Talk:Trust and Safety Product/Temporary Accounts/2025/March

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Hello @SGrabarczuk (WMF). There are minimum criterias to view IP addresses used by temporary accounts via checkuser-temporary-account right (6 months old account, etc.). Local communities were encouraged to set additionnal criterias.

On fr-wp, we have a question about that: must the checkuser-temporary-account right be automatically attributed depending on technical criterias? Or is it possible for a community to add a human validation, a manual assignment of the right by bureaucrats or sysops? (In addition to minimum criterias, who always need to be met.)

Best, Jules* (talk) 17:11, 1 November 2024 (UTC)

@Jules* this is undefined at the moment. Very early on we heard from some communities to add manual validation but in subsequent research we didn't hear of it again. If communities want to do this, we will need to implement a mechanism to disable auto-assignment and allow a community to self-assign rights to users.

Is this something that your community would like to do? If yes, what kind of criteria are you thinking? NKohli (WMF) (talk) 15:46, 4 November 2024 (UTC)

Thanks for your reply, @NKohli (WMF). I don't know if this is something that my community would like to do: in fact, I asked the question because this is one of the possibilities we have considered when creating this survey and we wanted to know if this is something that we could propose to the community in the survey, as the community might want to add some human validation (by vote, community consensus, etc., with technical assignment of the right done by sysops or bureaucrats) to existing —or more strict— technical criterias.
In light of your answer, I guess we will add this possibility (manual assignement) to the survey, but we will specify that this feature doesn't exist right know.
Best, Jules* (talk) 18:24, 4 November 2024 (UTC)

Hi again @NKohli (WMF). I see that the previous phrasing "Communities are encouraged to create local requirements. Local requirements must be more restrictive than the general requirements outlined in point three above." on Policy:Access_to_temporary_account_IP_addresses has been removed. Are local communities still encouraged by the WMF to create local requirements? (Imho, the default ones are a bit low for access to personal data such as multiples IP used by a single user, but that's only my opinion.) Best, Jules* (talk) 11:40, 14 November 2024 (UTC)

Hey @Jules*, exactly, because we removed this part from the policy, we aren't encouraging communities to create local requirements. This is how things are now. But soon, we may consult some communities and global groups on how they feel about different options (like whether to have different thresholds, or to disable automatic granting and have it only manual on some wikis, or do nothing). First, we need to make an overview of the upsides and downsides of each scenario. The team will discuss this later this week. SGrabarczuk (WMF) (talk) 15:05, 4 December 2024 (UTC)

Ok, thanks for your reply @SGrabarczuk (WMF). This is a bit confusing for us to be honest, as the 'encouragement' has been published for a long time, and removed without this removal beeing explicitly said (so we didn't see it). Jules* (talk) 14:22, 9 December 2024 (UTC)

Yeah @Jules*, to be honest, I was confused myself when I realized that the policy was changed but the respective part of the FAQ wasn't. This was very odd, and I apologize for that. SGrabarczuk (WMF) (talk) 23:55, 9 December 2024 (UTC)

Greetings. I can't speak for the entire ruwiki community, but I can speak for myself. I believe that such low criteria for access to IP viewing does not provide any privacy, as any member can create an account and get the minimum required, and then view the IP addresses of all temporary accounts. This gives no privacy for anonymous editors. I agree that something needs to be done - either tighten up the requirements, or make it tied to existing rights, such as patroller or someone else. Megitsune-chan (talk) 13:26, 9 December 2024 (UTC)

I do see the same in enwiki. Any thoughts on tying it to rollbacker (if that is there in ruwiki?) @Megitsune-chan Bunnypranav (talk) 13:32, 9 December 2024 (UTC)

A rollbacker is often issued with a patroller rights in ruwiki. Megitsune-chan (talk) 13:44, 9 December 2024 (UTC)

Ah, that is not the case in enwiki, sorry for the confusion Bunnypranav (talk) 13:46, 9 December 2024 (UTC)

But there are times when we issue a rollback right for autopatroller at the request. For example, if user frequently undo vandalism. Megitsune-chan (talk) 13:47, 9 December 2024 (UTC)

Yes, so as the IP will mostly be needed by anti-vandal edit, it makes sense to grant it to rollbackers. Bunnypranav (talk) 13:51, 9 December 2024 (UTC)

That actually sounds logical. I think it would make sense. Megitsune-chan (talk) 13:53, 9 December 2024 (UTC)

Giving the right to rollbackers (révocateurs in french) is one of the options considered (and the one favored by a majority of voters) on fr-wp survey.

