Jump to content

IP Düzenleme: Gizliliği Geliştirme ve Kötüye Kullanımı Azaltma/SSS

From mediawiki.org
This page is a translated version of the page Trust and Safety Product/Temporary Accounts/FAQ and the translation is 20% complete.
Outdated translations are marked like this.

The basics

Geçici hesap nedir?

Bir kayıtlı hesaba giriş yapmadan Wikipedia veya Wikimedia Vakfı tarafından barındırılan diğer sitelerde bir düzenleme yayınladığınızda, sizin için bir Special:MyLanguage/Help:Temporary accounts geçici hesap oluşturulacaktır. Bu hesaba otomatik olarak bir kullanıcı adı verilir. Hesap oluşturulduğunda tarayıcınızda bir çerez ayarlanacaktır. Bu kullanıcı adı, IP adresiniz değişse bile tarafınızca yapılan tüm değişiklikleri size atfetmek için kullanılacak. Geçici hesap ile, IP adresiniz yalnızca güncellenen Gizlilik Politikasında belirtildiği üzere yetkili personel ve topluluk üyeleri tarafından görüntülenebilecek.

See also:

Kullanıcı adına neden ihtiyacımız var?

The license used on the Wikimedia wikis requires each edit to be attributed to a user identifier.

Ücretsiz bir kayıtlı hesap oluşturan kişiler kendi kullanıcı adlarını belirleyebilir. Kayıtlı hesap kullanmayanlara ise otomatik olarak geçici bir hesap verilir. Katkılarınız, önceden User:192.0.2.1 gibi IP adreslerinize kaydediliyordu.

Geçici kullanıcı adı neye benziyor?

Example of temporary user name: ~2024-1234567

Geçici hesaplar için otomatik üretilen kullanıcı adları, bir tilde (~) ve o hesapla yapılan ilk düzenlemenin yapıldığı yıl ile başlar. Yılı, beş rakamlı gruplara ayrılmış sayılar takip edecek. Mesela, User:~2024-12345-67. Kullanıcılar bu örneğe uyan kullanıcı adları ile normal hesapları kaydedemez.

Note that users cannot choose a temporary account name. Their account name is auto-generated.


Will temp accounts persist across different projects?

Yes, they will be persisted across projects the same as for registered accounts. During the deployment phase, some wikis will have temporary accounts enabled and others won't. During this time, temporary accounts will be "global" only on the wikis that have temporary accounts enabled. We will continue to have IP editing on the other projects.

Why are you working on temporary accounts at all?

Wikimedians began discussing the exposure of IP addresses as a privacy issue shortly after MediaWiki was developed. For example, there is a thread dating back to 2004. For many years, there was no strong incentive to change this, so the Wikimedia Foundation wasn't working on it. But in the meantime, in many countries, new laws and new standards were introduced. Finally, in 2018, the Foundation's Legal department determined that the indefinite public storage of IP addresses presents serious risks. This includes legal risks to the projects and risks to the users. Today, this project is one of the priorities of the Foundation's leadership.

See also:

Why a temporary account is the right solution to the problem?

There are some hard requirements that led to the design of the temporary accounts. Some of them are of legal, and some are of technical nature:

What we are facing What we have decided to do
One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. Temporary accounts will be created automatically (people won't need to create an account themselves).
Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed.
The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser.
The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. A temporary account does not break anything in the way user accounts are handled. Aside from some special case behaviors that are required (such as some features that need to be disabled for temporary accounts), most code is likely to work without unexpected failures.

See also:

Is the Wikimedia Foundation monitoring the effect of using temporary accounts on our communities?

As of February 2024, not yet, because temporary accounts haven't been introduced on any wiki yet.

The teams involved in this work are monitoring some "guardrail" metrics. These include how many users get blocked, how many pages get deleted, how many edits get reverted, and the number of requests for assistance from CheckUsers.

