Since GDPR became law in May 2018, one of the things we did was make IP address anonymization the default. It took a few bug reports that very slowly rolled in before we realized this broke existing IP tags and filters unless they were also updated or were already using wildcards. I’m guessing most people already use wildcards because even after we knew about the problem, very rarely would anyone contact us about it.
Good news, we just pushed up a fix. What happens now is if you have IP anonymization enabled, then at run time (in both Spy and in the script that processes traffic in batches every 20 seconds), we dynamically convert all IP tags and filters to wildcards, which will then match anonymized IPs as they roll in. It sounds simple but we took the time to rewrite a bunch of related legacy code that hadn’t been touched for a while, that always adds in some unexpected fun.
This change may lead to some false positives if you actually only want to tag or block a specific IP within a subnet, but that scenario just gets less likely over time as almost everything is behind a firewall these days. If it’s a problem for anyone then we can make it a preference, but preferably you can switch to UID tagging or blocking instead, which is cookie based and works even when the visitor’s IP changes.