I agree with both of you regarding the criteria beeing too low (althought I'm vigilant that criteria don't prevent or complicate vandalism-and-LTA-fighting). Personnaly, I'm OK with all options (tying it to rollbacker; tighting up the requirements; manual attribution of the right by sysops or bubus) but I agree that rollbacker may be the simplest one. Jules* (talk) 14:03, 9 December 2024 (UTC)

Yep. I agree. Megitsune-chan (talk) 14:07, 9 December 2024 (UTC)

Is there any consensus or poll regarding who can see the IP addresses of temp accs? Bunnypranav (talk) 15:06, 4 December 2024 (UTC)

Pinging enwiki sysops recently active on this page, who might have an idea on this. @Sohom Datta @Liz. Bunnypranav (talk) 15:18, 4 December 2024 (UTC)

There's the Wikimedia Access to Temporary Account IP Addresses Policy which defines who can see the IP addresses of temp accounts. Currently, our FAQ is a bit outdated in this part, and the most reliable source is this policy.

By the way, we are having a similar conversation about who can see the IP addresses here: #Community criterias for allowing checkuser-temporary-account right. Maybe you'd like to chime in there? Thanks, SGrabarczuk (WMF) (talk) 15:51, 4 December 2024 (UTC)

I see, thanks for your replies! Bunnypranav (talk) 15:51, 4 December 2024 (UTC)

@SGrabarczuk (WMF) is it fine if I start an ideating phase discussion at enwiki village pump for who should have this? Or should I wait for now. Bunnypranav (talk) 12:17, 7 December 2024 (UTC)

Can I ask the same thing for ruwiki? Megitsune-chan (talk) 13:51, 9 December 2024 (UTC)

Hey @Bunnypranav and @Megitsune-chan, I'd like to avoid any unclarities, so let me explain the situation a bit more broadly and step by step. Maybe I'm being Cpt Obvious a bit, but I wanted everyone reading this page to know how the team understands the basic part of the situation. Apologies for not diving into details about specific solutions I mention, though.

Bunnypranav, I'd like you to look at the section Minimum requirements for access. The policy does define who should have access, so you don't need any discussion to have some rules in place.

About Megitsune-chan's "such low criteria for access to IP viewing does not provide any privacy, as any member can create an account and get the minimum required" - currently, everyone has access. Limiting this to some logged-in users already strengthens privacy. To put things in perspective: logged-out users are a tiny fraction of all our traffic 2. according to Template:Registered editors by edit count, on English WP, more than 99% of logged-in users have not made more than 300 edits. On other large wikis, the situation is probably not significantly different, not by orders of magnitude.

In order to actually see IP addresses, a user will need to go to their preferences and agree on the policy's terms. So they need to 1. be active (this rules out some of the <1% of users) and 2. want this right. We will check how many users have actually done this on the current pilot wikis, but it surely is just a part of those who technically meet the criteria.

That said, we totally understand that on the largest wikis 300 edits may be done within an hour if one knows where to fix typos.

If you think the current rules are not the best, and you are interested in changes just for your wikis, the policy does not allow that. It used to ("Communities are encouraged to create local requirements"), but we needed to remove that part earlier this year. We realized that providing different options for different communities would be too complex and challenging to do before the very first pilot deployment.

We also realized that we'd need some investigation and discussion on how these options should be provided technically, what's technically not feasible, and what is the goal, really. Maybe it should be possible to define different thresholds across wikis. But how would that work with permissions of people without global rights tracking cross-wiki abuse? Maybe it should be possible to disable automatic granting and have it only manual on some wikis. And maybe the basic threshold should be increased, in which case local requirements wouldn't be needed. But wouldn't this increase the risk of burnout of those few who would have the permissions?

Last week, the team started to discuss this and consult people from outside the team. We will document our understanding of the possible options, and pros and cons, and then we'll see, maybe we will start a larger discussion with communities, where we would present our understanding of the situation and ask clear, well-phrased questions.

We are not there yet, though. We prefer not to kick off any important community discussions in December, because it's a good practice not to start anything major that shortly before the holiday break. So January at the earliest, if it really needs to be done before major pilot deployments (scheduled for February).

I'm curious if you have any questions. We will keep you updated. Thank you! SGrabarczuk (WMF) (talk) 22:09, 9 December 2024 (UTC)

Thanks for the elaborate response. I personally think it would be better if this was granted to people who asked for it (apart from accepting policy terms). Like bundling it with an existing group, or a separate group altogether. This will probably prevent most abuse and protect privacy. Granting it based on a suffrage basis seems unnecessary.

