Penyuntingan IP: Peningkatan Privasi dan Mitigasi Penyalahgunaan/FAQ
The basics of temporary accounts
Apa yang dimaksud dengan akun sementara?
Akun sementara adalah akun yang digunakan setiap kali Anda mempublikasikan suntingan di Wikipedia atau situs lain yang dikelola oleh Yayasan Wikimedia tanpa harus masuk ke akun yang terdaftar. Oleh karena itu, akun sementara akan dibuatkan untuk Anda. Akun ini akan langsung dilengkapi dengan nama pengguna. cookie akan diaktifkan di peramban Anda saat akun dibuat. Nama pengguna ini akan digunakan untuk atribut semua suntingan berikutnya oleh Anda, meskipun alamat IP Anda berubah. Dengan akun sementara, alamat IP Anda hanya dapat diakses oleh staf yang berwenang dan anggota komunitas, seperti yang diuraikan dalam Kebijakan privasi yang telah diperbarui.
How do temporary accounts work?
- Nama akun sementara mengikuti pola:
~2024-1234567
(tild, tahun berjalan, nomor yang dihasilkan secara otomatis). Pengguna tidak dapat memilih atau mengubah nama akun sementara mereka. - Setelah 90 hari dari tanggal penciptaan, akun sementara akan berakhir secara otomatis.
- Editan berikutnya menetapkan akun sementara baru. Yang lama akan di-deactivate dan Anda tidak akan dapat menyimpannya atau masuk ke dalamnya.
- Tidak mungkin untuk masuk ke akun sementara. Tidak ada kata sandi untuk akun sementara.
- Semua suntingan yang dibuat dari perangkat dan peramban yang sama akan dikaitkan ke akun sementara yang sama, meskipun alamat IP yang Anda gunakan berubah (misalnya, jika Anda menyunting di rumah dan di kedai kopi). Hal ini dilakukan melalui penempatan kuki peramban yang mengingat akun sementara yang telah ditetapkan untuk Anda.
- Akun sementara tidak seperti sejarah browsing atau tab terbuka. Jika Anda memiliki browser yang disinkronkan di seluruh perangkat, Anda akan ditugaskan ke akun yang berbeda di perangkat yang berbeda. Ini adalah konsekuensi dari cara kerja browser.
- Akun sementara dapat di-aktifkan kapan saja dengan mengakhiri sesi Anda atau menghapus cookie browser Anda.
Notable aspects of temporary accounts
- Akun sementara berbeda dari akun terdaftar. Mereka berumur pendek dan memiliki fitur yang terbatas. Kami tidak mengumpulkan data tambahan untuk akun sementara di luar yang kami kumpulkan untuk editing biasa.
- Akun sementara tidak memiliki akses ke semua fitur yang tersedia untuk pengguna yang masuk. Beberapa tindakan, seperti mengunggah foto ke Commons, dibatasi untuk pengguna dengan akun terdaftar.
- Akun sementara dapat memiliki halaman pengguna dan halaman pembicaraan pengguna
- Akun sementara dapat menerima pemberitahuan dan melihat spanduk tentang pesan baru di halaman pembicaraan pengguna.
- Akun sementara dapat menerima ucapan terima kasih dari editor yang masuk.
- Akun sementara dapat ping ke pengguna lain dan mereka dapat diping secara bergiliran.
See also
- Help page for the temporary account holders (temporary users)
- Lihat halaman informasi teknis jika bot atau alat Anda perlu membedakan antara jenis akun sementara dan tetap.
The basics of the project
Why are you working on temporary accounts at all?
Wikimedians began discussing the exposure of IP addresses as a privacy issue shortly after MediaWiki was developed. For example, there is a thread dating back to 2004. For many years, there was no strong incentive to change this, so the Wikimedia Foundation wasn't working on it. But in the meantime, in many countries, new laws and new standards were introduced. Finally, in 2018, the Foundation's Legal department determined that the indefinite public storage of IP addresses presents serious risks. This includes legal risks to the projects and risks to the users. Today, this project is one of the priorities of the Foundation's leadership.
