Talk:Trust and Safety Product/Temporary Accounts

Recent changes on our talk pages

List of abbreviations: D Wikidata edit N This edit created a new page (also see list of new pages) m This is a minor edit b This edit was performed by a bot (±123) The page size changed by this number of bytes 21 June 2025       17:17  Talk:Trust and Safety Product/Temporary Accounts 12 changes history +7,609 [Huñvreüs; Foomin10; Johannnes89 (2×); NicoScribe (8×)]        17:17 (cur | prev) +769 NicoScribe talk contribs (→Will Special:GlobalContributions accept a list?: update)        15:34 (cur | prev) +339 NicoScribe talk contribs (→Global temporary account IP viewers and global rollbackers: update)        15:33 (cur | prev) +268 NicoScribe talk contribs (→Global temporary account IP viewer right on request: update)        15:32 (cur | prev) +348 NicoScribe talk contribs (→Will Special:GlobalContributions accepts a list?: update)        14:31 (cur | prev) +723 Foomin10 talk contribs (→Translation of 'temporary' in Japanese: Reply) Tag: Reply        13:51 (cur | prev) +342 NicoScribe talk contribs (→Disclosure "to other users who have the same access rights": update)        09:15 (cur | prev) +910 Huñvreüs talk contribs (→Global temporary account IP viewers and global rollbackers: new section) Tag: New topic        05:45 (cur | prev) +402 Johannnes89 talk contribs (→Investigate cold cases in the temporary-accounts-era: Reply) Tag: Reply        05:36 (cur | prev) +393 Johannnes89 talk contribs (→Will Special:GlobalContributions accepts a list?: Reply) Tag: Reply        01:09 (cur | prev) +286 NicoScribe talk contribs (→Log for Global Contributions (WMF new tool): update)        01:08 (cur | prev) +1,845 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)        01:07 (cur | prev) +984 NicoScribe talk contribs (→Will Special:GlobalContributions accepts a list?: update)       15:47  Talk:Trust and Safety Product/IP Info 2 changes history +598 [NicoScribe (2×)]        15:47 (cur | prev) +313 NicoScribe talk contribs (→Presence of global contributions: new section) Tag: New topic        15:45 (cur | prev) +285 NicoScribe talk contribs (→Relevant IP ranges: new section) Tag: New topic 20 June 2025       21:56  Talk:Trust and Safety Product/Temporary Accounts 15 changes history +7,921 [Matma Rex (2×); Johannnes89 (3×); NicoScribe (10×)]        21:56 (cur | prev) +252 NicoScribe talk contribs (→Why global temporary account IP viewers have one abusefilter right?: update)        21:55 (cur | prev) +757 Johannnes89 talk contribs (→Investigate cold cases in the temporary-accounts-era: Reply) Tag: Reply        21:46 (cur | prev) +389 Johannnes89 talk contribs (→Will Special:GlobalContributions accepts a list?: Reply) Tag: Reply        21:41 (cur | prev) +624 Johannnes89 talk contribs (→Log for Global Contributions (WMF new tool): Reply) Tag: Reply        21:22 (cur | prev) +1,147 NicoScribe talk contribs (→Why global temporary account IP viewers have one abusefilter right?: update)        18:11 (cur | prev) +860 Matma Rex talk contribs (→Why global temporary account IP viewers have one abusefilter right?: Reply) Tag: Reply        16:54 (cur | prev) +746 NicoScribe talk contribs (→Why global temporary account IP viewers have one abusefilter right?: update)        16:14 (cur | prev) +300 Matma Rex talk contribs (→Why global temporary account IP viewers have one abusefilter right?: Reply) Tag: Reply        14:10 (cur | prev) +143 NicoScribe talk contribs (→Why global temporary account IP viewers have one abusefilter right?: update)        14:08 (cur | prev) +412 NicoScribe talk contribs (→Why global temporary account IP viewers have one abusefilter right?: new section) Tag: New topic        11:08 (cur | prev) +49 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)        11:02 (cur | prev) +316 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)        10:25 (cur | prev) +533 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)        09:59 (cur | prev) +564 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)        09:39 (cur | prev) +829 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: update)       15:21  Talk:Trust and Safety Product/Anti-abuse signals/User Info diffhist +232 Nemoralis talk contribs (→Candidate wiki: new topic) Tag: CD       09:31  Talk:Trust and Safety Product/IP Info diffhist +344 NicoScribe talk contribs (update) 19 June 2025       18:57  Talk:Trust and Safety Product/IP Info 6 changes history +2,785 [NicoScribe (6×)]        18:57 (cur | prev) +72 NicoScribe talk contribs (→Frequent unintentional use of IP Info: update)        18:46 (cur | prev) −20 NicoScribe talk contribs (→Frequent unintentional use of IP Info: update)        18:42 (cur | prev) −88 NicoScribe talk contribs (update)        13:05 (cur | prev) +37 NicoScribe talk contribs (update)        12:35 (cur | prev) +1,490 NicoScribe talk contribs (→Frequent unintentional use of IP Info: new section)        12:02 (cur | prev) +1,294 NicoScribe talk contribs (→Everyone needs the IP Info log limited to their own entries: new section) Tag: New topic       18:30  Talk:Trust and Safety Product/Temporary Accounts 13 changes history +7,480 [Whym (3×); NicoScribe (10×)]        18:30 (cur | prev) +574 NicoScribe talk contribs (→Log for Global Contributions (WMF new tool): new section) Tag: New topic        17:10 (cur | prev) +12 NicoScribe talk contribs (update)        16:53 (cur | prev) +1,655 NicoScribe talk contribs (→Investigate cold cases in the temporary-accounts-era: new section) Tag: New topic        16:49 (cur | prev) +1,881 NicoScribe talk contribs (→Will Special:GlobalContributions accepts a list?: new section) Tag: New topic        12:42 (cur | prev) +10 NicoScribe talk contribs (→FAQ should say that privacy is improved for some users, but is deteriorated for other users: update)        12:33 (cur | prev) +83 Whym talk contribs (archiveheader = {{talk archive|Talk:Trust and Safety Product/Temporary Accounts}}) Tag: 2017 source edit        12:29 (cur | prev) +117 Whym talk contribs (→Translation of 'temporary' in Japanese: Reply) Tag: Reply        12:28 (cur | prev) +652 Whym talk contribs (from Talk:Trust and Safety Product/Temporary Accounts/2025/January) Tag: 2017 source edit        12:02 (cur | prev) −1,257 NicoScribe talk contribs (wrong page)        09:04 (cur | prev) +1,650 NicoScribe talk contribs (→FAQ should say that privacy is improved for some users, but is deteriorated for other users: new section) Tag: New topic        09:03 (cur | prev) +1,294 NicoScribe talk contribs (→Everyone needs the IP Info log limited to their own entries: new section) Tag: New topic        09:02 (cur | prev) +423 NicoScribe talk contribs (→A temporary account IP viewer needs a short log: update)        09:01 (cur | prev) +386 NicoScribe talk contribs (→Why Special:GlobalContributions is limited?: update)

The following Wikimedia Foundation staff monitor this page: SGrabarczuk (WMF) Timezone: UTC+1/+2 Language(s): pl, en NKohli (WMF) Timezone: UTC-7/-8 Language(s): hi, en

Archives
Older archives on Meta 2024: January, February, March, April, May, June, July, August, September, October, November, December 2025: January, February, March, April

Will it be possible for users who are an admin on one project to request global temporary account IP viewer right if they frequently handle cases of cross-wiki vandalism also if they do not need global rollback rights? GPSLeo (talk) 06:48, 16 May 2025 (UTC)Reply

Hello @GPSLeo, this is a very good question! Currently, the policy allows Stewards to grant local (but not global) permissions discretionally. We may change the policy if we see demonstrated need, but I wanted to note that in principle, we are particularly cautious about who should have the global access. The difference between one and a 1000+ wikis is tremendous. I will let the team know about your question, and we will be monitoring the situation. Thanks! SGrabarczuk (WMF) (talk) 19:16, 16 May 2025 (UTC)Reply

Hello @GPSLeo: you can look at #Oversighters and local administrators: it contains my questions, which are complementary to yours. I hope WMF will answer soon. --NicoScribe (talk) 15:33, 21 June 2025 (UTC)Reply

If a user with temporary account IP viewer rights (non admin or advanced rights) is blocked does this also prevent them to use the IP reveal or does the right have to be removed if a user is blocked? And what happens in case of partial blocks? GPSLeo (talk) 06:52, 16 May 2025 (UTC)Reply

Hey @GPSLeo, thanks a lot for this question! It's pretty important to clarify this, I've added it to the FAQ.

If a user is blocked sitewide, they aren't able to use this right - the software doesn't allow it, even though they do keep the right. If they are blocked partially, they can use the right. SGrabarczuk (WMF) (talk) 22:53, 30 May 2025 (UTC)Reply

I have a couple small issues with the help page:

1. "Temporary accounts have their own user pages and user talk pages, but they will eventually delink from the person who made the page." I'm not sure if I understand this correctly but the sentence seems to assume that the user/user talk pages would be always created by the temporary user themselves? For user talk pages it's usually somebody else.
2. "You could redirect your temporary user page to your new account." Wherther or not this is allowed depends on local user page policies. Some sort of local policy caveat should be added for temporary account user pages.

