I strongly disagree.

You're framing this as some desirable thing that could be good except that a bad implementation erodes privacy. That's wrong at every step. These bills originate from big tech such as Meta that literally profit from collecting as much personal info from you as possible. https://old.reddit.com/r/LinusTechTips/comments/1rsn1tm/it_a...

But even beyond their tainted origins, you can't implement your way out of something badly formed in the first place. You handwave "zero knowledge" but that doesn't do for your privacy what you're hoping it will. That id card will still have a serial number and CCTV of you purchasing it and you will de facto end up trusting some government binary blob to implement this cryptography correctly without backdoors. Snowden was a decade ago. This will have a backdoor. This will be used for surveillance, tomorrow even if by some miracle not today.

And finally, this makes the internet worse. There will be a section of people who are, for one reason or another, not able to pass this bar. Much of the goodness of the internet comes from being able to interact with anyone on it.

People fall through the cracks of the system. You suddenly can't use a digital service any more, because it requires you to use a specific technology that you can't obtain, even though you are old enough. You might be a refugee, you might be someone with special characters in their name or you might be someone from a country that simply doesn't provide recognized digital certifications. Or you might want to run a rooted operating system on your phone or computer.

This assumes good faith, which doesn't match reality. It's about control, not protecting children.

Also age verification is still a problem in itself. Given your idea of a physical card, kids will find a way to use the card of their parents. Even if the card couldn't be misused by others - you give platforms the knowledge of whom is a minor, which means they can be targeted better.

But to be effective you need to prove that the person presenting the ID is the person the ID belongs to.

In person that falls to a human being, and it's an easy and intuitive task that takes seconds.

On the internet this involves some kind of video recording being sent to some agency somewhere being paid a fee, who may later be asked to prove the efficacy of their service. This agency needs a digital copy of the photo from your ID for matching purposes. They'll be tempted to store this for auditing purposes... they'll also be tempted to store correlation IDs etc if the architecture allows.

The issue is trust. You just can't trust these first and third parties not to collaborate for commercial gain or at government demand or request.

And ultimately you're still exchanging verification at registration for a shareable credentials: I could use my ID to sign up to pornhub premium and then sell the username and password to a 16 year old if I wished, just like those buying alcohol can go and give it to the underage. A black market for digital credentials is even easier to establish than material goods

It is a problem in itself. First they want to know your age (they're pretending: of course they want to know your identity, but let's leave that for a moment).

What's next? Your US legal status as determined by your ethnicity? Scan your face to prove you're white? Yeah, that sounds absolutely ridiculous but so did the age verification with KYC just a few years ago.

And it is focussed on social networks, which require an email address, which usually implies a device.

But instead of inserting controls around email addresses (as with paid services) or devices (as with contraband), the requirement is pushed to the application layer. It really makes no sense from a technical POV.

> and it would be perfectly fine

Unless a tiny chance exists that some system in the middle is not secure. Then you have the problem of those who orient their acceptance to the "oh well" shrug, and then systemic faults get downplayed by default. (Edit: I re-read and notice 'half-baked systems': seemingly, we agree.)

> as a political posture

Which is the core problem of masses accepting pseudo-heartly and not-brainy unacceptable figures. And again, systemic faults incarnated as administrations get downplayed by default.

"Age verification" is designed to attribute your identity to your online presence. As such, it's done just right.