Oh, I was thinking the certificate would only be needed for signups - once the account is created, it absolutely should be on the account holder, not the service provider.
The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.
I had this exact issue with both my desktop and server. Anytime I put any sort of load on the outbound connection, the wifi would cut out. After switching to the iwd backend, I haven’t had any issues.
You could try switching your wifi backend to iwd instead of wpa_supplicant.
If you’re using NetworkManager, then create the file /etc/NetworkManager/conf.d/wifi_backend.conf, and add the following configuration:
[device]
wifi.backend=iwd
Philosophically I agree with you. I was just discussing a technological way to accomplish age verification without giving up users’ identities to a service provider, or the government knowing what service you’re using. Unfortunately, too many governments want to know what you’re doing inside your pants.