In line with T169097, the Security-Team recently completed an audit of the configuration file maintain-views.yaml, in order to explore whether wiki-replicas pose some privacy risks for the contributors supporting Wikimedia projects. As part of the conclusions, it is recommended that raw IPs of logged-out users be redacted from wiki-replicas
Displaying raw IP information to the public is a practice that poses obvious privacy risks. IP information can provide very accurate geolocation about contributors and leaving it open to public makes it easier for malign actors to exploit that information. The two queries below provide easily a list of IP addresses used across a Wikimedia project.
SELECT * FROM actor WHERE actor_user IS NULL LIMIT 100;
SELECT * FROM ipblocks WHERE ipb_user = 0 LIMIT 100;
One way to address this privacy issue could be to obfuscate or add noise to IPs in the tables
ipblocks, ipblocks_ipindex, ipblocks_compat, and actor. For instance, IP information is already hidden from abuse_filter_log table through obfuscation.