Jump to content

신뢰 및 안전 제품/임시 계좌/FAQ

From mediawiki.org
This page is a translated version of the page Trust and Safety Product/Temporary Accounts/FAQ and the translation is 10% complete.
Outdated translations are marked like this.

The basics

What is a temporary account?

Any time you publish an edit on Wikipedia or other sites hosted by the Wikimedia Foundation without logging into a registered account, a temporary account will be created for you. This account will automatically be given a username. A cookie will be set in your browser when the account is created. This username will be used to attribute all subsequent edits by you, even if your IP address changes.

With a temporary account, your IP address can only be accessed by authorized staff and community members, as outlined in the updated Privacy policy.

See also:

Why does everyone need to have a username?

The license used on the Wikimedia wikis requires each edit to be attributed to a user identifier.

People who create a free registered account can choose their own usernames. People who do not use a registered account are automatically assigned a temporary account. Previously, your edits would be publicly attributed to your IP address, such as User:192.0.2.1.

What does a temporary username look like?

Example of temporary user name: ~2024-1234567

The automatically generated usernames for temporary accounts will begin with a tilde (~) and the year when the first edit was made by that account. The year will be followed by numbers. Users cannot register normal accounts with usernames that match this pattern.

Note that users cannot choose a temporary account name. Their account name is auto-generated.


Will temp accounts persist across different projects?

Yes, they will be persisted across projects the same as for registered accounts. During the deployment phase, some wikis will have temporary accounts enabled and others won't. During this time, temporary accounts will be "global" only on the wikis that have temporary accounts enabled. We will continue to have IP editing on the other projects.

Why are you working on temporary accounts at all?

Wikimedians began discussing the exposure of IP addresses as a privacy issue shortly after MediaWiki was developed. For example, there is a thread dating back to 2004. For many years, there was no strong incentive to change this, so the Wikimedia Foundation wasn't working on it. But in the meantime, in many countries, new laws and new standards were introduced. Finally, in 2018, the Foundation's Legal department determined that the indefinite public storage of IP addresses presents serious risks. This includes legal risks to the projects and risks to the users. Today, this project is one of the priorities of the Foundation's leadership.

See also:

Why a temporary account is the right solution to the problem?

There are some hard requirements that led to the design of the temporary accounts. Some of them are of legal, and some are of technical nature:

What we are facing What we have decided to do
One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. Temporary accounts will be created automatically (people won't need to create an account themselves).
Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed.
The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser.
The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. A temporary account does not break anything in the way user accounts are handled. Aside from some special case behaviors that are required (such as some features that need to be disabled for temporary accounts), most code is likely to work without unexpected failures.

See also:

Is the Wikimedia Foundation monitoring the effect of using temporary accounts on our communities?

As of February 2024, not yet, because temporary accounts haven't been introduced on any wiki yet.

The teams involved in this work are monitoring some "guardrail" metrics. These include how many users get blocked, how many pages get deleted, how many edits get reverted, and the number of requests for assistance from CheckUsers.

Guardrail metrics in detail 

{{{2}}}

What if a temporary account holder needs to be blocked?

Temporary accounts' IPs will be stored for a period of 90 days. Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.

Will temporary accounts be covered by the autoblock mechanism?

Locally, this works in the same way as it currently works for registered accounts (IP addresses are not available to the public). More information is available in Phabricator as phab:T332231. Temporary account can also be blocked via global autoblocks.

IP addresses appear in the history of many pages. Will those past uses be modified?

No.

Historical IP addresses that were published on wiki before the switch to temporary accounts will not be modified. The Wikimedia Foundation Legal department has approved this decision.

When will these changes reach my wiki?

Bot operators and tool developers are encouraged to test their tools as early as possible.

  • As of September 2024, the first deployment to a public pilot wiki (e.g., a low-traffic Wikipedia) is expected no earlier than October 2024.
  • If the first deployments are successful and we don't have a ton of unexpected work, then in February 2025, we will roll out on larger wikis. We call this major pilot deployment. It may include some top10 wikis, but not English Wikipedia.
  • Next, in May 2025, we will deploy on all remaining wikis in one carefully coordinated step.

We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.

This answer is based on attorney advice we are choosing to follow.

Can this change be rolled out differently by location?

No.

We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.

If we tell someone their IP address will be published, isn't that enough?

No.

Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.

How will the project affect CC license attribution?

It will not affect it.

The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so using that as a proxy for un-registered editors is not different from an the temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.

Single wiki community questions

What if a community wants to keep using IP addresses?

After temporary accounts become available, displaying IP addresses for subsequent contributions will no longer be permitted. All communities need to prepare for the change to temporary accounts.

