Jump to content

Wikimedia Access to Temporary Account IP Addresses Policy

From Wikimedia Foundation Governance Wiki
Revision as of 20:03, 12 March 2024 by GVarnum-WMF (talk | contribs) (tvar fix)

Access to the IP addresses of temporary accounts helps users protect the Wikimedia projects. This access is different from access to the IP Information tool, which was designed to empower a broader range of users. As a condition of access, users who have not agreed to the Access to nonpublic personal data policy must agree to the following guidelines.

Background

Wikimedia projects are the collaborative product of a global community of volunteer users. The projects can be edited with or without logging into a Wikimedia account. Those who edit without logging into a Wikimedia account do so using a temporary account, which does not have log-in credentials.

Purpose

The Wikimedia Foundation gives certain logged-in users access to the IP addresses of temporary accounts to enable these users to enforce or investigate potential violations of Wikimedia Foundation or user community-based policies. Access is used to fight vandalism and spamming, to check for sockpuppet abuse, and to limit disruption to Wikimedia projects.

Use and disclosure of temporary account IP addresses

Use of temporary account IP addresses is limited to certain circumstances and contexts. This section covers the situations in which these IP addresses may be used and when they may be disclosed.

Use of temporary account IP addresses

Use of temporary account IP addresses is solely for the investigation of or enforcement against vandalism, abuse, spam, harassment, disruptive behavior, and other violations of Wikimedia Foundation or community policies. Access to temporary account IP addresses should be on an as-needed basis and in compliance with these guidelines, the Privacy Policy, and more restrictive local policies applicable to the relevant project.

Access should not be used for political control, to apply pressure on editors, or as a threat against another editor in a content dispute. There must be a valid reason to investigate a temporary user. Note that using multiple temporary accounts is not forbidden, so long as they are not used in violation of policies (an example of a violation includes to evade blocks or bans).

Those with access to temporary account IP addresses are able to:

  • Determine from which IP addresses a temporary account has performed edits or logged actions on a Wikimedia wiki.

This information is only stored for a short period (currently 90 days), so IP addresses used prior to that will not be shown. The IP addresses are accessible by clicking the reveal button next to a temporary account username on log, history, and recent changes pages. The IP addresses are also available through the IP Information tool.

Disclosure

Even if a user is violating policy, avoid revealing personal information if possible. Use temporary account usernames rather than disclose IP addresses directly, or give information such as same network/not same network or similar.

In the course of keeping the projects and other users safe, users may still need to disclose temporary account IP addresses to third parties. Permissible disclosures are limited to the following circumstances:

  • Users with access to temporary account IP addresses may privately disclose the IP addresses to other users who have the same access rights. To check if a user has access, please confirm within the local project's Special:Log/rights page for the ip-viewer right.
  • When it is reasonably believed to be necessary, users with access to temporary account IP addresses may also disclose the IP addresses in appropriate venues that enable them to enforce or investigate potential violations of our Terms of Use, the Privacy Policy, or any Wikimedia Foundation or user community-based policies. Appropriate venues for such disclosures include pages dedicated to Long-term abuse. If such a disclosure later becomes unnecessary, then the IP address should be promptly removed.
  • Users who have agreed to the separate Access to nonpublic personal data policy may also disclose temporary account IP addresses as permitted under that policy.

If temporary account IP addresses need to be disclosed in connection to a threat of imminent physical harm, immediately email emergency@wikimedia.org with details of the request so that it can be evaluated for possible Foundation disclosure.

Minimum requirements for access

Access is available only to logged-in users. To gain access, users must fulfill the requirements applicable to their user group, which are outlined below. Users who are members of more than one of the below user groups only need to fulfill the requirements of one of their user groups. For example, a user who is both a steward and administrator only needs to fulfill the steward requirements, and a user who is both an administrator and a patroller only needs to fulfill the admin requirements.

Steward and CheckUser

Access is automatically granted to users who are members of the steward and checkuser user groups. These users are expected to treat the IP addresses consistent with the Access to nonpublic data policy.

Admin

Opt-in through Special:Preferences. Administrators (including global sysops) must then agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies.

Patrollers and other users

Users who are not a member of one of the above groups may nonetheless need access to the IP addresses of temporary accounts to assist in patrolling, sock puppet investigations, or other work to protect Wikimedia projects.

To request access, these users must:

  1. Opt-in through Special:Preferences,
  2. Agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies,
  3. Meet all of the following general requirements:[Note 1]
    1. User account is a minimum of 6 months old,
    2. User account has made a minimum of 300 edits to Wikimedia projects, and
    3. User account is not currently blocked from editing more than one Wikimedia project; if blocked on one project, that project cannot be the project where IP address access is requested.
  4. If there are local requirements applicable to the project, users must also:
    1. Meet all of the local requirements, and
    2. Submit a request on the project where access is needed.

When there are no local requirements, access is automatically granted for users who meet requirements 1–3. When there are local requirements, automatic access is disabled to allow the users associated with those projects to review requests.

Local requirements

Communities are encouraged to create local requirements. Local requirements must be more restrictive than the general requirements outlined in point three above.

Examples of more restrictive requirements
  • A higher minimum account age than 6 months,
  • A higher minimum edit count than 300 edits,
  • Limits on what edits qualify in the edit count minimum, such as:
    • Only edits that are to the specific project
    • Only edits to specific namespaces
    • Only edits that have not been reverted
    • Only edits that occurred within a certain time period
  • No active blocks,
  • Demonstrated evidence of previous patrolling work,
  • Community election process, and/or
  • Any other requirements as determined by the local community, so long as the requirements are not lower than the general requirements

If local requirements have been created, they should be clearly outlined and include instructions on where users submit requests. Communities may choose to handle requests via an existing process or set up a new page. A configuration change must then be requested in order to disable the automatic access grant.

Exceptions

Communities can set higher requirements on their own, but exceptions to set lower requirements must be approved in writing by the Wikimedia Foundation Legal Department. To request an exception, please email privacy@wikimedia.org with an explanation and evidence of your community consensus on the matter.

Maintaining or removing access

Account activity

In order to maintain access to the IP addresses of temporary accounts, users must edit or take a logged action at least once within a 365-day period and follow any local activity requirements.

Removal of access

Users may voluntarily give up their access at any time by visiting Special:Preferences.

Concerns about potential abuse of access to temporary account IP addresses may be brought to a steward by placing a request on Steward requests/Permissions#Removal of access. Stewards are authorized to terminate a user's access if the user is determined to have misused the temporary account IP addresses. If necessary, requests for review by Trust & Safety staff can be made through ca@wikimedia.org, and user access removed in line with the Office actions policy. Complaints about infringements of the Privacy Policy will be escalated for review by the ombuds commission.

To ensure accountability, a log is kept of which users have access to temporary account IP addresses.

Notes

  1. These general requirements are adapted from requirements traditionally used to determine eligibility to vote in the Board Elections.

See also