There isn’t even a way to trust a 3rd party to verify someone’s age.
It depends what you mean by this. If you mean in terms of a way to trust that the third party is doing its job correctly, that’s as simple as using the government itself to do the verification after seeing some proof of age.
If you mean in terms of privacy, you can’t protect the privacy of the fact that someone got verified, but you can protect the privacy of their browsing after the fact. It’s a neat cryptographic trick called blind signatures. The end result is a token that the user holds which they can hand over to websites that tells the website “a trusted third party has verified I’m over 18” but would not have to reveal any more information about them than that. But even if the government was that trusted third party, and they asked the websites to hand over all their logs, the government would still not be able to trace your views back to you, because the token you hold is one they never saw.
This is, in my opinion, still a bad idea. I am in no way advocating for this policy. There’s still the mere fact that you have to go up to someone and basically register yourself as a porn viewer, which is fucked up. Maybe if these tokens were used in other ways, like instead of showing your licence at bars, it could be less bad (though there are other practical reasons I don’t think that would work) because the tokens could be less directly associated with porn. But it’s still an unnecessary layer of bureaucracy. Not to mention the cost that adding all this would put on the government—or, if they charge for these tokens, the people using it—for what actual gain, exactly?
I’m merely pointing out that from a purely technical perspective, this is quite different from when governments request back doors into chat encryption. This actually can be done. It just shouldn’t, for non-technical reasons.