Would disallowing or limiting anonymous editing be a good alternative?

Unlikely.

In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. We've seen large drops in the net non-reverted content edits over time in Farsi Wikipedia.

At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.

Technical details about temporary accounts

Are temporary accounts deployed anywhere? Where can I test it?

Keep in mind that these are testing wikis. Software there may not work as expected.

How long does a temporary account last?

A temporary account will work for as long as the cookie exists. The cookie is currently set to expire three months after the first edit.

The following are the most common scenarios in which a temporary account will be irretrievably lost:

  • The user clears the cookies on the browser.
  • The user deletes the profile on their browser that they used when the temporary account was created.
  • The user used an incognito (private browsing) window, and closed the window.
  • The cookie expired.

If a temporary account is lost, then a new temporary account, with a new username, will be automatically generated the next time the user publishes an edit. If a user would like a permanent account, they can create a free registered account at any time.

Will temp accounts persist across client IP changes?

Yes. Just as with registered accounts, the account persists across IPs.

How do I login to my temporary account? What is the password for my temporary account?

It is impossible to log in to a temporary account. There are no passwords for temporary accounts.

The only way to be "logged in" as a temporary user is to have the original, unexpired cookie that was set when you made the first edit in that account. You can only access your temp account from the device or browser where it was created. If you want to be able to set a password and log in on other devices, please create a free registered account.

Does my temporary account work across devices if I have my browser synchronized?

No.

This is a consequence of how browsers work. In contrast to browser history, open tabs, etc., session cookies are not synchronized across devices.

What can I do with my temporary account?

Your temporary account will work at all of the Wikipedias and other SUL-connected wikis hosted by the Wikimedia Foundation. You should have very similar capabilities as you did while edits were being attributed to IP addresses. This includes editing most articles on the Wikipedias. With the switch to temporary accounts, you will get one new feature. You will be able to receive notifications about messages from other users.

Some actions, such as uploading photos to Commons, are restricted to users with a free registered account. Registered accounts are permanent, provide better privacy protection for you, and offer many preference settings for customization. Registering a permanent account is quick and easy. You do not need an e-mail address to create a free registered account.

Note: When you create a free registered account, the edit history, notifications, and messages in your old temporary account will not be transferred to your new registered account.

Will the temporary username be unique across different wikis?

Yes.

If you see User:~2024-1234567 at multiple SUL-connected wikis, you can be confident that this is the same account.

What if temporary accounts are only enabled on some wikis?

Wikis that have temporary accounts enabled will display unregistered editors as temporary accounts. On non-temp-accounts wikis they will still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.

Context: We are considering the rollout strategy for temporary accounts. The rollout will be a gradual process that will likely take some months before every project has switched over to temporary accounts completely. There will be time when some wikis will have temporary accounts enabled (pilots) and others will not.

This may create a problem with some features that rely on having a persistent user identity across wikis. If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.

Experienced contributor questions and access to IP addresses

Who will be able to see the IP address of temporary accounts?

Stewards, CheckUsers, global sysops, admins, and patrollers who meet qualifying thresholds, as well as certain staff at the Wikimedia Foundation.

There are privacy risks associated with IP addresses. This is why they will be visible only to people who need to have that information for effective patrolling.

See also:

I have a qualified account. How can I see the IP addresses?

Go to Special:Preferences and opt in.

Will I need to sign any non-disclosure agreement?

No.

There is the access to nonpublic personal data policy (ANPDP). It is a legal policy from the Wikimedia Foundation about how checkusers and people with certain other roles must protect non-public personal data that they obtain in the course of their duties. Volunteer admins and patrollers do not need to sign it. However, you will need to opt-in to access to IP addresses through Special:Preferences at your local wiki.

편집자는 이 새로운 사용자 권한을 어떻게 신청합니까?

기본적으로 자격이 있는 사용자에게 자동으로 할당됩니다. 당신이 해야 할 유일한 일은 당신의 위키에서 사용할 수 있을 때 옵트인하는 것입니다.

다만 위키마다 개별 검토가 필요한 프로세스 등 최소 기준보다 높은 기준으로 자체 프로세스를 설정할 수 있다. 위키미디어 재단은 대규모 커뮤니티에서 관리자가 되는 것과 같은 프로세스를 요구하지 않습니다. 커뮤니티는 기존 프로세스를 통해 이러한 요청을 처리하거나 새 페이지를 설정하도록 선택할 수 있습니다. 예를 들어, 영어 위키백과는 w:en:Wikipedia:Requests for permissions에서 요청을 받도록 선택할 수 있고, 독일어 위키백과는 w:de:Wikipedia:Administratoren/Anfragen에서 요청을 처리하도록 선택할 수 있으며, 우크라이나어 위키백과는 w:uk:Вікіпедія:Заявки на права патрульного에서 요청을 처리하도록 선택할 수 있습니다. 매우 작은 커뮤니티는 종종 사랑방에서 유사한 요청을 받습니다.

