[derefr]

With most of these, the service itself doesn’t demand your ID; they demand that you give your ID to some third-party KYC/AML provider, who then just sends a “yes, this account isn’t fraudulent” signal back to the service. It’s like really overwrought SSO.

[vintermann]

And if that third party is the same that actually issues your ID (I.e. the government), you give no one anything they didn't have already. It could even be constructed cryptographically so that

1. the government doesn't know for what purpose it verified your identity, only that it did

2. The party receiving the proof of ID (or proof of age, or proof of non-duplicate registration - it could potentially be a lot more limited than full ID) gets it in a zero-knowledge form, so they can't turn around and give it to someone else.