Guardrail metrics in detail 

{{{2}}}

What if a temporary account holder needs to be blocked?

Temporary accounts' IPs will be stored for a period of 90 days. Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.

Will temporary accounts be covered by the autoblock mechanism?

Locally, this works in the same way as it currently works for registered accounts (IP addresses are not available to the public). More information is available in Phabricator as phab:T332231. Temporary account can also be blocked via global autoblocks.

IP addresses appear in the history of many pages. Will those past uses be modified?

No.

Historical IP addresses that were published on wiki before the switch to temporary accounts will not be modified. The Wikimedia Foundation Legal department has approved this decision.

Bu değişiklikler benim vikime ne zaman ulaşacak?

Bot işletenler ve araç geliştiricileri, araçlarını mümkün mertebe erken test etmek için teşvik edilir.

  • Eylül 2023 itibariyle, ilk kamu pilot vikisine (örneğin, düşük trafikli bir Vikipedi) görevlendirme Mart 2024'te bekleniyor.
  • If the first deployments are successful and we don't have a ton of unexpected work, then in February 2025, we will roll out on larger wikis. We call this major pilot deployment. It may include some top10 wikis, but not English Wikipedia.
  • Next, in May 2025, we will deploy on all remaining wikis in one carefully coordinated step.

We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.

This answer is based on attorney advice we are choosing to follow.

Can this change be rolled out differently by location?

No.

We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.

If we tell someone their IP address will be published, isn't that enough?

No.

Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.

How will the project affect CC license attribution?

It will not affect it.

The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so using that as a proxy for un-registered editors is not different from an the temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.

Single wiki community questions

What if a community wants to keep using IP addresses?

After temporary accounts become available, displaying IP addresses for subsequent contributions will no longer be permitted. All communities need to prepare for the change to temporary accounts.

Would disallowing or limiting anonymous editing be a good alternative?

Unlikely.

In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. We've seen large drops in the net non-reverted content edits over time in Farsi Wikipedia.

At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.

Technical details about temporary accounts

Are temporary accounts deployed anywhere? Where can I test it?

Keep in mind that these are testing wikis. Software there may not work as expected.

Geçici hesabım ne kadar sürer?

Geçici hesabınız, çerez var olduğu sürece çalışacaktır. Şu an için çerez, ilk düzenlemeden bir yıl sonra sona erecek şekilde ayarlandı.

Aşağıda bir geçici hesabın geri döndürülemez şekilde kaybolacağı en yaygın ihtimaller yer almaktadır:

  • Tarayıcınızdaki çerezleri temizlemeniz.
  • Geçici hesap oluşturulurken kullandığınız tarayıcıdaki profili silmeniz.
  • Gizli pencere (özel gezinti) kullanmanız ve ardından pencereyi kapatmanız.
  • Çerezin sona ermesi.

Geçici hesabınız kaybolursa, bir sonraki düzenlemenizi yayınladığınızda yeni bir kullanıcı adıyla yeni bir geçici hesap otomatik olarak oluşturulacaktır. Kalıcı bir hesap oluşturmak istiyorsanız, istediğiniz zaman ücretsiz bir kayıtlı hesap oluşturabilirsiniz.

Will temp accounts persist across client IP changes?

Yes. Just as with registered accounts, the account persists across IPs.

Geçici hesabıma nasıl giriş yaparım? Geçici hesabımın şifresi ne?

Geçici hesaba giriş yapmak imkansızdır. Bu hesaplar için şifre yoktur. Geçici bir kullanıcı olarak "giriş yapmış" olmanın tek yolu, o hesapla ilk düzenlemenizde göre ayarlanmış, özgün, sona ermemiş çerezi kullanmaktır. Geçici hesabınıza yalnızca oluşturulduğu cihaz veya tarayıcıdan ulaşabilirsiniz. Bir şifre belirlemek ve başka cihazlarda da giriş yapabilmek istiyorsanız lütfen ücretsiz kayıtlı bir hesap oluşturun.