Samoasambia (talk) 13:25, 19 May 2025 (UTC)Reply

Hello @SGrabarczuk (WMF):

In Trust and Safety Product/Temporary Accounts/FAQ#Is there a limitation for creating many temporary accounts from the same IP address?, the text says $wgRateLimits.

Perhaps it should be $wgTempAccountCreationThrottle instead?

cf. mw:Manual:$wgTempAccountCreationThrottle

Regards NicoScribe (talk) 21:44, 26 May 2025 (UTC)Reply

Thank you for spotting this, @NicoScribe. You are correct! I fixed it. SGrabarczuk (WMF) (talk) 21:59, 26 May 2025 (UTC)Reply

Hi @SGrabarczuk (WMF) and other experts. I just tested the temporary accounts on Testwiki by logging out. I wanted to test the talk page notifications and logged in again like Ellywa (with Two factor) and editted the talk page of the temp account. Logging out again, my temporary account appeared different. You can note the edits made by ~2025-61155 and some minutes before by ~2025-61546 (same Chrome browser, and both by the same person and PC) on the sandbox history. When logging in and out again my temp account remained ~2025-61155 and I could see the talk page notification. Perhaps it is a bug, or it is just a foolish test... . Regards, Ellywa (talk) 11:58, 27 May 2025 (UTC)Reply

Hey @Ellywa, thanks for the message! First I'd like to confirm if I understand you did, step by step:

1. 13:16, you edited as ~2025-61546
2. 13:17, you logged in and commented on ~2025-61546's talk page
3. 13:18 and 13:45, you logged out and edited as ~2025-61155
4. 13:46, you logged in and commented on ~2025-61155's talk page
5. 13:47, you logged out, edited, and still had ~2025-61155 as your temporary account, and this is what surprised you, right?

Bedankt, SGrabarczuk (WMF) (talk) 14:15, 27 May 2025 (UTC)Reply

Yes indeed SGrabarczuk (WMF). Prior to step 1, I logged out from Ellywa. Ellywa (talk) 18:15, 28 May 2025 (UTC)Reply

This is why we updated the policy and changed the granting of this group from automatic to manual, done by administrators or stewards upon request.

Does this also mean that local communities should not add this right to a certain user group? For example, patrollers? Nemoralis (talk) 16:46, 29 May 2025 (UTC)Reply

Hey @Nemoralis! The intention is not to bundle the right with any group which may continue their work without access to IP addresses. Having said that, it is OK to give this right to many/most individuals in a group, if they meet the criteria set for "other users". For example, it seems that the French WP community would almost merge the requests for rollback and the new right. People who will be applying for both will just need to write a bit more than those who will be only applying for one right. Is this clear, do you maybe have further questions? Thanks! SGrabarczuk (WMF) (talk) 19:38, 30 May 2025 (UTC)Reply

Moved from foundation:Policy talk:Wikimedia Access to Temporary Account IP Addresses Policy

"After opt-in, access is automatically granted to users who meet the requirements. In order to maintain access to the IP addresses of temporary accounts, users in this category must edit or take a logged action to the local project at least once within a 365-day period."

Actually I could stop editing for ten years and after that with a single edit I become active again and get the access back, because it's not like at least 300 edits in the recent but only 300 edits in total as a requirement. So what is the point of the revocation because of inactivity, do I need to enable it in the settings again or what else? That could be more clear. Killarnee (talk) 02:51, 6 December 2024 (UTC)Reply

Hey @Killarnee, I'm sorry that you needed to wait about six months for a reply! I've made that page a redirect, so we will spot new questions sooner.

Our answer is: in this situation, a user will lose the flag. When they become active, they will need to apply again if they think they will need it. SGrabarczuk (WMF) (talk) 20:49, 30 May 2025 (UTC)Reply

Hello @SGrabarczuk (WMF):

Earlier today, you said that this is the central talk page about the (Temporary Accounts) project. Will you turn Help talk:Temporary accounts into a redirect? (Even if at the top of the page there is currently a clear message box.)

Regards NicoScribe (talk) 00:54, 31 May 2025 (UTC)Reply

Hey @NicoScribe, this is an interesting remark. I wasn't planning on doing it, I'd prefer to just see if there's need. So, 50/50, I guess :D SGrabarczuk (WMF) (talk) 01:21, 31 May 2025 (UTC)Reply

Hello,

I am not a temporary account IP viewer in Swahili Wikipedia. If I go to sw:Special:IPContributions, I understandably see this message:

• Permission error
• You do not have permission to view IP addresses used by temporary accounts, for the following reason:
• The action you have requested is limited to users in one of the groups: Administrators, Bureaucrats, Temporary account IP viewers.

The message should also mention Checkusers+Oversighters, no?

Perhaps this is a consequence of Checkusers+Oversighters using the right checkuser-temporary-account-no-preference, whereas Administrators+Bureaucrats+Temporary account IP viewers use another right: checkuser-temporary-account.

Regards NicoScribe (talk) 00:57, 31 May 2025 (UTC)Reply

Swwiki don't have OS/CU members, so the message is ok. If they were 2 CU, then the message would be incorrect tho. I assume the message is updated if CU is 'functionnal' or the way you mentioned but I'm not quite sure about that. It has to be checked in mediawiki code. Perhaps someone has the answer. Otherwise I'll try to check later. LD (talk) 00:51, 1 June 2025 (UTC)Reply

I assume the opposite, I assume the message is not updated if a CU or OS exists. Perhaps I am mistaken, but I think that the displayed system messages are fixed in https://sw.wikipedia.org/wiki/Maalum:IPContributions?uselang=qqx.

And I can't find a better example, because the 5 current pilot wikis don't have OS/CU members.

Moreover, my first message is incomplete: the message should also mention the 8 global groups with IP access privileges. Well, instead of listing 13 user groups, the message could be simplified: "The action you have requested is limited to users with IP access privileges." --NicoScribe (talk) 21:59, 2 June 2025 (UTC)Reply

Hello,

In Phabricator:T325658 about the log of access to IP addresses of temporary accounts, there is the text "This log is visible to staff (t&s), stewards, checkusers and ombuds".

The right checkuser-temporary-account-log can be seen for Staff+Stewards+Ombuds in no:Special:GlobalGroupPermissions, and for checkusers in no:Special:ListGroupRights.

In Trust and Safety Product/Temporary Accounts/Updates/2025-05 Access to IP addresses, there is the text "Access to IPs will be logged (example)." where the example is a log of access to IP addresses of temporary accounts. If I click on the example, I understandably see this message:

• Permission error
• You do not have permission to view the log of access to temporary account IP addresses, for the following reason:
• The action you have requested is limited to users in the group: Check users.

The message should also mention Staff+Stewards+Ombuds, no?

Regards NicoScribe (talk) 01:02, 31 May 2025 (UTC)Reply

Staff, stewards and ombuds are checkusers on every project, they are listed in m:CheckUser_policy#Everywhere. For the reference, checkusers are not necessarily part of staff, steward or ombuds and are often 'local checkusers'. As a frwiki CU, I can't access nowiki logs- but I can access frwiki logs. If I were steward, I could access logs on any wiki.

That being said, the error message is correct. LD (talk) 00:43, 1 June 2025 (UTC)Reply

I disagree, you can't say they "are checkusers", they are only "users with CheckUser access" (in m:CheckUser policy#Users with CheckUser access). The message lists groups, but your rationale is about rights.

Moreover, you can't expect a basic user (like me) to deduce "Check users" = "Checkusers+Staff+Stewards+Ombuds". --NicoScribe (talk) 22:01, 2 June 2025 (UTC)Reply

I'm not sure the current wording of the CU Policy truly distinguishes between being a CheckUser and having CU access. I mean, why can't users who have global access to CU be called CheckUsers? Nevertheless, the distinction makes sense to me, which is one of the reasons why I'm working on an updated version of the policy where the focus is on 'CU access', which is explicitly defined (e.g., This access (…) is available to CheckUsers, Stewards, and users in the staff global user group.), if that can help. In my opinion, we should avoid using 'CheckUser' as the name for the CU rights package, especially since ArbComs exist, but that's the way it is.

>The message lists groups, but your rationale is about rights.

This message lists local groups, as an example Staff+Stewards+Ombuds aren't mention on fr:special:Investigate neither. LD (talk) 23:24, 2 June 2025 (UTC)Reply

Hello,

In Trust and Safety Product/Temporary Accounts/Updates/2025-05 Access to IP addresses, there is the following text:

• we have decided to go ahead with the idea of admins (and where needed, stewards) manually granting the right to view IPs to those who need it.
• Additional burden on administrators. We understand the toil of having to grant and remove an additional right. This is indeed a downside. We think that it will only have to be a one-time effort to grant this right to a larger number of people.

Moreover, in the policy, there is the text "Submit an access request to local administrators, bureaucrats where local consensus dictates,[Note 1] or stewards" with Note 1 = "Communities wishing to change the default from administrators to bureaucrats should make a request through Phabricator".

Why, by default, only administrators or stewards can add/remove the user group "Temporary account IP viewers" to an account? Why not bureaucrats too? The main goal of a bureaucrat is to add/remove user groups to accounts, no?

