Saying they "realized you could identify the location of many posts and wrote a paper" is downplaying the situation. The authors essentially ran a lookup table attack, computing over 3 quadrillion hashes to crack the IPs. The website owner incorrectly thought and claimed this would protect IPs, which are PII.
For more context, see here: https://marginalrevolution.com/marginalrevolution/2023/07/th...