Does my temporary account work across devices if I have my browser synchronized?

No.

This is a consequence of how browsers work. In contrast to browser history, open tabs, etc., session cookies are not synchronized across devices.

Geçici hesabımla ne yapabilirim?

Geçici hesabınız tüm Vikipediler ve Wikimedia Vakfı tarafından barındırılan diğer TKG (Tek Kullanıcı Girişi-Single User Login) bağlantılı vikilerde çalışır. IP adresinizle değişiklik yaparken sahip olduğunuz şeylerle benzer şeylere sahip olmanız gerekir. Buna Vikipedi'deki çoğu maddeyi düzenlemek de dahildir. Geçici hesaplara geçişle yeni bir özelliğe sahip olacaksınız. Diğer kullanıcılardan gelen mesajlar hakkında bildirimler alabileceksiniz.

Commons'a fotoğraf yüklemek gibi bazı eylemler ücretsiz kayıtlı hesabı olan kullanıcılara özgüdür. Kayıtlı hesaplar kalıcıdır, sizin için daha fazla gizlilik koruması sağlar ve kişiselleştirme için birçok tercih ayarı sunar. Kalıcı hesap oluşturmak hızlı ve kolaydır. Ücretsiz kayıtlı bir hesap oluşturmak için e-posta adresine ihtiyacınız yoktur.

Not: Ücretsiz kayıtlı hesap oluşturduğunuzda, geçici hesabınızdaki düzenleme geçmişi, bildirimler ve mesajlar yeni kayıtlı hesabınıza aktarılmayacak.

Geçici kullanıcı adı özgün olacak mı?

Yes.

Birçok TKG (Tek Kullanıcı Girişi-Single User Login) bağlantılı vikide Kullanıcı:~2024-12345-67 gibi bir hesap görüyorsanız, bunun aynı hesap olduğundan emin olabilirsiniz.

What if temporary accounts are only enabled on some wikis?

Wikis that have temporary accounts enabled will display unregistered editors as temporary accounts. On non-temp-accounts wikis they will still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.

Context: We are considering the rollout strategy for temporary accounts. The rollout will be a gradual process that will likely take some months before every project has switched over to temporary accounts completely. There will be time when some wikis will have temporary accounts enabled (pilots) and others will not.

This may create a problem with some features that rely on having a persistent user identity across wikis. If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.

Deneyimli katılımcı soruları

Hizmetliyim ve aralık blokunu hesaplamam gerekiyor. Geçici hesapların IP adreslerini görebilir miyim?

Wikimedia Vakfı'ndaki belirli personelin yanı sıra, buna kâhyalar, denetçiler, küresel hizmetliler, hizmetliler ve yeterlik kriterlerini karşılayan devriyeler de dahildir.

IP adresleriyle ilişkili gizlilik riskleri vardır ve bunlar sadece etkili devriyelik için bu bilgilere sahip olanaklı olan insanlara görünür olacaktır.

See also:

Yeterlilikleri karşılayan bir hesabım var. IP adreslerini nasıl görebilirim?

Özel:Tercihler'e gidin ve katılın.

KAOKVEP'i imzalamam gerekir mi?

No.

Kamuya açık olmayan kişisel verilere erişim politikası (KAOKVEP), Wikimedia Vakfı'nın denetçiler ve diğer belirli görevlere sahip kişilerin görevleri sırasında elde ettikleri kamuya açık olmayan kişisel verileri nasıl korumaları gerektiğine dair bir yasal politikadır. Gönüllü hizmetlilerin ve devriyelerin KAOKVEP anlaşmasını imzalamasına gerek yoktur. Ancak, yerel vikinizdeki Özel:Tercihler aracılığıyla IP adreslerine erişmek için giriş yapmayı seçmeniz gerekir.

How will editors apply for this new user right?