Regards NicoScribe (talk) 01:10, 31 May 2025 (UTC)Reply

Good point, @NicoScribe. First, on most wikis, bureaucrats are also administrators. And second, we'd like the policy to clearly state who users wanting to get the right should go to. Because there are way more admins than crats, it doesn't make sense to limit it to crats. So from the global perspective, simpler is better - admins should be the default. Does my explanation make sense? SGrabarczuk (WMF) (talk) 01:28, 31 May 2025 (UTC)Reply

@SGrabarczuk (WMF): I understand. Well, WMF could delete the bureaucrats group (their job could be done by administrators and stewards), because simpler is better!

I am not saying to limit it to bureaucrats. I am saying: administrators and bureaucrats should be able to add/remove the user group.

Everytime a user group is created by WMF, the natural move should be "bureaucrats will add/remove it". Because that's their job... If, for whatever reason, a user group is created and needs to be granted by administrators: OK, I am fine with that, but bureaucrats should be able to grant it too. Because that's their job...

Well, the group "Temporary account IP viewers" is not the only one granted by administrators instead of bureaucrats. I don't understand these cases because administrators already have so many responsibilities (whereas bureaucrats have so few responsibilities).

"it will only have to be a one-time effort to grant this right to a larger number of people" so, after this one-time effort, do you think administrators should lose the ability to grant/remove this user group? And bureaucrats should earn the ability to grant/remove this user group? --NicoScribe (talk) 15:46, 31 May 2025 (UTC)Reply

@SGrabarczuk (WMF): The main reason the default configuration assigns the task to sysops is that the bureaucrat role doesn't exist on every wiki. As explained in m:Bureaucrat, this role is typically created only when a wiki has sufficient activity.

If bureaucrat were set as the default, most wikis wouldn’t be able to function properly because they don’t have that role available.

That's why this quote doesn't make sense: Everytime a user group is created by WMF, the natural move should be "bureaucrats will add/remove it". It can't be that way because the existence of bureaucrat depends on the wiki size- to sum it up. Nevertheless, @NicoScribe, I see your point: WMF should always consider that bureaucrats might need to substitute or complete sysop. The policy considered it (both groups are allowed to assign the IP viewer group).

But it has to be set in the wiki config- just because it can't be set globally for the explained reason. LD (talk) 23:09, 31 May 2025 (UTC)Reply

Again, I am not saying to limit it to bureaucrats. I am saying: administrators and bureaucrats.

Even in wikis without bureaucrats, the bureaucrats group exists in Special:ListGroupRights. So it can be set globally! the right to add/remove a new user group can be added to bureaucrats in all wikis.

If, everytime a user group is created by WMF, the right to add/remove this user group is given to bureaucrats (and administrators and stewards):

• WMF should be happy: they have nothing more to do, and the new user group is ready to use
• "big" wikis should be happy: they have nothing more to do, their bureaucrats can do the job
• "small" wikis should be undisturbed in the short term (because here stewards do the job), and happy in the long term (ready for bureaucrats when becoming a "big" wiki)

If, everytime a user group is created by WMF, the right to add/remove this user group is not given to bureaucrats (and given only to administrators and stewards):

• WMF should not be happy: they have a new burden, they have to prepare a form to request a change for "big" wikis, and be ready to apply their requests so that their bureaucrats can do the job
• "big" wikis should not be happy: they have a new burden, they have to create a local discussion to confirm their local consensus, and fill a request for the change so that their bureaucrats can do the job
• "small" wikis should be undisturbed in the short term (because here stewards do the job), and not happy in the long term (not ready for bureaucrats when becoming a "big" wiki).

You see: 3 advantages on one side, 3 drawbacks on the other side; so my sentence Everytime a user group is created by WMF, the natural move should be "bureaucrats will add/remove it" makes perfect sense!

@SGrabarczuk (WMF): What do you think of my advantages / drawbacks rationale? Moreover, the policy says we can make the request for the change through Phabricator. Please, open this request, you will see "Default role: Sysops" and "New role:". Is it possible to fill a request with "New role: Sysops+bureaucrats"? Because, when reading the policy and the request, I think "WMF consider that bureaucrats might substitute sysops 'only sysops are allowed to assign the IP viewer group' but, if the Phabricator request is done, a wiki can switch to 'only bureaucrats are allowed to assign the IP viewer group' ", whereas LD thinks "WMF consider that bureaucrats might complete sysops, if the Phabricator request is done, bureaucrats or both sysops and bureaucrats are allowed to assign the IP viewer group". It should be clarified. --NicoScribe (talk) 22:08, 2 June 2025 (UTC) + 06:13, 3 June 2025 (UTC) + 07:19, 17 June 2025 (UTC)Reply

Special:ListGroupRights lists local groups, while Special:GlobalGroupPermissions lists global groups. Then it can be doned globally, as bureaucrats is not a global group. In order to make local changes, which are visible on Special:ListGroupRights, we need to make changes to the Mediawiki code (that's why there's a form).

btw I've said > WMF should always consider that bureaucrats might need to substitute or complete sysop. LD (talk) 23:39, 2 June 2025 (UTC)Reply

Hello @SGrabarczuk (WMF):

In Help:Temporary accounts#How do temporary accounts work?, there is the sentence "90 days after the creation date, the temporary account will automatically expire. It will become unusable and be unable to get talk page messages."

I think that the part "and be unable to get talk page messages" is strange (and perhaps should be removed), because:

• Once a temporary account is expired, nobody will have this identifier anymore. So, of course, the expired account will be "unable" to do anything.
• And, of course, nobody will receive notifications about new messages in the old talk page.
• And the human user (who has used the old temporary account) can (with a new temporary account) still go to the old talk page, and edit the page, and interact with other users (for instance if a complex conversation began just before the old account's expiration).

Regards NicoScribe (talk) 15:45, 31 May 2025 (UTC)Reply

@SGrabarczuk (WMF): what do you think of my remark? --NicoScribe (talk) 07:26, 17 June 2025 (UTC)Reply

Hey @NicoScribe, apologies, apparently I must have forgotten about this question!

Yeah, the language may be tweaked - it's not that the account won't be able to get messages. Talk pages of expired accounts are editable. It's the human who will probably not notice new messages.

About people going to their old talk pages - what you're saying is true, they can do it, but it doesn't mean they are/will be likely to do it. I bet most temp account owners aren't/won't be that attached to their previous talk pages. I may be wrong, but in this case, I believe it's safer to assume too little than too much.

Does this make sense? SGrabarczuk (WMF) (talk) 22:48, 18 June 2025 (UTC)Reply

Yes, I agree 100%. So I think "and be unable to get talk page messages" should be removed. I think it is confusing and useless, because the page already says "It will become unusable" and "Subsequent edits assign a new temporary account. The old one will be deactivated". --NicoScribe (talk) 05:52, 19 June 2025 (UTC)Reply

Hello,

In the policy, there is the text "Access is automatically granted to users who are members of any of the following global user groups: Stewards, Ombuds, Universal Code of Conduct Coordinating Committee (U4C), and Staff.".

But in sw:Special:GlobalGroupPermissions, U4C members do not have the right checkuser-temporary-account-no-preference, they have the right checkuser-temporary-account instead.

So, U4C members will not have automatic access to IP addresses, they will have to opt-in, no?

Regards NicoScribe (talk) 15:48, 31 May 2025 (UTC)Reply

From description of U4C, its members have the same access level than CU and OS. If so, they shouldn't need to opt-in, unless, it fits a purpose ; they might need checkuser-temporary-account-no-preference.

From this perspective, I suggest @WBrown (WMF) and @JSutherland (WMF) to examine or update this technical and legal matter: m: CheckUser policy/Users with CheckUser access and m:Oversight policy/Contacting oversighters/en (adding U4C if they are CU+OS), clarify ANPDP (noticeboard description or even policy, if 4UC has to be mentionedin intro) or the U4C description since if they're not "CU+OS" it shouldn't be stated this way. LD (talk) 23:52, 31 May 2025 (UTC)Reply

This change needs to be made by the stewards. We cannot make the change as we don't have the access to do so. However, I can say that the group should have the 'no-preference' right. WBrown (WMF) (talk) 09:47, 1 June 2025 (UTC)Reply

Special:GlobalGroupPermissions/u4c-member.

In the meantime, this section (or the related permissions) should be reviewed to determine whether U4C members need access to OS-level permissions (as view suppressed revisions) or not.

@Sdrqaz is right as they don't have the permissions (yet) but from my understanding of the Charter, I don't see how the U4C could investigate potential breaches of Oversight policy without having OS-level permissions. If I'm mistaken—because they aren't supposed to receive OS-level permissions and are more akin to CUs (since they can view the CheckUser log)—then I think the Charter could be clearer on this point, this CU revision can be unmarked and they need checkuser-temporary-account-no-preference. LD (talk) 14:12, 1 June 2025 (UTC)Reply

Hi, I don't understand how the policy pages support the idea that the U4C has the same access level than CU and OS. The U4C also does not have the responsibility to investigate potential breaches of the Oversight policy: the Ombuds do. My understanding is that the U4C's current access to the CheckUser log is temporary and is because of a case on the Hebrew Wikipedia. Sdrqaz (talk) 15:51, 1 June 2025 (UTC)Reply

Hello,

In the policy, there is the text "Members of the Global sysops, Global rollbackers, Abuse filter maintainers, and Abuse filter helpers user groups may opt-in globally through Special:GlobalPreferences.".

But in sw:Special:GlobalGroupPermissions, global sysops do not have the right checkuser-temporary-account (or the right checkuser-temporary-account-no-preference).

