The problem with these proposals is that they operate on the assumption that the only issue with age verification is the potential for ID theft, which is not the case.
I don’t see the value in cybersecurity advocates pushing for digital IDs, when they know full well that the system is not needed in the first place, as established at the beginning of this article. It would be like advocating for police camera networks to utilize E2EE for their recordings: The problem with the surveillance state isn’t the security of it, the problem is the surveillance state.
Age-gating access to information is primarily a cultural and censorship issue. We already know beyond a shadow of a doubt that age-rating systems are only used by individuals and special interest groups to impose their niche views of morality on others, you can go watch This Film Is Not Yet Rated from back in 2006 to see this issue has been discussed in so many forms for a long time.
The solution to stopping children from accessing pornography and other adult content online is exceptionally simple, and it is called: Not Substituting Yourself as a Parent with an iPad. It is beyond belief that so many people seem to think the moral issues they perceive in society are caused by “a lax government” that needs to be empowered, when we are already living in a time of unprecedented authority and surveillance. It should not be acceptable for parents to just opt out of their duties as a responsible adult and shift that burden to governments, teachers, and the rest of society; but that is exactly what is happening.
What digital credentials will do is decimate FOSS even further, and we know this will happen because it is just DRM all over again. It is no coincidence that Mozilla Firefox started going to shit about a decade ago, right after they removed their previous technical leadership and added DRM support. Now it is just a browser and organization that stands for nothing and adds nothing to the Chromium-led standards discussions. Organizations and people who advocate for privacy need to learn from Mozilla’s mistake right now: that once you back down from a principled stance, then your voice will never be heard again. It’s that simple.
Google’s library that’s used to validate your age being open-source is irrelevant here, because all it does is tie your use of a computer to a unique & proprietary key which can only be issued by your government.
Once age verification is mandated, it will be the end of the internet as we know it, regardless of whether digital IDs are utilized.