I'm dubious of the privacy-preserving approaches and would rather we just quit with digital age verification. I'm specifically worried about unification of data sources identifying users.

The challenges presented to sites, and verifiers if the scheme uses those, would have to be non-identifiable in the sense that they can't tell that 2 of them came from the same key. Otherwise there's a risk users get unmasked, either by a single leak from a site that requires age verification and a real name (e.g. an online wine merchant) or by unifying data sources (timing attacks, or identifying users by the set of age-restricted sites they use).

Perhaps I just don't understand the underlying crypto. That wouldn't be super surprising, I'm far from an expert in understanding crypto implementations.