This can be improved even further to lock a single age verification to a single account. Instead of issuing you a generic signed cert, they use blinded signatures to sign a cert that you generate and encrypt, containing the domain name and your username. The govt never sees the site or your username, because it’s encrypted, and the site never sees the document you provided the govt with to prove your age. But you have a cert that can only be used by you to verify your account is of age.

There’s an alternative solution that would enable a person’s browser or device to verify their age based on a govt-signed cert with repeated hashes. This would have the benefit of the government not even knowing how many verifications you had done, because they only provide one cert per person (with longer renewals. The downside of this is that it requires some form of unique multiple-use identifier. In the sample question that’s fine because it’s a passport. IRL it could be something like an email address, or even just your own unique UUID.