About the possible burnout, if this is an area that needs patrolling, more people will be willing to apply and help, and the people granting this right will also keep in mind that many can have this right for the various reasons, and accept requests accordingly. Bunnypranav (talk) 12:26, 10 December 2024 (UTC)

@SGrabarczuk (WMF) @NKohli (WMF) Can I now request to start a community discussion as we are closer than ever to rollout. Bunnypranav (talk) 12:45, 5 February 2025 (UTC)

Hey @Bunnypranav, finally a month after your question, I have an update for you!

In December, I wrote "we totally understand that on the largest wikis 300 edits may be done within an hour if one knows where to fix typos". After that, we heard from different piloting communities and individuals that yeah, we should be more restrictive.

So we did ask around a bit more, discussed the options, and decided to run our conclusions by a number of large and fairly large communities. We are curious what people think and if we are missing something important. You are most welcome to chime in on Hindi WP: जब अस्थायी खाते शुरू किए गए हैं तो आईपी पते कौन देख पाएगा?

@Megitsune-chan, there is also the same discussion on Russian Wikipedia. SGrabarczuk (WMF) (talk) 01:55, 5 March 2025 (UTC)

@SGrabarczuk (WMF), Thanks for the update! I would love to chime in at hiwiki, but my hindi knowledge is pretty limited for contributing to the extreme encyclopedic language in there. Would you be willing to start one at enwiki? ~/Bunnypranav:<ping> 11:05, 5 March 2025 (UTC)

@Bunnypranav, I think we will also launch a similar one at enwiki, but not in the coming days. Now, we prefer to focus on other wikis. For two reasons: 1. We need to focus on wikis which may have temporary accounts deployed sooner than the last batch. English Wikipedia will definitely be in the last batch. 2. We are having discussions across approx. 15 major languages already, we need to read and chime in there, and having this and a discussion on English would be an overkill for us :D SGrabarczuk (WMF) (talk) 13:42, 6 March 2025 (UTC)

Sure, take your time, and thanks for your services :) ~/Bunnypranav:<ping> 14:02, 6 March 2025 (UTC)

What will happen to the large amount of IP accounts that already exist? Will they be converted into temporary accounts, or will they still be IPs but just stop being used? Will there be a template saying something like "IP accounts are no longer being used on this Wiki; this account will not contribute any more edits."?

I'm just wondering what the current plan for that is. ApexParagon (talk) 02:53, 6 March 2025 (UTC)

Hey @ApexParagon. Existing edits attributed to IP accounts will continue to be attributed to IP accounts. Only new edits will be attributed to temporary accounts. SGrabarczuk (WMF) (talk) 12:18, 6 March 2025 (UTC)

I don't like the display on the previous line in the Czech translation: Těšíme se na vaše komentáře na diskusní stránce. <span id="září 2024:_Deployment_plan_is_ready!"> září 2024: Plán nasazení je připraven! ENeRZet (talk) 12:40, 6 March 2025 (UTC)

Huh, thanks for letting us know, @ENeRZet. This about the translation extension. It must be a bug or incorrect use of code, I can't tell for sure. Will ask the LPL team. SGrabarczuk (WMF) (talk) 13:27, 6 March 2025 (UTC)

thanks ENeRZet (talk) 05:55, 7 March 2025 (UTC)

After publishing edit, there is a grey bar notifying users they are using a temporary account. Is it possible to show the bar (or other noticeable notice) before users publish their edits? It will benefit the users who haven't realized their IP address will be exposed when they are editing.

Although up to now every local wiki has its own edit notice to inform users they haven't logged into an account, it is not a built-in Mediawiki feature. I think it's time to add such a notice into Mediawiki. Steven Sun (talk) 02:32, 13 March 2025 (UTC)

Hello @Steven Sun, I'm not sure what edit notice you are referring to. There is a message displayed in the editing mode for users who are not logged in (see an example here), and it's defined in MediaWiki:Autocreate-edit-warning. Although each community may edit it locally, the warning and a link to the help page are in the default text. Does this address your idea? SGrabarczuk (WMF) (talk) 21:59, 13 March 2025 (UTC)

before this translation unit the following appears in the translation: "span id="25. února 2022:_Implementation_Strategy_and_next_steps""ENeRZet (talk) 13:31, 14 March 2025 (UTC)