Precisely...
Not to get too deep into the weeds here, but terroristic threats, for example, made using the Internet have an audit trail which will resolve to an Internet Protocol address in the form NNN.NNN.NNN.NNN.
Now, if the user didn't proxy through another server, the IP address will tie back to an Internet Service Provider, whether a cable or DSL provider, cellular carrier, etc.
This audit trail will then point to the ISP's subscriber (customer), perhaps a public library, a coffee shop, your cell phone, a cable modem, etc.
Law enforcement will then turn the heat up on the subscriber to give up the actual user...
Too far in the weeds, huh?
BTW, can someone show me the mitigation here?