You should reference the original article by 0xB10C:
LinkingLion: An entity linking Bitcoin transactions to IPs? Do dandelions help against lions?The Summarise:
To summarize, an entity frequently opens connections from multiple IP ranges to many nodes on the Bitcoin network. Some characteristics, like the fake user agents and the block heights that increase precisely every 10 minutes, confirm that the connections do not originate from some misconfigured Bitcoin node but are custom clients. About 20% of the connections are used to listen to transaction announcements, allowing the entity to link newly broadcast transactions to IP addresses. The same IP addresses connect to nodes on the Monero network too.
Only a few details about the entity are known. The same IP ranges have been making connections since 2018 in some capacity. It’s unclear if the IP ranges are maybe endpoints of a VPN service. Similarly, if the entity is a single entity or a group of legal entities is unknown. The behavior could indicate financial motives. A possibility is a blockchain analysis company that wants to enrich its product with additional data. A short-term solution might be a banlist or reporting the entity’s behavior. Solving the root problem requires deeper changes to the P2P logic in bitcoin.
Anyone who runs nodes can see whether LinkingLion is connected or not by running:
$ bitcoin-cli getpeerinfo | grep -E '162.218.65|209.222.240|91.198.115|2604:d500:4:1'
violating the privacy of these users
Anyone who have done bitcoin transaction without using their own node should expect that the transaction can be tracked, even without this LinkingLion thing. The solution for the users themselves is to simply run their own node, and currently, also using the mitigation ways as stated in the article to block the alleged LinkingLions' motive.