See also:
- Project update from July 2021 with more details about the Legal team's assessment
Why a temporary account is the right solution to the problem?
There are some hard requirements that led to the design of the temporary accounts. Some of them are of legal, and some are of technical nature:
What we are facing | What we have decided to do |
---|---|
One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. | Temporary accounts will be created automatically (people won't need to create an account themselves). |
Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. | If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed. |
The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. | As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser. |
The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. | A temporary account does not break anything in the way user accounts are handled. Aside from some special case behaviors that are required (such as some features that need to be disabled for temporary accounts), most code is likely to work without unexpected failures. |
See also:
Would disallowing or limiting anonymous editing be a good alternative?
Unlikely.
In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. We've seen large drops in the net non-reverted content edits over time in Persian Wikipedia.
At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.
Kapan perubahan ini akan tersedia di wiki saya?
- Temporary accounts are already available on pilot wikis: Czech Wikiversity, Igbo Wikipedia, Italian Wikiquote, Swahili Wikipedia, and Serbo-Croatian Wikipedia.
- If the first deployments are successful and we don't have a ton of unexpected work, then in February 2025, we will roll out on larger wikis. We call this major pilot deployment. It may include some top10 wikis, but not English Wikipedia.
- Next, in May 2025, we will deploy on all remaining wikis in one carefully coordinated step.
Operator bot dan developer alat diimbau untuk menguji alat mereka sesegera mungkin.
What if a community wants to keep using IP addresses?
After temporary accounts become available, displaying IP addresses for subsequent contributions will no longer be permitted. All communities need to prepare for the change to temporary accounts.
Is the Wikimedia Foundation monitoring the effect of using temporary accounts on the communities?
Yes.
There is a public dashboard for monitoring metrics for the pilot wikis. All these statistics are updated very frequently, for instance, real-time or once every day, to give everyone a good visibility of the actual work of temporary accounts on wikis.
Specifically, the above metrics are publicly available:
Public metrics in detailÂ
|
---|
|
In addition, the Foundation is monitoring some other metrics which for security or privacy reasons are not public.
These include data like the number of requests for assistance from CheckUsers. We will periodically share reports about the non-public metrics.
Non-public (guardrail) metrics in detailÂ
|
---|
Administrator actions (across all wikis)
Administrator requests
Administrator health
|
IP addresses appear in the history of many pages. Will those past uses be modified?
No.
Historical IP addresses that were published on wiki before the switch to temporary accounts will not be modified. The Wikimedia Foundation Legal department has approved this decision.
Legal details about temporary accounts
What specific legal requirements, regulations or risks are you worried about? Is the Foundation facing legal action? What would happen if we didn't introduce temporary accounts?
We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.
This answer is based on attorney advice we are choosing to follow.
Can this change be rolled out differently by location?
No.
We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.
If we tell someone their IP address will be published, isn't that enough?
No.
Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.
How will the project affect CC license attribution?
It will not affect it.
The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so using that as a proxy for un-registered editors is not different from an the temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.
Technical details about temporary accounts
Where can I test it?
- All beta cluster wikis except en-rtl Wikipedia
- test.wikipedia.org
- test2.wikipedia.org
Keep in mind that these are testing wikis. Software there may not work as expected.
In addition, users with advanced permissions may test different features on Patch Demo available on T369637.
Berapa lama masa berlaku akun sementara saya?
Akun sementara Anda akan tetap dapat digunakan selama cookie masih aktif. Saat ini, cookie telah diatur hingga batas waktu berlaku setelah satu tahun sejak penyuntingan pertama.
Berikut ini adalah skenario yang sering terjadi terkait hilangnya akun sementara yang tidak dapat dipulihkan:
- Menghapus cookie di peramban Anda.
- Menghapus profil di peramban yang Anda gunakan saat membuat akun sementara.