Why?

Regards NicoScribe (talk) 15:49, 31 May 2025 (UTC)Reply

@NicoScribe: All global sysops are also global rollbackers, which include the checkuser-temporary-account right. quebecguy ⚜️ (talk | contribs) 18:32, 31 May 2025 (UTC)Reply

@Quebecguy: no, look: Special:CentralAuth/Amire80 and Special:CentralAuth/TheresNoTime are global sysops, but not global rollbackers.

Even if all current global sysops were global rollbackers: this is not mandatory, being a global rollbacker is not required to become a global sysop.

If, tomorrow, a user becomes global sysop, the policy says he could opt-in to see IP addresses of temporary accounts, globally. The problem is that sw:Special:GlobalGroupPermissions shows that the policy is not applied.

--NicoScribe (talk) 20:07, 31 May 2025 (UTC)Reply

@NicoScribe: In this case, both of these users are in temporary account IP viewers group, so they are able to opt-in. When you apply for global sysop, the community expects you to already be a global rollbacker; no user was granted GS without being a GR beforehand. But yes indeed, checkuser-temporary-account should be added to GS. quebecguy ⚜️ (talk | contribs) 20:10, 31 May 2025 (UTC)Reply

See this request for example. quebecguy ⚜️ (talk | contribs) 20:11, 31 May 2025 (UTC)Reply

@Quebecguy: OK, the community changes: nobody talked about GR when Amire80 applied for GS and when TheresNoTime applied for GS. --NicoScribe (talk) 20:42, 31 May 2025 (UTC)Reply

These users will be added to the 'global-temporary-account-viewer' global group that will give them the access said here. We are currently working on that but most users have this access where they need it. WBrown (WMF) (talk) 09:50, 1 June 2025 (UTC)Reply

We need to do that because global sysops do not have access to use their tools on all wikis, so a global group that is enabled on all wikis allows them access to the rights on all wikis including those who have opted out of global sysops. WBrown (WMF) (talk) 09:51, 1 June 2025 (UTC)Reply

Thanks! Now I understand! --NicoScribe (talk) 22:12, 2 June 2025 (UTC)Reply

Hello,

In the policy, there is this text about the global access to temporary account IP addresses: "Users who are members of local CheckUsers or Oversighters user groups may opt-in globally through Special:GlobalPreferences.".

Why Oversighters? Their status do not imply cross-wiki work.

If I am mistaken (about cross-wiki work or about something else), then why local administrators can not opt-in globally, for the global access to temporary account IP addresses?

Regards NicoScribe (talk) 15:50, 31 May 2025 (UTC)Reply

CU/OS members are allowed to access non public data on any project, including IP addresses (not just IP addresses from temporary accounts). See m:Access to nonpublic personal data policy/Noticeboard.

As local admins don't need to sign the Confidentiality Agreement to become local admins, they are not allowed to access nonpublic data such as IP adresses. So they have to opt in and 'accept' wmf:Wikimedia Access to Temporary Account IP Addresses Policy. LD (talk) 00:27, 1 June 2025 (UTC)Reply

For OS: now I understand (even if "Giving access to users who are trusted but do not need access to carry on their work is not in line with good practices for processing personal data.").

For local admins, for the local right: I understand.

For local admins, for the global right: I don't see a solution in the policy. Why not a opt-in, too, for the global right? If they have no solution, what about their cross-wiki work? --NicoScribe (talk) 22:21, 2 June 2025 (UTC)Reply

In order to effectively combat Crosswiki-Vandalism it's necessary from time to time to search for contributions from a CIDR-Range globally. Example: The IP-Range 85.192.64.0/18 used by schools in catalonia is a persistent source of vandalism on cawiki, wikidata, simplewiki, etc.

Xtools-gc on the CIDR Range is an effective tool to find vandalism on all wikis catalan students vandalize. From what i understand this will no longer be possible when temporary accounts are introduced. Can you confirm that my understanding is correct (and if so provide an alternative?) Dr.üsenfieber (talk) 14:54, 4 June 2025 (UTC)Reply

Special:GlobalContributions provides a possibility to search for tempaccountcontributions by one range, but it’s results are limited: only wikis where you have permission to see IPs will show up. Normal (old) IP Edits will not appear. TenWhile6 11:51, 5 June 2025 (UTC)Reply

The limitation that only Wikis in which the user has temporary-account-viewer are shown renders this unusable for detecting xwiki vandalism. To give an example: 85.192.71.5 vandalized wikidata. Seeing global contributions of the /20 enabled me to find that 85.192.78.81 vandalized simplewiki three days earlier. The vandalism on simplewiki went undetected until i found it using a gc lookup on the cidr-range. As soon as WMF introduces Temporary Accounts to simplewiki, I'll no longer be able to find such vandalism. I've brought up this issue to User:STei (WMF) in 2021 when Temporary accounts where discussed in Wikidata and I still don't see how it'll be solved. -- Dr.üsenfieber (talk) 15:02, 6 June 2025 (UTC)Reply

Hello,

I am a cross-wiki patroller without privileges (except rollback on my 4 main wikis).

https://guc.toolforge.org/ is one of my favorite tools, because it shows relevant IP ranges.

For instance :

• https://guc.toolforge.org/?by=date&user=85.192.71.114 shows the relevant range 85.192.64.0/21
• https://bgp.he.net/AS21193#_prefixes and https://ipinfo.io/AS21193 confirm that 85.192.64.0/21 is a registered IP range on AS21193.

In ca:Especial:Contribucions/85.192.71.114, IP Info shows me 4 useful fields (Location, Version, Active blocks, Contributions) and 9 fields saying "No access".

If I become a temporary account IP viewer (in ca.wikipedia.org), will IP Info show me the 13 fields? Is there a field that will show me the relevant IP range?

Or Special:IPContributions/85.192.71.114 will show me (in addition to the edits by 85.192.71.114) the relevant IP range?

Regards NicoScribe (talk) 16:45, 5 June 2025 (UTC)Reply

Hello,

The policy has been initialized on 29 March 2023, with these numerical thresholds to submit a request to access temporary account IP addresses: user account is a minimum of 6 months old and has made a minimum of 300 edits.

In Trust and Safety Product/Temporary Accounts/Updates#May 2025: Changes to access to temporary account IP addresses, progress on the related tools and features, and preparations for more deployments, there is this text:

• Manual granting – initially, we chose numerical thresholds to access IP addresses for users who don't have extended rights. We decided this before deploying temporary accounts on any wiki. However, after gathering feedback from our pilot projects we realized that these thresholds were quite low and it was still too easy for bad-faith actors to gain access to temporary account IP addresses.

Why not increase the numerical thresholds, now?

Regards NicoScribe (talk) 13:44, 5 June 2025 (UTC)Reply

Hey @NicoScribe, this is because the issue is in the automatic granting, regardless of the numerical threshold. A bad actor would get the right even if their contributions clearly indicated that they don't deserve it. It's not safe to assume that anybody who has made over a certain number of edits should have this access. On the other hand, if we increased the threshold from 300 to say 1000, we'd cut off trustworthy users on wikis where it's more difficult to make 1000 edits.

(On a side note, in a message we posted on 20+ large wikis, we wrote that on large wikis we do recommend adopting local policies with higher thresholds.) SGrabarczuk (WMF) (talk) 14:24, 5 June 2025 (UTC)Reply

Hello,

In Special:IPContributions input form, it seems that there is no "reason" field. Why?

I think an (optional) "reason" field could be interesting because:

• this reason could be stored in the log of access to IP addresses <=> temporary accounts (if a steward wants to check my activity, the steward will know why I revealed the edits/temporary accounts of an IP)
• I would like to record whether it is my own investigation or an investigation required by another user (if a contributor, who is not a temporary account IP viewer, asks me whether the user of one temporary account has other temporary accounts)
• perhaps I am mistaken but it seems that IP Info will have a "reason" field (Phab:T374718).

Regards NicoScribe (talk) 13:49, 5 June 2025 (UTC)Reply

We've discussed including a "reason" field for temporary account IP reveals that are logged (so, including Special:IPContributions). I don't think we have a task for this (cc @Niharika) KHarlan (WMF) (talk) 09:16, 10 June 2025 (UTC)Reply

Hello,

IP Info shows many fields. For instance in ca:Especial:Contribucions/85.192.71.114, the field "Contributions" currently displays:

• 15 local edits
• (0 in the last 24 hours)
• Global contributions
• XTools

But I would love to see a field "Contributions" displaying:

• 15 local edits (0 in the last 24 hours)
• 22 global edits (11 in the last 24 hours)
• Global contributions
• XTools

The benefit is obvious: with such information, I would quickly know whether I have to check the global contributions.

Do WMF plan to upgrade IP Info with such information? Or upgrade Special:IPContributions with such information?

Regards NicoScribe (talk) 16:47, 5 June 2025 (UTC)Reply

@NicoScribeSpecial:IPContributions shows the count of global edits for temporary accounts associated with an IP. If you have access to view temporary account IP data, you can see an example of this here https://test.wikipedia.org/wiki/Special:IPContributions/66.216.210.4 KHarlan (WMF) (talk) 09:13, 10 June 2025 (UTC)Reply

@KHarlan (WMF): great! I don't have access, so I can't see the example, but I'll take your word for it.

