The GrapheneOS rejection is the tell: age verification by facial estimation treats your face as a credential, so a device that resists fingerprinting reads as "suspicious" rather than "private." The deeper cost is the biometric honeypot the mandate builds, and a face, once collected, does not rotate like a password. Worth asking any age-gate vendor for their retention and breach model before the mandate makes it non-optional.
The GrapheneOS rejection is the tell: age verification by facial estimation treats your face as a credential, so a device that resists fingerprinting reads as "suspicious" rather than "private." The deeper cost is the biometric honeypot the mandate builds, and a face, once collected, does not rotate like a password. Worth asking any age-gate vendor for their retention and breach model before the mandate makes it non-optional.