The mint does know the IP of the users that interact with it. But if the mint has no way to tie your identity to an IP, then it's not a problem. Since the user can also use TOR or a VPN, Bob can never be certain of whether Alice's or Carol's IP is actually "theirs" (if you are thinking in a simplistic way and you assume their home IP is "their" IP, for instance).

One example: I'm on a cafe with my phone. I'm connected to the wifi. I ask the mint for some tokens in exchange for my sats. The mint sees the cafe IP. Now I turn on my phone's wifi and connect through my own data. Repeat the same interaction. The mint sees a different IP. The mint has no way of knowing if both interactions are from the same person.

Another eaxmple: I have a VPN set up with my own VPS somewhere. I route my traffic through there, so online services, like the mint, see my VPS IP instead of my device's. I'm a generous guy and I share this VPN with 9 other friends who use it frequently. In this case, if all of us interact with the mint, the mint sees the same IP repeatedly, but has no way of telling who's who or even if there is one or multiple people interacting with it.

So, summing up: the mint is pretty much in the dark. A bunch of interactions with a bunch of IPs could hide all sorts of different combinations of people, devices and identities behind it.

Hope this helps. calle and gandlaf definitely will have better insights than I do.