There are multiple approaches. One, which the Europeans use, hardware-locks the token. Each age attestation is unlinkable, but the cryptographic credentials you need to make the attestation aren't portable. Of course, this model requires a big statist apparatus that does implementation certification, but it does achieve the narrow goal of unlinkable, privacy-preserving age attestation that doesn't instantly decay to mass copying.

Other approaches are possible. I'm particularly keen on ones that treat attestations as anonymous digital currency and use cryptographic penalties like slashing to discourage copying post-hoc instead of relying on EU-style implementation certification.

There's a huge literature on the subject I don't want to reproduce here. The point is that yes, we do have the technology to do attestation without sacrificing privacy, which makes all the calls for non-privacy-preserving attestation awfully curious.

The verification service would tie the token to the IP address/geolocation. It would also throttle the number of identifications, or expire old ones.

Yes, that can eventually be worked around, but not really that different than doing the verification today on someone else's device.

What's to stop you, using your 18+ ID from buying crates of alcohol and giving it to random < 18 year olds for the lulz?