US Supreme Court Upholds Texas Porn ID Law

Would it not be reasonable and safe and private to implement age verification through login.gov? An Oauth implementation that knows your identity and age can produce a verifiable token that attests your age but not identity. The only way your identity would leak would be if both the porn site and the oauth retain the tokens (which they would both claim not to do else no one would use this), and the attacker gets access to both.

I know it's unlikely to happen because of America's (misguided IMO) extreme distaste for digital government ID, but it seems like the current solution (people uploading pictures of their driver's license to porn websites) is worse in every possible way.

You need something like Verifiable Credentials to do this properly imo. You don't want something like OAuth because the login service knows which websites you're requesting the login from.

I'm not suggesting that people actually authenticate to Pornhub using Login.gov's oauth, they would continue to auth (or not) as they do now. Login.gov can issue a token saying, in essence, "A user authenticated to me, and that user over 21, but I'm not going to identify them, I'll just give you a random GUID so this token will be unique".

edit to add more details, since I'm thinking it through: the token would need to include the issue date and be signed obviously, and would be ephemeral. Properly implemented, it could be done entirely in the browser (Firefox would have a "age verification provider" pull-down) in way that's transparent to the user and both private and secure. And since you have to be 18 to get a credit card, essentially any service you pay for with a credit card in your own name ought to be able to attest your age, even if it hasn't done KYC or scanned a government ID.