Comment 1 for bug 967064

So the client needs to change so that:
- if there is no token, we use the
    api/1.0/profile/(?P<uuid>[\dabcdef]{32})/$ [name='api-anon-profile'] API to opt-in
- if there is a token, we use what we had before

- if there is no token the server needs to provide a API for recommend_me that works without auth
- if there is a token, nothing will change

- if the user opts in for e.g. purchase or reviews use the authenticted submit_profile call on the next
  submit_profile call (the one that is done regularly)