There are options for additional checks they could explore that are less creepy.

1. Make someone pay a one time charge. This might not give you the full details but the transaction gives more data, and shows someone is willing to back up their request for access with a paper trail which has fraud protection laws.
2. Third party verification services. Like your bank, who already have details about you. There just needs to be a way for them to vouch for you. Credit reporting agencies probably already do this, but I kinda think this is almost creepier than giving Facebook a video.
3. Verifying the email attached to your account is a good first step.

In the meantime I think knowing the password should at least get you logged in enough for account maintenance. You should be able to set the entire account private and take it offline with limited toggles. Restoring full access would require the additional verification.

I think the second one would be my sticking point. People can’t write applications you would care about if they might not work on every network.

Lots of ipv4 hacks are based around compatibility tradeoffs.

That being said, I dont know that the /64 everywhere crowd is ever going to win that fight.

Using small subnets might break ipv6-pd, which, when it works is worth keeping.