The approach I’m suggesting relies on the same secure enclave/TEE infrastructure passkeys use. Over 95% of iOS and Android devices are passkey-ready, TPM 2.0 is required for Windows 11 (although there are adoption issues here) but over a billion people have already activated a passkey. You’re right that coverage isn’t universal, but it’s broad enough to build on and beats uploading your passport to a third party.
Since, with this system or any other, someone at some point needs to actually look at an ID, it seems to me that a purpose-built cert that indicates that this was done would be better. Then it would retain the same attributes (aside from being able to be used for anything beyond validating you're over a certain age), you could store it as a file and use it without any special hardware.
Another thought: what about people who use multiple machines? Since you couldn't share credentials across machines, wouldn't that require users to go through the enrollment process for each machine?
