You can get the age quite quickly with a binary search. If everyone is between 1 and 100, that's no more than 7 requests. The only way this wouldn't hurt privacy excessively is that it has to work the other way around. You, not the app, requests a verification token from a government API that only says you are above 18 which expires once in a while. The token should bear no other information about you and be single use so it cannot be correlated between different sites. For the US, it should also be on a federal level (the verification scheme, not the age verification requirement) to reduce the bits from knowing your state, which is a lot for small states.