Federal authorities arrested a 58-year-old Colorado Springs man after unravelling the origin of a "Declaration Of War" that threatened harm or death to Elon Musk, owners of his Tesla vehicles, and members of President Donald Trump's Cabinet.
My guess is that he was using his phone for tethering to a laptop, and he had a google account associated with his browser. So even though he was going through a VPN, it would show THIS SET OF CREDENTIALS logging in from all the different exit nodes of his VPN provider.
Alternatively, he could have logged into his Google account from the burner phone (not a good idea), or even just created a new Google account, which again, would show logins from a bunch of different exit nodes of his VPN provider.
My guess is that he was using his phone for tethering to a laptop, and he had a google account associated with his browser. So even though he was going through a VPN, it would show THIS SET OF CREDENTIALS logging in from all the different exit nodes of his VPN provider.
Alternatively, he could have logged into his Google account from the burner phone (not a good idea), or even just created a new Google account, which again, would show logins from a bunch of different exit nodes of his VPN provider.