alt Hacker News> buy a card with a UUID from anywhere that sells alcohol/tobacco that is valid for some period of time. most people are comfortable with flashing their ID at the clerk. the UUID card is non-identifying.
It can be implemented in a privacy-preserving way online: your government gives you tokens that prove that you are above age and that they provably cannot track. That's the exact equivalent.
I believe that the other measures (remote attestation and such, the ones we hate) come when we try to make absolutely sure that you don't give/sell that UUID to someone else. But IMO we should just forget about doing that. Just like an adult can, today, buy cigarettes and porn and give them to a kid.
> and that they provably cannot track.
That's not easily provable though.
Any token given that way contains some amount of encrypted payload.
That secret payload may contain uniquely tracking numbers.
Even the encrypted payload itself, if treated as an opaque string, can be used for tracking if they decide to log it when they deliver it to you, and when the website where you use the token passes it back to the government auth service.
You need to replicate the UX of a stack of pile of cards at the grocery store, that's not really possible in digital space.