> (which contains no personal info; it's some kind of UUID or whatever)
And now all the websites have an uncircumventible and highly reliable fingerprinting scheme to track you across literally anywhere. Only identity thieves care about whatever data the agency would be safeguarding: linking up accounts between websites is more than enough for anyone else who would want to abuse that information.
I'm pretty sure I don't have all the details right. There is a zero-knowledge proof which allows a browser session to assert that the user is over 18 without using any static bits that allow for fingerprinting.
And now all the websites have an uncircumventible and highly reliable fingerprinting scheme to track you across literally anywhere. Only identity thieves care about whatever data the agency would be safeguarding: linking up accounts between websites is more than enough for anyone else who would want to abuse that information.