By default, this will be automatically assigned to eligible users. The only thing you will need to do is to opt-in when it becomes available at your wiki.

However, each wiki can set its own process with standards higher than the minimum, such as a process that requires individual review. The Wikimedia Foundation is not requiring a process equivalent to becoming an admin in the largest communities. Communities may choose to handle these requests via their existing processes, or to set up new pages. For example, the English Wikipedia may choose to take requests at w:en:Wikipedia:Requests for permissions, and the German-language Wikipedia may choose to handle requests at w:de:Wikipedia:Administratoren/Anfragen, and the Ukrainian Wikipedia may choose to handle requests at w:uk:Вікіпедія:Заявки на права патрульного. Very small communities often take similar requests on their village pump.

My community wants to set higher requirements. How do we do that?

Follow the directions in Access to temporary account IP addresses#Local requirements. Usually, this will mean having a discussion in the local community, documenting the community's decision, and then following the process for Requesting wiki configuration changes.

When will the user right become available? When can we start assigning it?

The user right will likely be added to the MediaWiki software together with the first pilot wiki deployments, although it will not initially be useful at all wikis. Communities that want to use a process requiring individual review can start pre-approving editors at any time.

My wiki has an existing group whose userrights are already higher than the minimum requirements. They would all get this right automatically if we didn't choose to have a separate process. Can we assign this new right to all of them?

So long as all of the users in the group meet or exceed all of the minimum requirements, then it can be assigned to an existing group. Future members of that group will need to meet or exceed all of the minimum requirements.

The minimum requirements for non-admins are too high

This may occasionally be true, such as when a wiki is newly created. In such cases, someone at that wiki needs to request an exception from the Wikimedia Foundation Legal Department. Contact privacy@wikimedia.org with an explanation of the situation in your community.

I meet the minimum requirements for automatic access, but my community requires individual review, and they denied my request!

Whether to grant this user right to someone who meets the minimum requirement is entirely up to the local community. No one is required to give you this user right.

I'm an admin, but I don't want this user right

You won't be able to see any of this information unless you click to accept the agreement.

I believe that someone is misusing this information

Please report privacy-related concerns to the ombuds commission. To ensure accountability, logs are kept of tool usage and of which users have access to the tool.

Other concerns about potential misuse may be brought to a steward by placing a request on m:Steward requests/Permissions#Removal of access. Stewards are authorized to block a user’s access to IP addresses if they determine that misuse occurred. This will prevent access even if the user would be automatically eligible or has been granted access through a community process.

Can't an abuser just clear cookies?

Yes, they can. Temporary accounts are not intended to solve any anti-abuse problems.

We know the problem of abusers making edits through a pool of changing IPs while masking browser agent data. This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.

Tools will be adapted to ensure that bidirectional mappings between temporary accounts within the last 90 days and IPs can be safely and efficiently navigated by trusted functionaries. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without elevated user rights, or if some of the edits involved are more than 90 days old.

Otomatik engeller geçici hesaplarla nasıl çalışacak?

Otomatik engeller, vandalların ve diğer yüksek riskli kullanıcıları hızlıca yeni hesaplar oluşturarak projelerdeki işleyişi aksatmaya devam etmelerini engeller. Geçici hesaplar için otomatik engeller, kayıtlı kullanıcılar için otomatik engeller ile aynıdır.

Some communities currently have public pages for documenting the activities of some bad actors, including their IP addresses (e.g., Long-term abuse). Will this documentation still be permitted?

Yes.

The communities should treat the IPs of logged in users and temporary account holders the same on the Long-term abuse list. They may list the IP addresses when necessary, but they should refer to the abusers by their temporary account usernames.

See also:

Can we publicly document the IP addresses used by suspected (but not confirmed) bad actors who are using temporary accounts?

In general, no, but sometimes yes, temporarily.

When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.

For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.

If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?

No. The IP address should not be published.

With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.

Ayrıca bakınız