[zyx321]

To prevent this sort of abuse, the server would have to request the `pseudonym` field, which contains a hash across the server identity and the card's secret salt, allowing the server to detect abuse but not to track the user across multiple services.

[palata]

It's probably even simpler than that: say normal users make a few requests once in a while (because they don't need thousands of tokens every day), and one user makes a ton of requests, then it is an indication that this user may be abusing the system.

It would probably be possible to use the service that the parent is suggesting and try to link it to requests to the server based on timing. But I don't even know if anyone would bother trying to identify the OP: probably it would just be enough to rate-limit the requests.

As always: it's easy to criticise, harder to actually get it right.