- Menggunakan mode incognito (penjelajahan pribadi), dan menutup mode tersebut.
- Cookie telah kedaluwarsa.
Jika akun sementara hilang, akun sementara baru dengan nama pengguna baru akan dibuatkan secara otomatis untuk Anda saat Anda mempublikasikan suntingan berikutnya. Jika Anda ingin sebuah akun tetap, Anda bisa membuat akun terdaftar gratis kapan saja.
Apakah nama pengguna sementara bersifat unik?
Yes.
Jika Anda melihat Pengguna:~2024-12345-67
di beberapa Wiki yang terhubung ke SUL, dapat dipastikan bahwa itu adalah akun yang sama.
What if temporary accounts are only enabled on some wikis?
Some wikis have temporary accounts enabled (pilots) and others do not.
Wikis that have temporary accounts enabled display unregistered editors as temporary accounts. On non-temp-accounts wikis they still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.
This may create a problem with some features that rely on having a persistent user identity across wikis. If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.
Pertanyaan kontributor berpengalaman
Saya adalah seorang admin, dan saya perlu menghitung rentang blok. Apakah saya dapat mengetahui alamat IP dari akun sementara?
Ini termasuk penatalayan, pemeriksa, pengurus global, admin, dan pengawas yang memenuhi syarat kualifikasi, dan juga beberapa staf dari Yayasan Wikimedia.
Oleh karena adanya risiko privasi yang terkait dengan alamat IP, maka alamat IP hanya akan terlihat oleh pengguna yang membutuhkan informasi tersebut agar dapat melakukan pengawasan secara efektif.
See also:
- Silakan lihat kebijakan hukum Akses ke alamat IP akun sementara dan kebijakan terkait Akses ke alamat IP akun sementara.
Akun saya telah memenuhi syarat. Bagaimana cara melihat alamat IP?
Buka Spesial:Preferensi dan pilih opt-in atau bergabung.
Apakah saya perlu menandatangani ANPDP?
No.
Kebijakan akses informasi non-publik (ANPDP) adalah kebijakan hukum dari Yayasan Wikimedia tentang bagaimana pemeriksa dan pengguna yang memiliki peran tertentu harus melindungi informasi non-publik yang mereka dapatkan selama menjalankan tugas mereka. Admin sukarelawan dan pengawas tidak perlu menandatangani perjanjian ANPDP. Namun, Anda harus memilih opt-in untuk mengakses Alamat IP melalui Spesial:Preferensi di wiki lokal Anda.
Bagaimana seorang editor akan mengajukan permohonan hak pengguna baru ini?
Secara baku, fitur ini akan secara otomatis diberikan kepada pengguna yang memenuhi syarat. Satu-satunya hal yang perlu dilakukan adalah ikut serta ketika fitur ini tersedia di wiki Anda.
Komunitas saya ingin menetapkan persyaratan yang lebih tinggi. Bagaimana cara melakukannya?
Currently, the policy does not allow having different requirements on different wikis.
Kapan hak pengguna ini akan tersedia? Kapan kita bisa mulai menetapkannya?
Hak pengguna tersebut kemungkinan akan ditambahkan ke perangkat lunak MediaWiki akhir tahun ini (2023), meskipun pada awalnya tidak akan terlalu berguna bagi semua wiki. Jika menginginkannya, komunitas yang ingin melakukan proses yang membutuhkan kajian individu dapat mulai melakukan persetujuan awal penyunting kapan saja.
Persyaratan minimum untuk non-pengurus terlalu tinggi
Hal ini kadang-kadang benar, seperti ketika sebuah wiki baru saja dibuat. Dalam kasus seperti itu, seseorang di wiki tersebut perlu meminta pengecualian dari Departemen Hukum Wikimedia Foundation. Hubungi privacywikimedia.org beserta penjelasan situasi di komunitas Anda.
Saya seorang pengurus, tetapi saya tidak menginginkan hak pengguna ini
Anda tidak akan dapat melihat informasi ini kecuali jika Anda mengeklik persetujuan.
