Trust and Safety Product/Decision records/2025-05-21-Technical enforcement for thresholds

Authors: Eric Mill, Niharika Kohli, Thalia Chan

The current published Wikimedia Access to Temporary Account IP Addresses Policy says:

To access temporary account IP addresses, these users must:

1. Meet all of the following general requirements:
   1. User account is a minimum of 6 months old, and
   2. User account has made a minimum of 300 edits to the local project.

This policy is a public commitment to those with extended rights who moderate and patrol the wikis, to current editors, to people who might become editors, and to any other interested parties.

One goal of this statement is to avoid surprising users who will be losing access to IP addresses of temporary accounts. Another is to allow potential and current editors to understand how tightly the wikis are managing IP addresses in this new system – and to let those users make decisions based around that.

Our user safety policy statements should match our technical operation to the greatest extent possible, especially when they rely on quantitative criteria that can be straightforwardly calculated.

To meet that goal here, we plan to technically enforce the general requirements criteria, by preventing the assignment of Temporary account IP viewer group membership rights to accounts which do not meet those criteria.

1. Technically enforce these criteria, by preventing users (other than stewards) from assigning the Temporary account IP viewer group to users who don’t meet the criteria.
2. Allow stewards to override this limitation, and to assign the group to any user.
3. Update the policy text to state the above things.

• This approach increases the technical complexity of the implementation of temporary accounts, and requires some new code for technical enforcement of a group assignment. We are exploring a common implementation path between IP address access and other security policies (such as requiring 2FA or confirmed emails for certain user groups).
• This will be a stricter approach than WMF has traditionally taken with policies like this. If the policy does become unworkable, and stewards are having to constantly override these restrictions to an unreasonable degree, we may need to modify the policy (and its technical implementation) to become more or less restrictive. We have designed the implementation to allow as much as possible about the groups and criteria thresholds to be deployable as a config change, to support iteration as needed.