They're saying that when someone uses a privacy token to search, they cannot track which account it's tied to. Therefor, they cannot track limits & billing.
The whole point of privacy tokens is you don't need to track usage. You track generation instead. They can track limits and billing at generation time. They know this. The sentence I previously quoted says so in the [...] section:
> We are working on enabling this feature for Trial and Starter plans, which have access to a limited number of monthly searches. Therefore, they risk a worse user experience if their generated tokens are lost (for example, due to uninstalling the extension)
If they don't track limits and billing at generation time, then there's no "risk [of] a worse user experience if their generated tokens are lost".
This ""risk [of] a worse user experience if their generated tokens are lost" is a logical reason to not enable privacy tokens for Trial and Starter plans. The risk of "users on this plan could redeem more tokens than the limit of searches allowed on their plan" is not a logical reason to not enable privacy tokens for Trial and Starter plans.
What's to stop a single unlimited user from generating and sharing infinite tokens with the rest of the world, then?
Edit: Each account is limited to 2000 tokens per month, unless they email support to request more. (from the FAQ near the bottom).
Still seems like there could be a secondary market for resold tokens, though. Not just as a money making system, but possibly as a privacy initiative? If enough accounts pooled tokens into a shared pool and withdrew a random one from it each time, it would be a further safeguard.
