For these specialized implementations we essentially store state about the connection to do user specific functions. Knowing “who” the connection is with, is integral for initializing that state and maintaining it. Essentially allowing us to drop the pubkey from the url and also support a lot more sophisticated user level configurations. What we do with the events you send, could depend specifically on the user configuration for the paid user who is connecting. There is nothing really natively preventing (rightfully so) a connection from being opened and valid and signed events that aren’t associated with the connected party being sent through that tunnel. So who signed the event and who is trying to use this service aren’t necessarily the same.