[ohyeshedid]

Public IP as an auth token seems like a horrible idea.

You're giving anyone on CGNat or even the same coffee shop access to your customers account.

[londons_explore]

In my case, customers don't have any data on the account - it's simply a bit saying 'has paid for premium?'. And if I end up giving premium to a few people who didn't pay it isn't an issue. The sign-up friction of needing an email address is greater.