alt Hacker News> They become a traceable identity token
Not if you use a challenge-response protocol where the client returns a zero-knowledge proof of age, where the proof incorporates a random string sent by the website.
The traceable stuff is private information that the website never sees. If a minor is caught with it, then law enforcement has local access to the minor's hardware and can probably view the private data.
At that point, the private key can be put on a public revocation list. The zero-knowledge proof can include a proof that you're not on the revocation list. Once you've been revoked, you have to go through the hassle of setting this all up again, which might be enough incentive to keep it reasonably secure.
This doesn’t stop the scheme the parent proposes, where adults install some proxy on their device and challenges are responded to on the parent device. Then the private key never leaves the parent device and all the child device has is the proxy software, which could be set up to not log any identifier of the key that it used