1. you can generate a random nsec for each auth if the relay doesn't have "paid" in the nip-11
2. the REQ envelopes constantly doxx the user's npub it doesn't take a data scientist to write an algorithm that can establish the likely npub behind a set of requests from an IP address
quotingAuth is very useful, although I'm worried about it becoming the norm and doxing users connections. thats mainly why I have noStrudel set to ask the user every time instead of automatically :)
nevent1q…z2kc