Maybe I missed it, but has theymos revealed anything about the header information of the mail he received from the hacker?

I'm sure the hacker has used VPN or Tor, however, theymos should be able to confirm/deny this. As you see on the screenshot, the gmx frontend is in English - so if the hacker hasn't used a proxy of any kind, he most probably is located in the US (last time i used gmx, the language was adapting to the location of the IP).

Also: If theymos could go through the headers of some old SN-mails, he also should be able to confirm/deny that SN used Tor or a VPN - or nothing at all to hide his IP. This could be crucial in finding out if the hacker's claim regarding SN's IP is legit. On the other hand: I can not think about any way the hacker could see SN's IP unless SN sent a mail to himself and therefore not using his normal safety settings.

Or - what I can not exclude - IP doesn't mean what I think it means...