Talk:Trust and Safety Product/Temporary Accounts/2024/November

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Some wiki such as the beta cluster wiki of Chinese Wikipedia, still have no temporary accounts (as you can see here). I would like to know when this feature will be deployed on all beta cluster wikis, as it allows testing with local settings. 132.234.228.201 08:17, 18 September 2024 (UTC)

I'm sorry for the delay on this. This is now resolved. Temporary accounts should now be available on all beta cluster projects except for en-rtl wiki. Please test them at your convenience. Looking forward to your feedback. NKohli (WMF) (talk) 14:56, 21 October 2024 (UTC)

@NKohli (WMF): I found that the meta wiki of the beta cluster still cannot create temporary account (as you can see here). I made this edit after when a temporary account (~2024-25308) was created from another wiki, which the temporary account can auto-create in other wikis. 132.234.228.116 02:06, 30 October 2024 (UTC)

You are right. I can reproduce this issue. I will file a task for engineering to fix this. In the meantime you could try out the feature on another wiki. Happy to hear any feedback you may have. Thank you. -- NKohli (WMF) (talk) 18:54, 5 November 2024 (UTC)

I don’t think the foundation of this whole thing is sound, but I guess that’s fine because the entire tech community seems to be ignoring reality and pushing their idea of reality down our throats.

I wonder if anyone responsible to creating this has ever heard of private windows. Some browsers are even perpetually in private mode (and I’m talking about phone browsers) and the cookie will last only maybe a couple of hours. I browse on a computer but I’m perpetually in private mode so my cookies will only last until the next browser crash (usually between 2 days and maybe a week).

So what will happen if a significant number of users are using phones with private-mode-only browsers?

(I know IP-based blocking is on an even weaker foundation. Maybe this is a slight improvement but still.) — Alıƨsi (talk) 21:05, 28 October 2024 (UTC)

@Al12si: Hello, you can read this FAQ "Can't an abuser just clear cookies?" to know more about it.

@SGrabarczuk (WMF) and NKohli (WMF): Furthermore, as the FAQ mentions a few measures, such as using fingerprinting and trusted tokens, I am curious if there are any future plans to mitigate the problem of users repeatedly clearing cookies? Thank you. SCP-2000 (talk) 06:02, 29 October 2024 (UTC)

Thank you. But I’m not talking about clearing cookies. I’m talking about private windows (a very old feature in mainstream browsers) and the reality of an entire class of new browsers that do not have permanent cookies at all. On a phone, when memory is tight, cookies can disappear in as little as, like, 5 minutes, without the user even wanting to clear cookies.

Sorry, I don’t really know why I wrote my comment, but if the FAQ is written like this, it’s out of date thinking. Private windows have existed since — I don’t know — some 20 years ago? Sorry for the noise.

PS: I did say this is probably a slight improvement over IP-based, which is on even shakier ground. These days most IP addresses are dynamic, and even tech giants can’t tell dynamic from static IP’s because today’s static IP’s are just random holes in a block of dynamic addresses, they don’t even follow CIDR rules. IP blocks were unjustifiable even based on the reality of some 10 years ago so, again, I guess this is an improvement. Alıƨsi (talk) 06:20, 29 October 2024 (UTC)

PPS: Geolocated city location will be unreliable. For one data point, my geolocated city is often wrong , sometimes in the wrong province. In a previous job our office’s IP (or rather, several IP’s in what was theoretically a tiny CIDR block) was consistently geolocated to the wrong country. Alıƨsi (talk) 06:53, 29 October 2024 (UTC)

Private browsing is effectively automatically clearing cookies, maybe with some other stuff that wouldn't impact this. Aaron Liu (talk) 12:50, 14 November 2024 (UTC)

@SCP-2000 @Al12si There are some future plans around fingerprinting (we are calling it account reputation). We'll share more about this in a future update. There is also throttling after 6 accounts have been created from an IP - similar to what exists for registered accounts. -- NKohli (WMF) (talk) 15:11, 4 November 2024 (UTC)

Sorry for the noise again, but I have to make it clear that this is why I said IP-based has an even weaker foundation. Same IP doesn’t really mean anything — not since more than 10 years ago. In the previous job I mentioned, an entire complex shares one IP address (the rest of the CIDR block was for servers) and it was a community centre, so if they held a Wikipedia editathon (not unimaginable especially given the target communities they serve) or similar this means the entire community centre would be throttled? Do you guys even have use cases we can see? This should be considered the norm since we’re literally officially out of IPv4 addresses already.

Also, fingerprinting is itself a privacy concern and the W3C itself has plans to make at least one form of fingerprinting harder (i.e., in the “future” doing this might become increasingly hard). If the FAQ isn’t addressing at least these two points (and talk about private windows instead of “clearing cookies”, and address the RTL issue Amir brought up above — my L1 used to be RTL too) it’s very hard to convince people this thing has been thought through.

