you know the client can make up a one time key for eath auth that isn't tied to a subscription right?

that's one extra boolean flag in your relay data structure and an extra field to set one of the stored user keys for these

users leak their npub constantly with their queries because almost every single one includes the same npub, it makes zero difference if you don't use an anonymising proxy either way

put the security features in the right box, if you muddle the layers up they will become brittle and eventually this will prove to be insecure

anonymisation is a network layer, not application layer issue