I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
What can people do? Systems like these are mandated by companies that provide services that people need, and they are hard to avoid. In-person verification is sometimes an option but not always.
All this biometric data is setting people up for identity theft attacks. These types of attacks are going to grow enormously over the coming years as biometric data is gathered and leaked on a massive scale. Anything put on the internet has been leaked already, almost every company with a web presence has lost data. Biometrics unlike passwords, phone numbers and credit cards can not be changed.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...
The far more concerning part are your pictures/document scans getting sent to them.
The rest of the IEEE Symposium on Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html