You first quote reads: "You, the end user, get a notification that a party (probably the porn website you visited) wants to request your age and you, the USER, get the identity of the website (not vice versa).
As for the second quote: Yes sure, you credentials need to be signed by a trusted authority, someone has to establish you are an adult. But it is a cryptographic signature. Same as https certificate needs to be signed by a third party vs. self-signed certificates.
And the ID app developer logs that the porn site has requested my ID. So there is no privacy from the government. Which is much more important privacy.
As for the second quote: Yes sure, you credentials need to be signed by a trusted authority, someone has to establish you are an adult. But it is a cryptographic signature. Same as https certificate needs to be signed by a third party vs. self-signed certificates.