When data is released it is usually scrubbed of PII. Information like names, birthdays, addresses, etc. I am wrestling with opening data from my startup but cannot make a decision on user IP address data. Are there precedents for or against providing this kind of information in an open dataset?
One can geolocate well enough with many IP addresses that, with a bit of additional data if not solely using the IP address, the request source is quite identifiable.
Even several years ago (i.e. in "less sophisticated" times), I had a few occasions to do this manually. The experience was eye-opening. (It's one thing to understand the concept. It's another to drill down and target someone in a matter of minutes, if not moments.)