우리 커뮤니티는 더 높은 요구 사항을 설정하기를 원합니다. 어떻게 하죠?

임시 계정 IP 주소 접근 권한#로컬 요구 사항의 지침을 따르십시오. 일반적으로 이것은 지역 커뮤니티에서 토론하고 커뮤니티의 결정을 문서화한 다음 위키 환경설정 변경 요청 프로세스를 따르는 것을 의미합니다.

언제 사용자 권한을 사용할 수 있습니까? 언제 할당을 시작할 수 있습니까?

사용자 권한은 올해 말(2023년)에 미디어위키 소프트웨어에 추가될 가능성이 높지만 처음에는 모든 위키에서 유용하지는 않을 것입니다. 원하는 경우 개별 검토가 필요한 프로세스를 사용하려는 커뮤니티는 언제든지 사전 승인 편집자를 시작할 수 있습니다.

제 위키에는 사용자 권한이 이미 최소 요구 사항보다 높은 기존 그룹이 있습니다. 우리가 별도의 프로세스를 가지도록 선택하지 않았다면 그들은 모두 자동으로 이 권리를 얻었을 것입니다. 이 새로운 권한을 그들 모두에게 할당할 수 있습니까?

그룹의 모든 사용자가 최소 요구 사항을 모두 충족하거나 초과하면 기존 그룹에 할당할 수 있습니다. 해당 그룹의 미래 구성원은 모든 최소 요구 사항을 충족하거나 초과해야 합니다.

관리자가 아닌 사용자의 최소 요구 사항이 너무 높습니다

이것은 위키가 새로 만들어지는 경우와 같이 때때로 사실일 수 있습니다. 그러한 경우 해당 위키의 누군가가 위키미디어 재단 법무 부서에 예외를 요청해야 합니다. 커뮤니티 상황에 대한 설명과 함께 privacy@wikimedia.org로 연락하십시오.

자동 접근을 위한 최소 요구 사항을 충족하지만 커뮤니티에서 개별 검토가 필요하며 요청을 거부했습니다!

최소 요구 사항을 충족하는 사람에게 이 사용자 권한을 부여할지 여부는 전적으로 지역 커뮤니티에 달려 있습니다. 아무도 이 사용자 권한을 부여할 필요가 없습니다.

저는 관리자이지만 이 사용자 권한을 원하지 않습니다

동의를 클릭하지 않으면 이 정보를 볼 수 없습니다.

누군가 이 정보를 오용하고 있다고 생각합니다

감찰위원회에 개인 정보 보호 관련 문제를 보고하십시오. 책임성을 보장하기 위해 도구 사용 및 사용자가 도구에 접근할 수 있는 로그가 보관됩니다.

오용 가능성에 대한 다른 우려 사항은 사무장에 요청하여 관리자에게 제기할 수 있습니다. 사무장은 오용이 발생했다고 판단하는 경우 IP 주소에 대한 사용자의 접근을 차단할 권한이 있습니다. 이렇게 하면 사용자가 자동으로 자격이 있거나 커뮤니티 프로세스를 통해 접근 권한이 부여된 경우에도 접근이 차단됩니다.

Can't an abuser just clear cookies?

Yes, they can. Temporary accounts are not intended to solve any anti-abuse problems.

We know the problem of abusers making edits through a pool of changing IPs while masking browser agent data. This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.

Tools will be adapted to ensure that bidirectional mappings between temporary accounts within the last 90 days and IPs can be safely and efficiently navigated by trusted functionaries. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without elevated user rights, or if some of the edits involved are more than 90 days old.

How will autoblocks work with temporary accounts?

Autoblocks stop vandals and other high-risk users from continuing to disrupt the projects by immediately creating a new account. Autoblocks for temporary accounts are the same as autoblocks for registered users.

Some communities currently have public pages for documenting the activities of some bad actors, including their IP addresses (e.g., Long-term abuse). Will this documentation still be permitted?

Yes.

The communities should treat the IPs of logged in users and temporary account holders the same on the Long-term abuse list. They may list the IP addresses when necessary, but they should refer to the abusers by their temporary account usernames.

See also:

Can we publicly document the IP addresses used by suspected (but not confirmed) bad actors who are using temporary accounts?

In general, no, but sometimes yes, temporarily.

When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.

For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.

If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?

No. The IP address should not be published.

With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.

See also