i've already said this, the clients should be able to make up a new npub for each websocket, you want to identify yourself to paid relays but everyone else should get whatever

you can mix it up also with different policies - different every time, change every x minutes or x times on each relay, etc etc

the problem is not asking for auth it's the dumb clients not thinking about what it means (and that's a problem because most of the NIP guardians are client, not relay devs, and cryptography and game theory are not their strong points)