Don’t get me wrong, I’m all for privacy. But between setting up the birthdate when creating my children’s local account on their computers, and having to send a copy of their ID to every platform under the sun, I’d easily chose the former.
I’d even agree to a simple protocol (HTTP X-Over-18 / X-Over-21 headers?) to that.
They can have one bit. I’m ok with one bit.
As soon as they ask for a byte, they are gathering too much information about me.
I can accept that this is a significant issue, and if knowing that I’m an adult is required for certain online activities, I’ll go along, but we all know damned well this will creep.
What ever elements need to verify who I am stay private client side, and they can have a single flag that verifies I’m what I claim to be.