Any system like this should require opt-in. It isn't hard to code, and it
avoids legal issues. Just require the user to make a dummy edit to their
user page while logged in with a specific, self-explanatory edit summary,
and check for it with the API, then maintain a database of verified users.
Heck, we could even do this in a toolserver-wide process, with one opt-in
system for all tools, and a centralised system with an API for checking if a
user is verified.