The article is actually one of the better ones I've read. The technical analysis is somewhat above my head, but appears reasonable, and it is suggesting solutions in some cases rather than just dismissing the concerns of parents, and going full privacy nut about our democratically elected governments.

All i would say is that the solution doesn't need to be 100% effective. The same as real world "age gates" or ID verification (which is just some random person looking at your ID in most cases) are not.

The precedent set -- that everything online should NOT be immediately accessible to children -- provides parents (the ones that care at least) with some backup when trying to raise their children. Ultimately society as a whole is responsible children, and i don't want to live in a society that thinks it is fine for kids to scroll any content on social media and watch porn as soon as they are able to work out how to use a smartphone.

The replay attack mentioned may always be a loophole, I'm not sure. But any site hosting the replay attacks should be targeted for shutdown/blocking. The "source" ID must come from somewhere as well, so that could be a route to shutting them down (there are 100's of age verification requests against one ID each day, that's a bit weird...).

If parents are helping their kids bypass age gates or straight up don't care their 11 year old is watching porn, then there is not much to be done in that case. The key thing should be keeping the majority of children in compliance to give cover to the parents that do care. Not giving all the power to bad parents and social media companies as is the situation the moment.