Random key in the zap request, anon tag is added as well so clients know its a random key
Discussion
One thing to note is that you can still in theory fingerprint these based on the relays. But there is plausible deniability in any case since someone could be trying to pretend they are someone else via a relay list fingerprint