Thanks! --NicoScribe (talk) 19:44, 10 June 2025 (UTC)Reply

• "Activity requirement. With regards to users who would need to be granted access manually, the policy says that they "must edit or take a logged action to the local project at least once within a 365-day period". This requirement is not changing."

  Is this done automatically and centrally? Discussion on Cantonese Wikipedia is concerned about needing to locally patrol activity levels of temp acct viewers. (Please ping on reply, thanks) Deryck C.^Meta 17:36, 5 June 2025 (UTC)Reply

  @Sgrabarczuk Let us know if you're watching this...! Deryck C.^Meta 07:32, 7 June 2025 (UTC)Reply

  @Deryck Chan we plan to enforce this automatically, see T375115: Automatically revoke temporary-account-viewer group from users when they have not made an edit or logged action in the last year KHarlan (WMF) (talk) 09:10, 10 June 2025 (UTC)Reply

Hello,

In Trust and Safety Product/Temporary Accounts/Updates/2025-05 Access to IP addresses, there is this text:

• Having access to IP addresses carries risk. This right is similar to checkuser. IP addresses are considered personally identifiable information (a kind of personal data). Outside actors who want to access IP addresses will now need to interact with users who have this right. Users with this right should be aware of this, and alert to the possibility of suspicious access requests.

The policy contains an equivalent text, but less detailed.

Remark 1. In both pages, I think we should say "Bad actors" instead of "Outside actors" because, unfortunately, some "inside actors" are bad too.

Remark 2. In the visible-IP-era, the "bad actors" could see IP addresses in page histories, etc. But their suspicious access requests were only handled by checkusers. Few checkusers exist, and they are very experienced contributors, and they sign a confidentiality agreement for nonpublic information. In the temporary-accounts-era, the "bad actors" will now target the numerous temporary account IP viewers. Why keep this door open? To avoid the risk for the privacy of logged-out users, and to avoid the risk for those having access to IP addresses, and to decrease the attack surface, why not forbid requests to temporary account IP viewers? The policy could say "requesting information from a temporary account IP viewer is forbidden; all requests must be declined by temporary account IP viewers; the requests about temporary accounts and IP are handled by checkusers".

Regards NicoScribe (talk) 21:57, 5 June 2025 (UTC)Reply

Do we know yet which wikis will be included in the June rollout of temporary accounts? Jlwoodwa (talk) 04:48, 10 June 2025 (UTC)Reply

See phab:T340001. quebecguy ⚜️ (talk | contribs) 15:28, 10 June 2025 (UTC)Reply

Hello @Jlwoodwa, as @Quebecguy kindly noted, technically, the answer is on Phabricator. I wanted to give more explanation/context.

We are having discussions about this on many wikis. We intend to have three batches, starting with a few next Tuesday, then some more the following week, and some more the week after that. But which wikis these will be exactly - we aren't 100% certain just yet. The Phabricator task reflects our current intention well, and as you can see, the last batch remains to be decided. SGrabarczuk (WMF) (talk) 13:55, 11 June 2025 (UTC)Reply

Hello,

In Phabricator:T325658 about the log of access to IP addresses of temporary accounts, there is the text "This log is visible to staff (t&s), stewards, checkusers and ombuds".

In the policy, there is the text "If necessary, requests for review by Trust & Safety staff can be made through cawikimedia.org, and user access removed in line with the Office actions policy. Complaints about infringements of the Privacy Policy will be escalated for review by the ombuds commission."

The FAQ adds "Other concerns about potential misuse may be brought to a steward by placing a request on m:Steward requests/Permissions#Removal of access."

What happens when there is no request for review and no complaint? Staff (t&s), stewards, checkusers and ombuds can check this log, but who is responsible to check this log, periodically, when there is no request for review and no complaint?

This responsibility should be added to the FAQ and to the Meta-Wiki pages about the responsible user group (m:Staff group, or m:Stewards, or m:CheckUser policy, or m:Ombuds commission).

Regards --NicoScribe (talk) 19:48, 10 June 2025 (UTC)Reply

Why should there be checks without any indication of abuse and no requests to review? Ombuds are not running around checking random CU logs either if there are no complaints about CU/OS usage. Please don't put extra burden on volunteer user groups who are already busy doing their regular tasks. Johannnes89 (talk) 13:47, 12 June 2025 (UTC)Reply

@Johannnes89: because "temporary accounts should meaningfully improve editor privacy".

• Situation A. A steward misuses temporary account IP addresses to unduly revert all the edits of a logged-out user. The victim uses a browser which blocks cookies, so he is not notified, he can't know his edits are unduly reverted. No one checks the log, so no one sees the problem.
• Situation B. A steward misuses temporary account IP addresses to unduly revert all the edits of a logged-out user: the steward waits until a temporary account changes or expires, then reverts everything. The victim can't know his edits are unduly reverted. No one checks the log, so no one sees the problem.
• Situations C, D and E. A steward misuses temporary account IP addresses to unduly revert all the edits of a logged-out user. The victim uses a stable temporary account (for 90 days), he sees his edits are unduly reverted but (situation C) he does not know he can complain, or (situation D) he thinks his complaint will be ignored, or (situation E) he is afraid to complain about a steward in m:Steward requests/Permissions#Removal of access. No one checks the log, so no one sees the problem.
• Situation F. A steward misuses temporary account IP addresses to unduly reveal all the IP of a logged-out user, whatever the quality of the contribution: the steward has guessed that this logged-out user is a politician he hates so he uses the IP info to know the politician's geographical positions. No one checks the log, so no one sees the problem.
• Situation G. A steward misuses temporary account IP addresses to unduly reveal the IP of all temporary accounts contributing to his favorite article, whatever the quality of the contribution. No one checks the log, so no one sees the problem.

Moreover, you said "extra burden on volunteer user groups", but staff can do it, the purpose of T&S is to "identifies, builds and – as appropriate – supports processes which keep our communities safe".

--NicoScribe (talk) 01:16, 14 June 2025 (UTC)Reply

In all of those situations the abusive reverts will be noticed by other community members. I still don't see a reason why anyone should monitor the log without indication of abuse. Johannnes89 (talk) 20:50, 14 June 2025 (UTC)Reply

@Johannnes89: I disagree, there's no revert in situations F and G. These two situations can't be detected without monitoring the log. --NicoScribe (talk) 21:39, 14 June 2025 (UTC)Reply

Hello,

In Phabricator:T325658 about the log of access to IP addresses of temporary accounts, there is the text "This log is visible to staff (t&s), stewards, checkusers and ombuds".

But people checking this log must be aware of unintentional IP reveal:

• In Phabricator:T325658, there is this great remark: "The button makes it very easy to reveal an IP of a temporary user, feasibily making it possible for so called "fat fingers" on mobile to reveal an IP and make a log entry with no intention."
• Autoreveal will quickly add many IP addresses of temporary accounts in the log. But the contributor using autoreveal is not necessarily interested in all these IP.

Do WMF plan to store the information "manual reveal / autoreveal" in this log?

Regards --NicoScribe (talk) 19:49, 10 June 2025 (UTC)Reply

There are no individual logs while using AutoReveal. I just tested this at nowiki:

• 2025-06-14T22:51:21 Johannnes89 talk contribs block enabled automatically revealing IP addresses of temporary accounts until 2025-06-14T21:21:20
• 2025-06-14T22:52:59 Johannnes89 talk contribs block disabled automatically revealing IP addresses of temporary accounts

No log entries in between even though I visited several pages with temporary accounts and saw their IP addresses. Johannnes89 (talk) 21:24, 14 June 2025 (UTC)Reply

@Johannnes89: WHAT!!! This is incredible! "Temporary accounts should meaningfully improve editor privacy" but autoreveal can circumvent this principle!?!?!? Everyone with the autoreveal right can misuse temporary account IP addresses and hide it!!! I am stunned.

The policy says "The following actions are logged: [...] Revealing an IP address of a temporary account." without mentioning an exception for autoreveal. --NicoScribe (talk) 21:55, 14 June 2025 (UTC)Reply

I would argue that this doesn't contradict the statement about improving privacy. Currently anyone on the internet can see IP addresses of logged-out editors on Wikipedia, in the future it's just a couple of thousand admins and patrollers. That's a huge and meaningful improvement. Johannnes89 (talk) 21:58, 14 June 2025 (UTC)Reply

@Johannnes89: yes, but they can hide their misuse. Staff (t&s), stewards, checkusers and ombuds won't see their misuse. --NicoScribe (talk) 22:07, 14 June 2025 (UTC)Reply

Hello,

In Phabricator:T325658 about the log of access to IP addresses of temporary accounts, there is the text "This log is visible to staff (t&s), stewards, checkusers and ombuds".

I suppose there is a short log. In Phabricator:T358853, in a remark on 5 March 2024, there is a picture of a short log. It's a log like this:

• 19:39 User1 viewed temporary accounts for IP 1.2.3.4
• 19:37 User1 viewed IP addresses for ~2025-00000

And I suppose there is a full log. In Phabricator:T325658 it is said that the log contains the revealed IP. So, it's a log like this:

• 19:39 User1 viewed temporary accounts for IP 1.2.3.4 = ~2025-88888
• 19:37 User1 viewed IP addresses for ~2025-00000 = 5.6.7.8

As a (future) temporary account IP viewer, I need this short log:

• to know whether I have already checked the IP addresses of a temporary account (I make an IP reveal on Monday, I check all the edits until Monday; then on Wednesday, if I know whether I have already revealed the info of this temporary account, I'll check only edits between Monday and Wednesday)
• to know whether another temporary account IP viewer has already checked the IP addresses of a temporary account (if I know someone else has checked, I'll not lose my time checking again) (it's the same principle as the filter "reviewed" in Special:RecentChanges in some wikis: it's a tool to avoid losing my time checking something already checked by someone else)

Why not?

