[mindslight]

Note that what I outlined is decidedly not "age verification" or "identity verification" - rather it relies on on-device parental controls, where the decision process is still completely under the control of the end users (ie parents). The main point of the legislation would be to prime the network effects to overcome the current market failure.

The details of the setup are very important as they lay out which way the situation will be pushed as the calls invariably continue. There are many other neat ideas that are voted high up, that still fundamentally still just boil down to identity verification! This why we need to talk specifics - even most programmers are bad at designing secure systems, as it requires the additional skill of adversarial thinking.

For instance, the scratch card idea you bring up fails with the same problem - it still puts the onus for yes/no decisions on the companies, meaning when the scratch cards are declared not good enough, those companies will then move on to additional methods - and it would be a tall order to craft legislation that prohibited companies from employing any other identity verification methods beyond the scratch cards. And in case it's not obvious, the scratch cards will readily be seen as not good enough - if they're truly private, it's easy for anyone to make a couple extra bucks by buying some (up to the limit), and then selling the tokens online.

(never mind that many beer stores have moved to online verification of licenses where they scan your ID# and it gets backhauled to some centralized database, so even buying beer isn't appropriately described as "flash your ID" any more)

(also note that any "age verification" or "identity verification" scheme does not merely absolve big tech of liability, rather it moves that legal liability on to parents themselves! )