**Summary**
In line with T169097, the #security-team recently completed an audit of the configuration file [[ https://gerrit.wikimedia.org/r/plugins/gitiles/operations/puppet/+/re fs/heads/production/modules/profile/templates/wmcs/db/wikireplicas/maintain-views.yaml | maintain-views.yaml ]], in order to explore whether wiki-replicas pose some privacy risks for the contributors supporting Wikimedia projects. As part of the conclusions, it is recommended that raw IPs of logged-out users be redacted from wiki-replicas
**Broader context**
Displaying raw IP information to the public is a practice that poses obvious privacy risks. IP information can provide very accurate geolocation about contributors and leaving it open to public makes it easier for malign actors to exploit that information. The two queries below provide easily a list of IP addresses used across a Wikimedia project.
```
SELECT * FROM actor
WHERE actor_user IS NULL
LIMIT 100;
```
```
SELECT * FROM ipblocks
WHERE ipb_user = 0
LIMIT 100;
```
One way to address this privacy issue could be to obfuscate or add noise to IPs in the tables
`ipblocks`, `ipblocks_ipindex`, `ipblocks_compat`, and `actor`. For instance, IP information is already hidden from `abuse_filter_log` table [[ https://github.com/wikimedia/puppet/blob/e1e13a59de3021afaa43c31745abbe348a93017d/modules/profile/templates/wmcs/db/wikireplicas/maintain-views.yaml#L236-L241 | through obfuscation ]].