Regards --NicoScribe (talk) 19:51, 10 June 2025 (UTC)Reply

There is no "full log". Special:Log/checkuser-temporary-account only shows that user X viewed IPs for temporary account Y or temporary accounts on IP (range) Z without showing the result (that's similar to the CU log, although in both cases you can assume the result if there's first a log entry IPs for temporary account Y and shortly after that an entry temporary accounts on IP (range) Z.

The information when and where someone used their access is private information and should not be available to non NDA-signed users.

When you are currently patrolling (in the pre-temporary account era) you won't see if someone already took a look at the IP range either. Your home wiki uses fr:Aide:Patrouille, shouldn't that be sufficient to see if someone already checked an account? If not, your desire to see if someone already checked a temporary account should be met differently – e.g. by showing something like "checked by n other users" in the Temporary User Card? Johannnes89 (talk) 13:43, 12 June 2025 (UTC)Reply

@Johannnes89: about the "full log": well, I've read Phabricator:T325658 again, it seems that the revealed IP in the "full log" were required to ease the monitoring, but in the end this has been abandonned or postponed because it was "a fair amount of upfront/maintenance work". Whatever, it does not change my question.

Your answer is great: "The information when and where someone used their access is private information and should not be available to non NDA-signed users."

About fr:Aide:Patrouille: it shows when someone already checked an edit, not an account. Whatever, your answer about NDA still stands: a basic patroller like me will never see who checked an account.

About the Temporary User Card: it shows the number of checks, but not who performed the checks. Whatever, your answer about NDA still stands: a basic patroller like me will never see who checked an account.

So I understand that, due to NDA, a basic patroller like me will never see the log entries from other temporary account IP viewers.

OK, but I am still interested in seeing the log, limited to my own entries:

• to know whether I have already checked the IP addresses of a temporary account (I make an IP reveal on Monday, I check all the edits until Monday; then, on Wednesday, if the log shows I have already revealed the info of this temporary account, I'll check only edits between Monday and Wednesday)
• to check my previous work (very often I check my old contributions to know whether I've made errors); for instance, if I remember that a temporary account used 3 IP, but I see only "19:39 NicoScribe viewed temporary accounts for IP 1.2.3.4" and "19:39 NicoScribe viewed temporary accounts for IP 5.6.7.8" in the log, then I'll know that I forgot to view the temporary accounts of the third IP
• to remember my old reasonings (for instance if there is a request for review or a complaint about my work, and staff (t&s), stewards, checkusers or ombuds need my explanations)

--NicoScribe (talk) 10:02, 14 June 2025 (UTC) + 09:02, 19 June 2025 (UTC)Reply

Why is it important to see who performed the checks? Shouldn't it be enough to know if someone already checked a temporary account or not? The log doesn't help remember old reasonings as there's no way to add a reason why you are checking the IP of a temporary account. Johannnes89 (talk) 20:35, 14 June 2025 (UTC)Reply

@Johannnes89: this was important because some patrollers are serious and others are lazy. Whatever: since your answer about NDA, I understood that a basic patroller like me will never see the log entries from other temporary account IP viewers, and I abandoned this part of my request.

This log would help me remember my old reasonings, because I would see the sequence of my access to IP addresses <=> temporary accounts; and because, in some cases, I would see the association between this sequence and my contributions. And I still hope there will be one way to add a reason, see #A "reason" field in Special:IPContributions.

When someone from WMF will answer this section, I hope they will understand my need (now that you've helped me to clarify my need, thanks). --NicoScribe (talk) 21:33, 14 June 2025 (UTC)Reply

Hello,

In Phabricator:T358853 about autoreveal, there is the text "Since this is more sensitive than one-by-one reveal, we need to limit this permission to sysops and above."

I am a cross-wiki patroller without privileges (except rollback on my 4 main wikis).

• in the visible-IP-era, sometimes, I needed to check hundreds of page histories, per day
• in the visible-IP-era, sometimes, in page histories, I could see at a glance that for instance an IPv4 /24 range was used to vandalize an article; in fact, very often, this is how I discovered long-term vandals
• I know IP addresses of many long-term abusers, I can spot some of them at a glance in page histories

I don't see how limiting autoreveal improves privacy, because a contributor, bribed by his government to bully the temporary accounts of "enemies", doesn't care about spending more time.

But I do see that limiting autoreveal "to sysops and above" greatly disrupts my basic patroller workflow! Without autoreveal, the basic patroller workflow is greatly slowed down!

So, why not give autoreveal to basic temporary account IP viewers (or some basic temporary account IP viewers upon request)?

Regards --NicoScribe (talk) 19:52, 10 June 2025 (UTC)Reply

Hello,

Here is a scenario:

1. I become a local temporary account IP viewer.
2. A contributor AAA, who is not a temporary account IP viewer, asks me whether a vandal, using one temporary account, has other temporary accounts.
3. I check this case. I find that there is a unique relevant narrow IP range, and I find that the vandal (who changes his IP once a day and uses a browser which blocks cookies = 12 temporary accounts per day = 12 vandalisms per day) has used 240 temporary accounts in 20 days = 240 vandalisms in 20 days.

So it is very easy for me to see, in one unique list of contributions of the narrow IP range, the 240 vandalisms.

Of course I won't send to AAA (who is not a temporary account IP viewer) the IP range. But sending to AAA the list of 240 temporary accounts is useless (because we can't expect AAA to click on each one of the 240 temporary accounts, in order to check the unique contribution).

So I need to send to AAA the list of 240 contributions, without showing the IP. Is it possible?

Regards --NicoScribe (talk) 19:53, 10 June 2025 (UTC) + NicoScribe (talk) 01:04, 14 June 2025 (UTC)Reply

There's a limit of 6 temporary accounts per day per IP (matching the limit for creating regular accounts per day per IP). Johannnes89 (talk) 13:18, 12 June 2025 (UTC)Reply

@Johannnes89: I know: I have said the vandal changes his IP once a day. Well, I have clarified my previous text.

Moreover: the values 6 / 12 / 240 do not matter. I am just talking about a situation where there are too many accounts to be verified one by one, by AAA.

Moreover: the words vandal / vandalisms do not matter. I am just talking about an abuse, whatever the abuse.

--NicoScribe (talk) 01:04, 14 June 2025 (UTC)Reply

@MMoss (WMF) and SGrabarczuk (WMF): Dewiki users are currently discussing how to interpret wmf:Policy:Wikimedia Access to Temporary Account IP Addresses Policy#Disclosure ("If such a disclosure later becomes unnecessary, then the IP address should be promptly revision-deleted"). A user raised the potential issue that admins would still have access to a revision deleted IP even if they didn't agree to the policy in their preferences. The user suggested that temporary account IPs should therefore be suppressed. I personally feel that this would put too much extra work on oversighters (or stewards, because most projects don't have OS) for little value (I would expect almost all admins to agree to the policy). Does the policy intend admin-level revision deletion or suppression? Johannnes89 (talk) 14:08, 12 June 2025 (UTC)Reply

Thanks @Johannnes89, I'm sure this is about admin-level deletion, and I admit, there's no easy solution. Let's try to straighten this up… FYI @Morten Haan, @Codc. SGrabarczuk (WMF) (talk) 14:19, 12 June 2025 (UTC)Reply

Hello,

In the policy, there is the text "Permissible disclosures are limited to the following circumstances: Users with access to temporary account IP addresses may privately disclose the IP addresses to other users who have the same access rights."

How do I know that a user has the temporary account IP access right? I can't use this user's membership to the relevant user groups, because:

• members of a user group with automatic access "who do not wish to have these access privileges should contact cawikimedia.org. Stewards are authorized to terminate access"
• temporary account IP viewers "who have been given access manually may voluntarily give up their access at any time by visiting Special:Preferences."
• in Phabricator:T380468, there is the text:
  • community members were confused about people being suddenly auto promoted to the temporary-account-viewer group. This is confusing, as the promotion looks like giving the user the ability to access the data already. In reality, having the group assigned only means the user is eligible to receive data access, provided they first agree to the terms of use (currently located in Special:Preferences). This behaviour is not obvious at all by looking at eg. Special:Log/rights or Special:UserGroupRights, and it creates wrong expectations.

