remembering it but that seemed like a very good system.

Google and Apple already have private age verification so I think the time for experiments is past.

I find claims of any technology being able to simultaneously validate your age while "respecting privacy" to be suspect at best. Even if the technology could work in theory, it would be built on top of an ecosystem designed around an ecosystem hell-bent on monetizing info about you.

My concern with this is how far it goes and whether it has unintended side-effects.

There are a lot of situations in history where in retrospect being able to evade government oversight and restrictions turned out to be a good thing. During the Holocaust a number of Jews and other targeted populations were able to escape hostile territory because they were able to get forged passports and other documents, something that strong cryptography would make impossible (even in a perfectly privacy-preserving way).

I'm not sure how old you are or when you started in tech, but in my case I started as a kid and was able to build the skills that now gave me my career thanks to unrestricted Internet access (and sure, I saw pornography a few years earlier than I should have - didn't seem to have any measurable detrimental effect on me, especially not compared to the cigarettes and alcohol).

This wouldn't have been possible if age verification was properly implemented, since a lot of the resources that might be useful for someone to learn programming/sysadmin could also be used to circumvent age verification and thus would've been blocked, and I would probably be working a minimum wage job and/or engaging in crime to sustain myself as a result. If I had to choose whatever harmful effects from pornography versus having a min-wage job, I'll take the porn side-effects any day, at least I have a roof over my head.

Can age assurance be done privately and anonymously? Absolutely.

But the entire point of age laws is to stifle free speech and ruin privacy. Thus why every age law requires uploading an ID.

If it was just age, just require a credit charge of a $1 through an intermediary. Good for a year or whatever.

Why so complex. ID cards could solve that issue, every European ID card has a powerful and programmable crypto processor / secure element inside and so do all ICAO compliant passports.

Have the website emit a random nonce (to guide against replay attacks / reuse) plus an information what is requested (name, DOB, address, some like the Croatian ID card even store photographs), the card prepares a response with that data, signs that using its private key (with a 2FA being possible as well by using a PIN/password) and returns it to the website.

The Croatian ID card doesn't even need a middleware because it doesn't do 2FA, you can ask it all of that by pure NFC communication. The German ID card requires a middleware ("AusweisApp", open source) for added protection though.