It doesn't even need 'age verification'. Ostensibly, the goal is to prevent children from accessing content their parents don't want them to see. That means all that's needed is a standard way for parents to make sure that websites know their children are children. They don't need identity, they don't need actual age, we don't even need a complicated cryptographic solution.
California had the right idea - establish a standard way for a client to identify that the user isn't an adult (or you could do it the other way around, but that's less permissive), mandate that websites obey the flag, mandate that OSes include the feature and that browsers use it. In the end, anyone who owns a device can set their age group flag however they want it - it would be up to parents to make sure their children only use devices set the way they want. The parents could set their 8 year old's age group to whatever age group they want, and rest assured that websites would respect it.
> the goal is to prevent children from accessing content their parents don't want them to see
This has been mandated in TVs sold in the US. No one sets the thing.
https://en.wikipedia.org/wiki/V-chip
> Ostensibly, the goal is to prevent children from accessing content their parents don't want them to see
This is not even ostensibly the goal. Ostensibly, the goal is that the government controls what a child can do.
or don't put the burden on the website at all, but let the parent choose whitelists of child-appropriate sites based on whatever criteria they want.
This is already possible. There's not enough people doing it, so instead we get age verification schemes.
The benefit of an age attestation scheme is that it makes it easy for parents, while also diffusing future attempts to use children as an excuse for control.
[dead]