[badRNG]

> My money is on them being identified.

I would have guessed that their best shot at identifying the leaker would have been through their internal security team. Hoping that a technically competent individual will be uncovered by GitHub feels like a last ditch attempt by a company that doesn't appear to have internal control over their own IP.

> Considering how aggressive GitHub is with marking new accounts as spam, it's unlikely they signed up with a VPN or Tor.

Unless something is changed, you certainly can. I signed up with a Protonmail email over a VPN with no issues (though it's been some years.)

[chatmasta]

They cracked down on anonymous accounts after they launched Actions and every spammer in the world tried to run crypto miners on them.

I've tried signing up via Tor in the past, and my account was automatically flagged with no ability to create public repositories.

[smith7018]

A freshly-imaged machine on public wifi should be more than enough to hide their identity. No reason they have to use Tor.

[diebeforei485]

DMCA claims can go up the chain. For example, they could get the email address from GitHub, then subpoena the email provider for info to unmask the person (for example, any phone number used when signing up or logging in to the email account). Then, they could subpoena the phone company to identify the perpetrator.

[chatmasta]

Next we'll hear about Musk buying a coffeeshop in downtown SF to get access to their security cameras