How hard is it to implement email verification?
Harder, actually.
That's the point of OAuth, which is what you're seeing there.
The idea is that you're you and you have a... google account. This shitty little website doesn't want to be responsible for you login details, because those can get stolen. Maybe they contain an email address, which is a problem. Software needs to be updated, it's all a big. They don't want to touch anything in terms of security that identifies you as you.
Maybe all the website does is save your favorite pepe memes. They don't need anything else from you, but they still need to have something to get a user id and make sure nobody messes with your pepe meme collection. That's where this system comes in, because the rest of website becomes significantly easier. They don't need to store anything personally identifying, all they get is an ID and they can connect it with your pepes.
The only downside to OAuth is, as you can also see, that it's corpos you don't want to trust that are offering it.
Nah, we're fine. It's just that serious secrecy is a lot more effort and I'd rather not need that. But we do have all the tools.
That's 80% of the frustration for me. They have already lost that fight for control when they legalized encryption. Now the cat is out of the bag.
For example, encrypting things and hiding them in normal pictures and posts. Using code words in normal online interactions, woven into sentences where there is nothing to decrypt and the message only makes sense to people looking for a message.
Properly executed encryption isn't just indistinguishable from regular white noise, if it's mixed into a channel already carrying a message, an observer not looking for something will never see the difference.