But they are right to do something.
I didn't mean to imply I disagree with that. And I think that on balance it's better to scare off a few people who are concerned that their porn habit will be revealed than it is to have the current free-for-all where teens (or 10yos as it turns out) are watching a huge amount of porn.
I think the point is that you can decouple the two things, and it looks like that's what is being done, though I'm not sure of the details. But it sounds like the porn site just gets yes/no from the verifying entity that the person in question is of a certain age. The question that remains is whether the verifying entity knows which websites it is verifying. The ideal would be to fully decouple. That way the porn site doesn't know the identity, only the age, and the verifying entity knows the age and identity, but not which website they are going to.
The idea would be somewhat similar to zero-knowledge cloud storage, but that would require an app on the user machine to do the encryption/decryption. Obviously, those systems aren't perfect either (see: Lastpass). But it makes a data breach similar to the
Dolly Ashley Madison* breach very unlikely.
But as I say, I agree that barring a perfect system, the greatest social good seems to be in reducing access to porn for... well everyone probably, but especially the youngest users.
*Correction: Dolly Madison is a division of Hostess and makes crappy high-sugar deserts, so only diabetics secretly sneaking sugary snacks and "clean" food influencers need fear that breach. I was thinking of Ashley Madison, the "dating" site.
