I was thinking that by exposing the signature hash function ( DataServerAccountInfo::getUsernameSignature in DataServerAccountInfo.cpp) to script, users can generate a signature hash and return it in an object along with their username which can be verified by their public key at https://metaverse.highfidelity.com/api/v1/users/Cracker.Hax/public_key.
I believe HiFi servers generate these, so if the user has decided they do not want to be authenticated (and wants to be anonymous) this could return a null signature or not based on their own privacy settings.
Also, all references to username in script (such as GlobalServices.username) could be removed so AC scripts forced on users cannot find the real username any other way.
For those of you who don’t know how signature hashes work, [here] is a description. In this case though the private key and signatures are generated on the HiFi servers so the interface has no access to their own private key.
We need something like this anyway, especially if you will be able to handle whitelist/blacklist domain access via persistent script (which I think is a MUST).
Maybe somebody who knows more about this could chime in, but from what I see this seems to be a good way to handle it.