What are the privacy risks of exposing IP adresses?

My IP is 127.0.0.1
I dare you to DDOS and/or doxx me.

I'm inclined to think that your IP provides powerful cross-reference potential. Imagine someone either buys the data off of all data brokers out there or a law enforcement agency obtains similar kind of data through warrants, etc. They can cross-reference IPs and time-stamps and determine, that you, Joe Blow, age 35, who works at X, volunteers at Y, and lives at 123 main street, browse for some kind of very embarrassing porn every night. It's a drastic example to illustrate the idea, but I don't think it's far-fetched.
This could be taken further by imagining a wider net: say, a large portion of people who have donated to this political candidate or who work for this company browse for that same embarrassing porn every night.
I'm thinking birds-eye view of potential privacy violations here.
- Example: https://iknowwhatyoudownload.com/
  Mine is blank, not even using VPN (don't need to where I live) just NextDNS and required encrypt/anon mode enabled for torrents.
  https://iknowwhatyoudownload.com/en/stat/CA/daily
  https://iknowwhatyoudownload.com/en/stat/US/daily
  
  There's stuff on there I didn't download... Hundreds of gigs. Eek.
  
  Wow, I've been busy with a lot of stuff. That I haven't done. The glory of VPN (that doesn't keep logs) is you're behind the noise of anyone else. Sometimes it's better to not be hidden, but be in the crowded plain sight.
  
  Doesn't work for starlink just checked

They only expose approximate, not precise, locations, so they shouldn't be a risk like GPS that exposes precise locations?
Be aware, this is VASTLY dependent on your ISP. Smaller ISP's especially DSL based ones in rural areas are notorious for giving almost exact address when you reverse look up it.
My old ISP used to do that. like I had to try super hard to mask my IP if I went somewhere like IRC or Chatango that disclosed the full address to people joining, because if someone wanted to they could have looked up my address down to the house just by following the remote lookup because it would show my address instead of their nearest hub.
Thankfully now it shows me somewhere in NY which I feel a lot more comfortable with, but still don't take for granted that it's only an approximate.
As for actual privacy risks? It really depends on how private you want to get. A reverse lookup will give you your provider, and sometimes as I said above more. And if you have any forwarding enabled they can also try to get through your services using any exploits or misconfigurations you may have.
Additionally, some routers will disclose a worryingly large amount of data if misconfigured, for example ATT modem/routers will give customer information, connected devices(including names) and VOIP phone configurations if you can get the router to think you are a local device or manage to misconfigure the management port to allow external connections. This is all without the requirement of a password/no auth
- How do you reverse lookup?

If you trust your firewall, it’s less of a worry than exposing your license plate.

Depends of where you lives. if you have only 1 house per km² around you and your isp box provide predictable SSID name, you could be easily found as the ip range is per provider.
Google street cars capture also the wifi network around them when taking street photos.
And getting your ip can connect the people directly to your box. A trace route command to this IP could return intermediate equipment of your isp, helping to pinpoint your town or even your street.
- I think this is a little confused. Unless your WiFi is open someone seeing your network can't find out what the WAN IP is.
  And getting your ip can connect the people directly to your box
  "Connect" is a strong word here. Yeah, they can send traffic at it. But that shouldn't do anything.
  A trace route command to this IP could return intermediate equipment of your isp, helping to pinpoint your town or even your street.
  This is the most reasonable concern. Depending on your ISP and location the IP itself or packet tracing you can get a pretty good idea of the user's location.
  
  I don't know for you but, by default, all our ISP box here broadcast an "open" SSID that allows any customers of this ISP to login with their ISP credentials on the ISP box around them (except if the customers switch off this function). That allow a customer with a dead box or in travel to still have internet. (traffic is of course segregated).
  So if you know the ISP brand via the IP range and find a isolated home with this provider ssid visible, you found the address of the IP. Again that work only with low number of houses or not often use ISP.
  Connect for me is not connected like a logon but more in term of network connection (pinged).

If you do something sus, the police can likely request who had which IP at which time and lead them right to your door.
- If the Police can come right to your door, I assume that your ISP has your home address linked to your IP. Could anyone else access it?
  
  Not really, AFAIK the closest external actors can access is the general area based on the central you're connected to.
  Have you tried an IP lookup like What's my IP?

Theres definitely some risk especially in semi-anonymous forums like Lemmy. For example Lemmy.world is blocking VPNs so they know everyone's IP addresses and given post history etc its very easy to actually identify who's who. Especially now with AI forensics.
That being said, as a security expert, I think it's not always productive for casual people to be obsessed with this and you if you can you should use a VPN or a mobile network which due to how cell towers work is much more anonymous than anything else in practice (datacenter IPs work too as well as TOR but those are blocked in practice)
- I don't think they block VPNs, they just use Cloudflare which often ends up being shitty. I iust tried 2 servers from Mullvad, and it works fine.
  But I think it kept blocking me when I used Lifecell SIM card, like many other websites behind Cloudflare.
  At this point if I see CF page I iust leave. It's not worth waiting to see if the captcha let's you in (most likely not).
  Oh, hey, someone here linked iknowwhatyoudownload.com and I can't enter it with neither Mullvad nor plain Czech T-Mobile.

Your ip is the identity of your router.
By using simple tools you can find the manufacturer of your router and potentially use a known security to gain access to your network.
You expose yourself to being targeted by focused network attacks, since they know the address belongs to you.
In ye olden days, it would have been possible to track your ip and what it was accessing online. Its harder to do today due to cryptography and vpn's, but still a risk.
- What?! You need the MAC to identify a router and MACs don't go over the internet.
  it would have been possible to track your ip and what it was accessing online
  I'll let you go ahead and explain that one.
  
  Maybe if you open a browser to it and external management is allowed, it might say linksys?
  
  No, of course not the MAC. Just as an example nmap can guess the OS based on fingerprinted behaviours. There are pentesttools that can guess the OS.
  Like i said. Old days. You could get access to a distribution switch where the physical security was all that mattered. The town where i grew up had some early variation of cg-nat that meant all devices where in a way on the same network. It created plenty of issues when trying to play online with friends during Quake/WC3 etc.
- Are you maybe thinking of MAC addresses? That would be closer being the "identity" of a device and you can typically identify the manufacturer from it. You can't see the MAC address of a remote router via the internet though unless you are on its local network.
  An IP address is usually a temporary lease provided by your ISP, and residential connections usually get a new one every once in a while (like every 24 hours).
  
  My Starlink provider changed every few days but my new fiber connection has been unchanged for 6 months since I got it. I have taken advantage of that and have hosted some stuff on a domain that's pointing back to that address and port forwarded.

It depends if you have any reverse proxies. If not? Really nothing.
If yes, lots.
Potentially everything on your network could become hacked. That's not likely but is a worst case scenario.

it could enable targeted attacks. just use a vpn if you can afford one.
- ProtonVPN is free, funded by paid users, but you can't torrent on free servers and its gonna make your internet slower (I mean obviously they aint gonna give you the fast servers for free).

Also my IP changes every time the router restarts, so that's a thing too.

There aren’t any privacy risks.

so they shouldn't be a risk like GPS that exposes precise locations?
Yes, they only provide country, province/state and city. As others mentioned if you’re worried about this information get yourself a reliable VPN provider and, route all your devices through said VPN provider, ideally through your router.
When picking a VPN provider it is highly recommended to read their Privacy Policy before signing up, ensure they don’t log data.
- In my experience the city information is not particularly reliable. If you geolocate my IP the city is always wrong.
  
  I get targeted ads based on IP location… for different regions of my country.