Considering how aggressive GitHub is with marking new accounts as spam, it's unlikely they signed up with a VPN or Tor. My money is on them being identified.
I would have guessed that their best shot at identifying the leaker would have been through their internal security team. Hoping that a technically competent individual will be uncovered by GitHub feels like a last ditch attempt by a company that doesn't appear to have internal control over their own IP.
> Considering how aggressive GitHub is with marking new accounts as spam, it's unlikely they signed up with a VPN or Tor.
Unless something is changed, you certainly can. I signed up with a Protonmail email over a VPN with no issues (though it's been some years.)
DMCA claims can go up the chain. For example, they could get the email address from GitHub, then subpoena the email provider for info to unmask the person (for example, any phone number used when signing up or logging in to the email account). Then, they could subpoena the phone company to identify the perpetrator.
I would have guessed that their best shot at identifying the leaker would have been through their internal security team. Hoping that a technically competent individual will be uncovered by GitHub feels like a last ditch attempt by a company that doesn't appear to have internal control over their own IP.
> Considering how aggressive GitHub is with marking new accounts as spam, it's unlikely they signed up with a VPN or Tor.
Unless something is changed, you certainly can. I signed up with a Protonmail email over a VPN with no issues (though it's been some years.)