Saya yakin ada yang menyalahgunakan informasi ini
Harap laporkan masalah yang berhubungan dengan privasi ke m:Special:MyLanguage/ombuds commission. Untuk memastikan akuntabilitas, catatan penggunaan perangkat dan pengguna mana saja yang memiliki akses ke perangkat tersebut akan disimpan.
Keluhan lain mengenai potensi penyalahgunaan dapat disampaikan kepada penatalayan dengan mengajukan permintaan kepada m:Steward requests/Permissions#Removal of access. Penatalayan berwenang memblokir akses pengguna ke alamat IP jika mereka menganggap penyalahgunaan telah terjadi. Hal ini akan mencegah akses meskipun pengguna tersebut secara otomatis memenuhi syarat atau telah diberikan akses melalui proses komunitas.
Some communities currently have public pages for documenting the activities of some bad actors, including their IP addresses (e.g., Long-term abuse). Will this documentation still be permitted?
Yes.
The communities should treat the IPs of logged in users and temporary account holders the same on the Long-term abuse list. They may list the IP addresses when necessary, but they should refer to the abusers by their temporary account usernames.
See also:
Can we publicly document the IP addresses used by suspected (but not confirmed) bad actors who are using temporary accounts?
In general, no, but sometimes yes, temporarily.
When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.
For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.
If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?
No. The IP address should not be published.
With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.
Experienced contributor questions
Where can I test how my advanced permissions work with temporary accounts?
Users with advanced permissions may test different features on Patch Demo available on T369637.
What if a temporary account holder needs to be blocked?
Temporary accounts' IPs will be stored for a period of 90 days. Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.
Can't an abuser just clear cookies?
Yes, they can. Temporary accounts are not intended to solve any anti-abuse problems.
We know the problem of abusers making edits through a pool of changing IPs while masking browser agent data. This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.
Tools will be adapted to ensure that bidirectional mappings between temporary accounts within the last 90 days and IPs can be safely and efficiently navigated by trusted functionaries. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without elevated user rights, or if some of the edits involved are more than 90 days old.
Will temporary accounts be covered by the autoblock mechanism?
Autoblocks atau blokir otomatis berfungsi untuk menghentikan para vandal dan pengguna berisiko tinggi lainnya agar tidak mengganggu proyek dengan cara segera membuat akun baru. Autoblock untuk akun sementara berlaku sama seperti pada pengguna terdaftar. (IP addresses are not available to the public.)
More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.
Is there a limitation for creating many temporary accounts from the same IP address?
Yes.
There is a limitation preventing from creating too many accounts from the same IP address too quickly.
The current threshold for regular accounts is six per IP address per day ($wgAccountCreationThrottle
).
In addition to that, there is a similar limitation for temporary accounts, which is also six per IP address per day ($wgRateLimits
).
This threshold can be changed quickly if necessary.
We have investigated the ideal thresholds of the limit (T357771). We will check nuanced responses to tripping thresholds, including CAPTCHAs, temporary blocks, calls to create an account, etc.
During the entire rollout, we will analyze rate limit trips (T357763). To learn more, see T357776.
What are the functional differences between using a Special:Checkuser on a temporary account, and revealing the IP address?
The IP reveal feature can show you the IP address used for a particular edit by a particular temporary account, the last IP address used by a temporary account, all the IP addresses used by a temporary account, or all the temporary accounts edits on a given IP address or IP address range.
Why are there so many temporary accounts with zero edits?
This is because of AbuseFilter at work.
Temporary accounts are not created at the moment of a successful edit save, but at the moment of any save attempt. AbuseFilter prevents some edits from being saved. These attempts need to be logged, and in the log, each attempt needs to be assigned to a performer. This is why an account needs to be created.
Lihat juga
- Help:Temporary accounts â a help page for temporary account holders (temporary users)
- Kebijakan:Akses ke alamat IP akun sementara â kebijakan hukum
- Documentation for developers