Regards, NicoScribe (talk) 09:25, 14 June 2025 (UTC)Reply

see phab:T395661 --Johannnes89 (talk) 20:39, 14 June 2025 (UTC)Reply

Perfect! Thank you! --NicoScribe (talk) 21:35, 14 June 2025 (UTC)Reply

Now, it seems that "UserInfoCard" has become "User Info" (only in testwiki by the end of July 2025). Do WMF plan to communicate with temporary account IP viewers about this privacy problem? --NicoScribe (talk) 13:51, 21 June 2025 (UTC)Reply

Should the link on this page to [[phab:transactions/editengine/maniphest.task/view/139/ |request through Phabricator]] be changed to [[phab:maniphest/task/edit/form/139/ |request through Phabricator]], so that it links directly to the fillable form, rather than the page to edit that form's configuration? (I'm making this edit request here, as the talk page of that policy is a soft redirect to here.) /cc @MMoss (WMF), @SGrabarczuk (WMF). Best, ‍—‍a smart kitten_[meow] 15:59, 16 June 2025 (UTC)Reply

@A smart kitten I see the fillable form from the link. Can you double check please? -- NKohli (WMF) (talk) 16:43, 17 June 2025 (UTC)Reply

@NKohli (WMF) It looks like @SGrabarczuk (WMF) fixed it earlier :) (thank you!) ‍—‍a smart kitten_[meow] 16:47, 17 June 2025 (UTC)Reply

@SGrabarczuk (WMF): could you please clarify why you added a dash in the example name? This does not match the format that I see on da:Special:RecentChanges, for instance. Are there some wikis with a different format, or was your intention to point out that there could be more multiple numbers and not just one?

In practice, I have to implement temporary account detection for my bot, and ~year-number-number clearly won't work in general. I would like to know if it's ~year-number, ~year-number(-number)* or something else.

Orlodrim (talk) 17:26, 16 June 2025 (UTC)Reply

Hey @Orlodrim, thanks for the question! The number is broken into five-digit numbers - this should help remember the longest usernames. If the number of digits isn't a multiple of 5, then the last part is shorter, like 09876-543. See more here: T381845. SGrabarczuk (WMF) (talk) 17:40, 16 June 2025 (UTC)Reply

@Orlodrim The best way to distinguish temp users is by asking the API about the user groups: [1]. The temporary users belong to the temp group.

The second best way is to ask the API for the username pattern they use: [2]. The current value is ~2$1, meaning ~2 followed by anything else. No need to detect years or digit patterns, all usernames with this prefix are reserved for test users (they can't be registered by normal users). If the format ever changes (perhaps in the year 3000), additional patterns will be added to that list. Matma Rex (talk) 19:16, 16 June 2025 (UTC)Reply

Hello,

On 17 February 2025, I have reverted one vandalism from a temporary account. The vandalism is visible in da:Special:Contributions/~2025-23013. But it is not visible in da:Special:GlobalContributions/~2025-23013.

The page says "Showing results from the last 90 days". I know that "90 days after the creation date, the temporary account will automatically expire." and I know that "The IP address used at the time of each edit will be stored for 90 days after the edit. After 90 days, this data will be deleted from our databases.", but I don't care about the IP here: I just want to see the edits of an (expired) temporary account. Why Special:GlobalContributions is limited to the last 90 days?

Regards --NicoScribe (talk) 15:06, 18 June 2025 (UTC)Reply

Special:GlobalContributions relies on CheckUser and CU data is only available for 90 days, see Help:Extension:CheckUser#Special:GlobalContributions usage. When you reverted the vandalism in February the edit was visible via the GlobalContributions page. You can still access all global edits via Special:CentralAuth/~2025-23013. Johannnes89 (talk) 07:11, 19 June 2025 (UTC)Reply

@Johannnes89: thank you. So it is a technical limitation. Well, this is sad, because, for T&S team, working on temporary accounts "will allow us to build better anti-abuse tools". --NicoScribe (talk) 09:01, 19 June 2025 (UTC)Reply

Hello,

In da:Special:GlobalContributions/~2025-23013 (which is an expired temporary account) and da:Special:GlobalContributions/~2025-69529 (which is an active temporary account) and da:Special:GlobalContributions/NicoScribe (which is a registered account), the page shows the message "Showing results [...] for all wikis where you have the right to view contributions.".

This is misleading because everybody should be able to see the edits of a (public) temporary account or registered account! The message is only useful for contributions of IP, or contributions of IP ranges.

Regards --NicoScribe (talk) 05:36, 19 June 2025 (UTC)Reply

Hello,

I learned in a discussion above that "the information when and where someone used their access is private information".

In the visible-IP-era, nobody logged that I checked contributions/information about IP of vandals (or, if a log existed, only staff could view it).

In the temporary-accounts-era, as a (future) temporary account IP viewer:

• my use of IP reveal will be logged
• my use of IP Info will be logged
• my use of Special:GlobalContributions will be logged
• and I'll not be able to see my own entries (=my own private information) in these logs, cf. #A temporary account IP viewer needs a short log and Talk:Trust and Safety Product/IP Info#Everyone needs the IP Info log limited to their own entries!

I don't care about my actions being logged, because:

• I have nothing to hide
• and I'll use my IP access privileges only to limit disruption to Wikimedia projects, according to the policy
• and I understand that these logs are necessary to detect misuse
• and I understand that these logs will be available to non-disclosure-agreement-signed users.

But I think some users will be interested to read, in the FAQ, that privacy is deteriorated for temporary account IP viewers. Why not clarify the FAQ about this?

Regards, NicoScribe (talk) 09:04, 19 June 2025 (UTC)Reply

(I'm writing here because Talk:Trust and Safety Product/Temporary Accounts/ja is a redirect.)

TWNで、一時アカウント、臨時アカウント、仮アカウントの3案が出ました。どれも可能な選択肢ではありますが、どれかを選ぶ必要があります。リンク先の議論に書いた理由で、私は仮アカウントがいいと思います。 --whym (talk) 08:53, 25 January 2025 (UTC)Reply

Note: this thread is restored from archive. whym (talk) 12:29, 19 June 2025 (UTC)Reply

(賛成) “temporary account” は、Cookie で追跡し管理されるアカウントで、90日間で消滅するから一時的なアカウントということでしょうね。「一時アカウント」は副詞の誤読が心配され、「臨時アカウント」か「仮アカウント」かという先行議論ですね。期限があることもそうですが Cookie を破棄してしまったらログインできないということも通常のアカウントとの重要な違いであると思います。本登録の前の仮登録という印象を持ちましたので「仮アカウント」に賛成します。 Foomin10 (talk) 14:31, 21 June 2025 (UTC)Reply

Hello,

In Help:Extension:CheckUser#Special:GlobalContributions usage, there is the text:

• The tool can search for the following types of targets:
  • A username (named or temporary). This shows the recent revisions across all wikis from that user.
  • An IP address or CIDR range. This shows recent revisions performed by temporary accounts on that IP address or range. The user can only see results on wikis where they have the ability to reveal the IP addresses of temporary accounts (as described in the Showing IPs for temporary accounts section).

My scenario:

• 1. a temporary account IP viewer is checking the recent changes, and sees one vandalism from a temporary account
• 2. she reveals the IP address of this temporary account: it is one unique IP address, 1.2.3.4
• 3. she lists the temporary accounts associated with 1.2.3.4: 90 temporary accounts (because the vandal has been active every day for 90 days and has cleared the cookie at the end of each day)
• 4.1 If she is a global temporary account IP viewer, she can see the global contributions of the vandal by using Special:GlobalContributions/1.2.3.4 once
• 4.2 If she is a local temporary account IP viewer, Special:GlobalContributions/1.2.3.4 would lead only to local results, and she can see the global contributions of the vandal by using Special:GlobalContributions 90 times (one time for each one of the 90 temporary accounts).

Well, using Special:GlobalContributions 90 times instead of once is not practical. Do WMF plan to upgrade Special:GlobalContributions, so that it accepts a list of registered usernames or a list of temporary accounts (or a shortcut such as TA@1.2.3.4 meaning "Temporary Accounts using 1.2.3.4")?

Regards, NicoScribe (talk) 16:49, 19 June 2025 (UTC)Reply

I don't understand how you got to the scenario for 4.2? If she saw 90 temporary accounts locally via Special:IPContributions, she will also see 90 temporary accounts when looking up temporary accounts using the same IP via Special:GlobalContributions, no need to do additional look ups. Johannnes89 (talk) 21:46, 20 June 2025 (UTC)Reply

@Johannnes89: yes, in step 3, she saw 90 temporary accounts locally via Special:IPContributions/1.2.3.4. Then, in step 4, she wants to see the global contributions of these 90 temporary accounts.

I have written "Special:GlobalContributions/1.2.3.4 would lead only to local results" because the help page says "The user can only see results on wikis where they have the ability to reveal the IP addresses of temporary accounts". Am I wrong?

In other words, when you're a local temporary account IP viewer, Special:IPContributions/1.2.3.4 and Special:GlobalContributions/1.2.3.4 show the same (local) results. Am I wrong?

I think that, to see the global contributions, the IP is useless for her, and she is forced to use Special:GlobalContributions/~<temporary account 1 out of 90>, then Special:GlobalContributions/~<temporary account 2 out of 90>, etc. Am I wrong?

