> At some point, you may have been faced with the decision yourself: should I continue to use this service if I have to verify my age?

An excellent question, which I didn't see the article really get into.

> If you’re given the option of selecting a verification method and are deciding which to use, we recommend considering the following questions for each process allowed by each vendor:

Their criteria implies a lot of understanding on the part of the user -- regarding how modern Web systems work, widespread industry practices and motivations, how 'privacy policies' are often exceeded and assurances are often not satisfied, how much "audits" should be trusted, etc.

I'd like to see advice that starts by communicating that the information will almost certainly be leaked and abused, in n different ways, and goes from there.

> But unless your threat model includes being specifically targeted by a state actor or Private ID, that’s unlikely to be something you need to worry about.

For the US, this was better advice pre-2025, before the guy who did salutes from the capitol was also an AI bro who then went around hoovering up data from all over government. Followed by a new veritable army and camps being created for domestic action. Paired with a posture from the top that's calling harmless ordinary citizens "terrorists", and taking quite a lot of liberties with power.

We'll see how that plays out, but giving the old threat model advice, without qualification, might be doing a disservice.