(To be fair, I understand tech giants are ignoring these problems, but this just puts WMF on the same low standard as them. Again, sorry for the noise.) Alıƨsi (talk) 19:01, 4 November 2024 (UTC)

@NKohli (WMF) : If someone edits without accepting cookies and their IP address has already reached the limit of six temporary accounts in the last 24 hours, will they still be able to edit Wikipedia? In this scenario, what exactly happens? Will editing be blocked, or is there another mechanism in place? LD (talk) 13:22, 15 November 2024 (UTC)

Hi @NKohli (WMF) / @SGrabarczuk (WMF), I would be glad if you could answer the above question of LD, as I do a short presentation of temp accounts this Saturday for fr-wp patrollers. Best, Jules* (talk) 18:39, 28 November 2024 (UTC)

@LD That person (and anyone else editing from that IP address) would need to create an account after hitting the rate limit. There is a proposal in T357802 to make this more obvious. KHarlan (WMF) (talk) 08:14, 29 November 2024 (UTC)

Will someone with a temporary account be able to get it renamed and turned into a normal account? WereSpielChequers (talk) 13:20, 31 October 2024 (UTC)

Nope, neither of this will be possible. Currently, this is documented on Help:Temporary accounts. SGrabarczuk (WMF) (talk) 13:39, 31 October 2024 (UTC)

Does this mean it is out of scope for this phase, or is there something in the database sign that means this would kill excessive numbers of server kitties? WereSpielChequers (talk) 13:50, 31 October 2024 (UTC)

The latter :D In addition, a temporary account could be used by different people (on shared devices) so legal limitations are also involved. So no, this is out of scope for this project. SGrabarczuk (WMF) (talk) 14:05, 31 October 2024 (UTC)

I get that anyone asking to have their temporary account turned into a permanent one would have to commit that all the edits that account had made had been by them. Though I suppose if the way of doing this was to export/suppress the edits and reimport them under a new account, you could leave some edits behind. My assumption is that creating a path for temporary accounts to become permanent would make it easier to recruit longterm editors from among these temporary accounts. WereSpielChequers (talk) 11:25, 1 November 2024 (UTC)

I saw the next Tech issue and read the global autoblock feature. Will this mean that those autoblocks apply to the underlying ip and therefore the named accounts. I am anticipating a lot of collateral damage as a result of the autoblock and increased requests for global ipbe. ToadetteEdit (talk) 07:24, 2 November 2024 (UTC)

There are already global ip blocks. Autoblocks block the IPs used by the temporary accounts, i.e. those that would already be blocked globally. The only difference is that you do not block the IP directly, but the account and this triggers the ip block. Autoblock = 24 hours. (I assume that they work in exactly the same way as autoblocks for locally blocked accounts.) Therefore, these blocks are not a problem. WikiBayer (talk) 18:02, 2 November 2024 (UTC)

I have now made my first experiences. I think it's good that not everyone can see the IP address. However, as an administrator and especially as a global administrator, I am dependent on information from IP addresses. On the one side I need the information to stop vandals, spambots and trolls. On the other hand, I need it to identify trolls more quickly. When I'm posting in languages I don't speak (sometimes without a translator I couldn't even tell if this is the language or a different one) I can't enter every post into a translator because it would take too long, so I use metadata like IP address and origin to filter out the probably good edits. If I no longer had this information, I could no longer (filter) it and would have to check every single edit. But that's not possible because it would be inefficient and would take far too long. Children who play can easily be blocked by blocking the temporary accounts, but with trolls and spambots you still have to block IPs, here it is essential to also query and block the IP address. The fact that in many cases, such as here, I have to make 2 blocks is acceptable, but the retrieval of the information here is catastrophic, first I have to retrieve the IP by click, then I can only retrieve information elsewhere via the IP this is time-consuming. Generally, I think it makes a lot of sense that authors who only write or people who only read no longer see any data here. But I don't understand why not more difference is made here between the user groups. This is roughly how I would design an admin view and how I would like mediawiki to work efficiently and realistically. gitlab:wikibayer/TempAccountInfoTooltip/-/raw/main/TempAccountInfoTooltip.js I also don't understand why you can click on it first. In my opinion, automatic loading makes no difference. Loading (displaying) a IP address is not the same as using it. I also ignore information that I don't need. WikiBayer (talk) 10:29, 2 November 2024 (UTC)

@WikiBayer Note requesting the IP addresses is logged (the log being available to Ombuds, CheckUsers and Stewards). So, if possible, requesting IP only if needed would be useful, to help with auditability.

That being said, a feature to automatically reveal IP addresses (until certain conditions) is currently under consideration, see phab:T358853. It is not yet clear how it will work like, but it is on the list of things to figure out before the next deployment round. I expect it to be restricted to user groups that really need that kind of access, such as global sysops, for pretty much the reasons you mention.

Hope this helps! Martin Urbanec (talk) 23:09, 7 November 2024 (UTC)

In case there is new languages approved at m:RFL and created before the temporary account is available in all the wikis, will those newly created wikis use temporary accounts? 132.234.228.209 01:43, 6 November 2024 (UTC)

Great question, thank you! I don't think the team has discussed this, but I believe the answer would be: unlikely, no.

Why? We are strict about the criteria for wikis which may get temporary accounts early. We want to learn how temp accounts work in real life, uncover the unknowns, and this is possible on wikis of a certain size. New ones are too small. So temp accounts will be deployed there in mid-2025. SGrabarczuk (WMF) (talk) 03:04, 6 November 2024 (UTC)

As I remembered that the temporary account is available for test in testwiki and test2wiki back in July. However, temporary account is still not available in test Wikidata. Will temporary account be deployed in test wikidata the same day as wikidata or the deployment in test wikidata will be done before wikidata? 132.234.229.162 01:52, 13 November 2024 (UTC)

We don't have any timeline specific to test wikidata other than our general deployment plan. So unless there are convincing reasons to do that earlier, we'll deploy there together with major pilot wikis (late February) or with everyone else (mid-2025, May?). SGrabarczuk (WMF) (talk) 13:53, 18 November 2024 (UTC)