It's funny reading the comments to this because I wonder how many actually read through the article.

This is the compromise we could hope for; if they're going to keep demanding an age verification, having that verification instead ONLY on the host device instead of it being face or ID scanning, and that host device simply sending a signal to any requesting site, etc, that "this user is in this age bracket", that's about as secure as you could hope for while still meeting a requirement for an age check, especially if it remains as just a "enter your birthdate" text box at the setup of an OS. It keeps the onus of verification off the website providers, which means user account creation isn't required to verify age because it can just ask for the proper flag from your OS or app provider, and is better for privacy overall than what others are proposing.

The BEST for privacy, of course, would be to never have to ask for that information in any way, shape, or form, but it appears that bridge has already been burnt, so we're now just hunting for the best and most secure and privacy-enabling compromise without just streaming your damn face to every web page 24/7 while you're using it.