What’s your view on the ethics of doing this for users who haven’t signed up or otherwise provided any info, and thus think they’re anonymous?

Do you think most otherwise-anonymous Web visitors know or understand that IP->individual/business lookups are possible (for IPs which don’t have reverse DNS or SWIP entries)? It seems like basically no Web visitors know about IP data appending.

If or when this does become mainstream knowledge, how do you think the general public will react?

The purpose of using this data for personalization is to help the incoming visitor find what they are looking for and understand more specifically why a product would be right for them. Our system is built such that when a user visits a Mutiny enabled website, their information is never shared nor sold. Only the company whose website the user has chosen to engage with has access to this data, similar to how company's use analytics platforms today.

We do not use 3rd party cookies, so user data is always protected across companies and domains. If users prefer to forgo personalization we respect these privacy settings and allow users to opt-out.

Could you point out where this is in your privacy policy? My admittedly-basic reading seems to show the opposite. https://www.mutinyhq.com/privacy says this:

"“Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do respond to or honor DNT signals or similar mechanisms transmitted by web browsers."

If, as you note, you respect users' privacy settings, why don't you honor Do Not Track? Forgoing personalization is the whole reason that DNT exists.

If this was an oversight, how about updating your service's behavior and the privacy policy?

We do indeed honor Do Not Track in our service. Additionally, users can opt-out by emailing privacy@mutinyhq.com as detailed in the privacy policy.