Since some time now we have protocol specifications for authentication that can "gate" a Mint to a set of registered (and maybe KYC'd) users with OAuth 2.0. Users receive an OAuth JWT token on registration that they can use to mint BATs (blind authentication tokens). The latter are just ecash, but for requesting access to the Mint API. So even if the users are KYCd, their privacy can be preserved amongst all of the registered users (Mint doesn't who amongst the registered users is using the service). This is Cashu's way of providing tools to the Mint runners for meeting the regulators at a middle ground, and the most we can do. Any requirement beyond this is tyranny that must be fought in the "shadows" like you said.

GitHub

nuts/21.md at main · cashubtc/nuts

Cashu protocol specifications https://cashubtc.github.io/nuts/ - cashubtc/nuts

GitHub

nuts/22.md at main · cashubtc/nuts

Cashu protocol specifications https://cashubtc.github.io/nuts/ - cashubtc/nuts

People born after 2009 can say they have a genesis block height instead of a date of birth

Gentle reminder that warmongering bloodthirsty politicians will steal your livelihood to drop bomb on kids.