--NicoScribe (talk) 01:07, 21 June 2025 (UTC)Reply

Ahh now I get it. You are right using the IP as a workaround to look up all global contributions from multiple temporary accounts at once is only possible when you have global access. I wouldn't recommend it though, you might miss edits done by the same temporary account but using a different IP. Johannnes89 (talk) 05:36, 21 June 2025 (UTC)Reply

@Johannnes89: OK, my workaround is flawed. It works better for global temporary account IP viewers, but it is still flawed. Moreover:

• Special:GlobalContributions/1.2.3.4 might miss edits done by the same temporary account but using a different IP (but this search is useful to find more temporary accounts using this IP)
• Special:GlobalContributions/~<temporary account i out of 90> (run 90 times) might miss edits done by other temporary accounts but using the same IP (but this search is useful to find more IP used by this temporary account)

So, in my scenario, a global temporary account IP viewer must use Special:GlobalContributions 91 times. And my initial question (which is "interesting" for both local and global temporary account IP viewers) becomes: do WMF plan to upgrade Special:GlobalContributions, so that it accepts a list of mixed inputs (IP, IP range, registered usernames, temporary accounts) (or a shortcut such as TA@1.2.3.4 meaning "Temporary Accounts using 1.2.3.4")? --NicoScribe (talk) 17:17, 21 June 2025 (UTC)Reply

Hello,

About investigating cold cases (involving Legacy IP), I have created this table:

	GUC	XTools GC	Global Contributions (WMF new tool)	Special:GlobalContributions (limited to 90 days[1])
legacy IP	[2]	[2]	[3]	[4][5]
IP of temp. account	[6]		[3]
temp. account			[3]
registered account			[3]

I have questions:

1. Is my table accurate? All the cells?
2. Could you clarify Trust and Safety Product/Global User Contributions to mention both GUC and XTools GC, if they have the same limitations?
3. Could you clarify Trust and Safety Product/Global User Contributions to mention that, even if "the old Global User Contributions (GUC) tool will no longer work for IP addresses", it will still work for legacy IP? And XTools GC, too?
4. Could you clarify Trust and Safety Product/Global User Contributions to say whether Global Contributions (WMF new tool) will be limited to 90 days? Or limited to another value? (Phabricator:T349901 says "up to a limit which is TBD".)
5. Could you clarify Trust and Safety Product/Global User Contributions to add a sentence like "When searching for an IP address or CIDR range, the user can only see results on wikis where they have the ability to reveal the IP addresses of temporary accounts."?
6. Could you clarify, in Trust and Safety Product/Global User Contributions, the sentence "Users who meet the IP viewing threshold will be able to use the new GC tool"? Why everyone could not use this new tool (even if it is limited to legacy IP+accounts, when the user has no IP access privileges)?
7. Could you clarify Trust and Safety Product/Global User Contributions to say when this new tool will be usable?

Regards, NicoScribe (talk) 16:53, 19 June 2025 (UTC) + 11:08, 20 June 2025 (UTC)Reply

1) A closer look at the pages you linked would have shown you that "WMF new tool" is Special:GlobalContributions.

2) GUC and xtools GC are community-owned tools. The TSP page is just referencing them for comparison. No need to add further information on the TSP page.

3) As long as GUC and xtools GC are running, they can still show you global contributions from legacy IPs and registered accounts. Both are also able to show global edits from temporary accounts. They are just not able to show global temporary account edits from a given IP address.

4) & 7) See 1), you are confusing something, there is only the new special page which is already usable. Johannnes89 (talk) 21:55, 20 June 2025 (UTC)Reply

@Johannnes89:

1) & 7) I am sorry! I had thought that Global Contributions tool and Special:GlobalContributions were distinct tools! Because I hadn't noticed the word "Special" in Trust and Safety Product/Global User Contributions. And because the screenshots for input form are different. And because the screenshots for search results are different. And because I thought the new tool managed legacy IP (due to "continue to see contributions made by single IPs" in the TSP page and in Phabricator:T349901). And because I thought the new tool covered more than 90 days (there is no "90 days" in the TSP page, and there is "All results (from all time) are displayed (up to a limit which is TBD)" in Phabricator:T349901). And because the TSP page contains no link towards Help:Extension:CheckUser#Special:GlobalContributions usage. Well, perhaps I am not the unique user who is confused, perhaps a clarification is needed.

2) The TSP page is not "just referencing them for comparison", the page is referencing only GUC for comparison. So I still think XTools GC should be added. GUC and XTools GC are complementary, I use both.

3) Ref n°2 taught me that they still work for legacy IP. The TSP page did not taught me that. So I still think the TSP page is ambiguous (and incomplete: the page does not say XTools GC will not work for IP addresses of temporary accounts).

4) You just taught me that Global Contributions tool and Special:GlobalContributions are the same thing. So I think the TSP page should say it is limited to 90 days.

5) & 6) You just taught me that Global Contributions tool and Special:GlobalContributions are the same thing. So I think the TSP page should contain my suggested sentence.

--NicoScribe (talk) 01:08, 21 June 2025 (UTC)Reply

You are right the screenshots are mock-ups from an early design phase. The word "Special" is only mentioned once in Trust and Safety Product/Global User Contributions#Timeline. phab:T349901 linked phab:T337089 as a parent task which provides more details (and subtasks) about the development. Johannnes89 (talk) 05:45, 21 June 2025 (UTC)Reply

Hello,

In Help:Extension:CheckUser#Special:GlobalContributions usage, there is the text: "If searching with a target as an IP address or CIDR range, this action will be logged".

In Trust and Safety Product/Global User Contributions, no log is mentioned.

So, for searching contributions of an IP address: with the special page, it will be logged, and with Global Contributions (WMF new tool), it won't be logged?

Regards, NicoScribe (talk) 18:30, 19 June 2025 (UTC)Reply

I don't understand the question, both pages describe the same tool. Using Special:GlobalContributions to look up global edits from temporary accounts on a given IP address or IP range leads to an entry in Special:Log/checkuser-temporary-account which says: "UserABC globally viewed temporary accounts on IP address XYZ" similar to how using Special:IPContributions locally (only available on wikis which already have temp. accounts enabled) leads to the log entry "UserABC viewed temporary accounts on IP address XYZ" Johannnes89 (talk) 21:41, 20 June 2025 (UTC)Reply

@Johannnes89: I am sorry! You just taught me that Global Contributions tool and Special:GlobalContributions are the same thing. So I still think the TSP page should mention the log. --NicoScribe (talk) 01:09, 21 June 2025 (UTC)Reply

Hello,

In sw:Special:GlobalGroupPermissions, I see that global temporary account IP viewers have this abusefilter right :

• View and create filters that use protected variables (abusefilter-access-protected-vars)

Why?

I see nothing about this right in the policy, or in the FAQ.

Regards, NicoScribe (talk) 14:10, 20 June 2025 (UTC)Reply

See Extension:AbuseFilter/Rules format#Protected variables. There's a new variable that has the IP address for edits made from temporary accounts, so viewing it is restricted to temporary account IP viewers. Matma Rex (talk) 16:14, 20 June 2025 (UTC)Reply

Thank you @Matma Rex: but I don't understand.

On one side: if this right is necessary for temporary account IP viewers, why local temporary account IP viewers don't have it in sw:Special:ListGroupRights?

On the other side: abuse filters are managed by (local) Abuse filter editors or (global) Abuse filter maintainers, and these user groups already have the right abusefilter-access-protected-vars, so where is the problem? In other words: temporary account IP viewers don't manage filters. Are you saying that members of the 2 Abuse filter groups also need to be temporary account IP viewers, to view the new variable? --NicoScribe (talk) 16:54, 20 June 2025 (UTC)Reply

Re one side: It appears that this right was first only granted to sysops, but the requirements were relaxed first on some individual wikis (e.g. T381722) and then globally (changed on Meta-Wiki in [3]). There were apparently long discussions about it and I haven't read them.

Re other side: This right is also needed to view the log of non-private filters that use protected variables, and I think that explains why granting it to the abuse filter maintainers/helpers wasn't enough. See this discussion linked from the Meta-Wiki change: [4]. Matma Rex (talk) 18:11, 20 June 2025 (UTC)Reply

Thank you again @Matma Rex: I've read the info:

• T381722 is just a transfer of abusefilter-access-protected-vars from local sysops to local Abuse filter editors, in French Wikipedia. Moreover the task explains that the protected variable user_unnamed_ip can be seen only by users owning both rights abusefilter-access-protected-vars and checkuser-temporary-account (or checkuser-temporary-account-no-preference).
• the Meta-Wiki discussion explains the global change: the addition of abusefilter-access-protected-vars right to Global rollbackers and Global temporary account IP viewers, but I think several errors have been made, so I added remarks in the Meta-Wiki discussion (link). In the end, I think that abusefilter-access-protected-vars is not needed by the (local or global) temporary account IP viewers.

We will see. --NicoScribe (talk) 21:22, 20 June 2025 (UTC)Reply

Well, in the end, the global temporary account viewers group is used to circumvent the GS group's limits (which is not truly global)... This is not simple! --NicoScribe (talk) 21:56, 20 June 2025 (UTC)Reply

Hello,

In this section, I don’t see any mention that global rollbackers have the right to see the IP addresses of temporary accounts, and no mention of global temporary account IP viewers either. Is this on purpose or out of sync?

Also, I would be interested in knowing how membership to the global temporary account IP viewers group will be granted (what the conditions will be). I am an admin on the Breton Wikipedia, a small wiki, and when I spot vandalism done by a user who didn’t log in, I find it is very useful to see the global contributions of the corresponding IP address or range. Losing access to this would clearly hinder my ability to find cross-wiki abuse. Huñvreüs (talk) 09:15, 21 June 2025 (UTC)Reply

Hello @Huñvreüs: : about membership to the global temporary account IP viewers group, you can look at #Oversighters and local administrators: it contains my questions, which are complementary to yours. I hope WMF will answer soon. --NicoScribe (talk) 15:34, 21 June 2025 (UTC)Reply