IPFS leaks a fair amount of information:
- Your peer ID is persistent, by default.
- IPFS discovers and advertise your addresses. You’d want to run your IPFS node inside a container (or, even better, a VM) that only knows about the VPN interface.
- The content stored by a node can be used to fingerprint it.
- DHT records stored by a node can definitely be used to fingerprint it.
If you just want pseudonymity (fine with a consistent identity as long as it can’t be easily linked), a VPN plus a VM/container should be enough if you just want basic privacy. If you’re trying to hide from governments, the current IPFS protocols likely aren’t sufficient no matter what you do.