Wikipedia:Requests for comment/Temporary account IP-viewer Source: en.wikipedia.org/wiki/Wikipedia:Requests_for_comment/Temporary_account_IP-viewer

Discussion preceding this RfC and ongoing discussion about the intersection of TAIV and other user rights.

See also this FAQ.

Please consider joining the feedback request service. An editor has requested comments from other editors for this discussion. This page has been added to the following lists: Wikipedia proposals Wikipedia policies and guidelines When discussion has ended, remove this tag and it will be removed from the lists. If this page is on additional lists, they will be noted below.

What should the minimum criteria for granting the TAIV user right right be? 17:01, 21 June 2025 (UTC)

The WMF is removing public access to IP addresses and replacing them with temporary accounts. (This will not affect visibility of IP addresses or edits from before implementation.) Temporary accounts are tied to browser cookies, which are set to expire three months from the first edit. This means that they will be different across web browsers and devices. The WMF has determined that temporary accounts are necessary to protect user privacy and comply with legal requirements, while maintaining the ability to edit Wikimedia sites anonymously.

The WMF has also created a new user right for access to temporary account IP addresses, which has come to be known as temporary account IP-viewer (TAIV). The minimum criteria for editors (other than functionaries, 'crats, and admins) seeking the user right are:

1. minimum account age of 6 months and 300 edits;
2. specifically applying for access;
3. opting in for access via Special:Preferences; and
4. "[a]gree[ing] to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies, and understand[ing] the risks and responsibilities associated with this privilege".

Activation and use of the right will be logged.

Users who are site-blocked will lose the user right. Stewards may revoke the right upon request at meta:Steward requests/Permissions#Removal of access "if the user is determined to have misused the temporary account IP addresses or local community consensus dictates removal." The WMF has clarified below that admins, not just stewards, have the technical capability to remove the right. 20:51, 23 June 2025 (UTC)

Question 1: Should we adopt the minimum or heightened standards for TAIV? If the latter, please specify.

Question 2: Should we authorize any of the following actors to request removal of TAIV upon evidence of misuse of the right? -- mooted

• Option A: the Arbitration Committee or its delegates
• Option B: a consensus of (i) functionaries, (ii) 'crats, or (iii) admins
• Option C: individual (i) functionaries, (ii) 'crats, or (iii) admins

• Option 1A: (i) 500 edits/6 months and (ii) a demonstrated need for TAIV, as evidenced by counter-vandalism work, participation in NPP or AfC, sock hunting, etc. You should at least have extended confirmed to get this user right. The demonstrated need requirement is to ensure editors have a good track record and prevent abuse up front. I do not believe that we need to specify that editors should not be blocked or banned because I think that should usually be heavily weighed against an editor seeking any permission. voorts (talk/contributions) 17:01, 21 June 2025 (UTC)[reply]

  Note: If consensus for option 1A does not develop, I think that we should default to the WMF minimum. voorts (talk/contributions) 21:27, 22 June 2025 (UTC)[reply]

  I also think we can trust admins not to grant this right to editors who have had their extended confirmed revoked. voorts (talk/contributions) 22:12, 22 June 2025 (UTC)[reply]

• Option 1A per voorts, but I think that logging every single instance of the usage of the right is overkill 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:13, 21 June 2025 (UTC)[reply]
• Option 1A, tho I would still prefer a explicit "not under any kind of sanctions for X months" rider attached, I think the current requirement are okay as a initial blueprint for the community to start with. Sohom (talk) 17:29, 21 June 2025 (UTC)[reply]
• Option 1A Our Discussion already tells why. OPHYRIUS ^⚔ 17:48, 21 June 2025 (UTC)[reply]
• Meh. One part of me wants to say "Of course we want this as strict as possible", but honestly, there's no practical difference between 6/300 and 6/500. The important thing is that you have to make a specific application; I think we can trust the folks at WP:PERM to exercise good judgement on who they give it to. RoySmith (talk) 18:24, 21 June 2025 (UTC)[reply]
• What Voorts said. Seems like a good standard. Mrfoogles (talk) 22:32, 21 June 2025 (UTC)[reply]
• What Voorts said but would tie it directly to EC. We already have set 6/500 as a standard here, and it makes sense to just say "must meet Extended Confirmed threshold" rather than create multiple standards. Dennis Brown - 2¢ 00:06, 22 June 2025 (UTC)[reply]

  Extended confirmed is 30 days, not 6 months. voorts (talk/contributions) 00:17, 22 June 2025 (UTC)[reply]

• I'd prefer the WMF minimum here, 300 edits/6 months. We're still going to have PERM admins reviewing each request and they can exercise their discretion. No need to tie their hands. This right is really no big deal. Toadspike [Talk] 06:57, 22 June 2025 (UTC)[reply]
• Minimum. As with Toadspike, I trust that reviewing admins will grant the permission when appropriate. If they judge that an editor with 300 edits has need of, and can be trusted with, the permission then so be it. fifteen thousand two hundred twenty four (talk) 07:11, 22 June 2025 (UTC)[reply]
• What Voorts said but with the replacement of "500 edits" with "must be extended-confirmed". For most editors this is equivalent but requiring EC automatically excludes editors who had EC revoked for gaming their edit count. Dan Leonard (talk • contribs) 20:21, 22 June 2025 (UTC)[reply]

  EC can be granted early, so this would have to be an additional requirement rather than a replacement. Jruderman (talk) 22:08, 22 June 2025 (UTC)[reply]

  I think it should still be a replacement. If an admin feels the need to grant EC early and the WMF minimums are met, then an editor should be eligible. Dan Leonard (talk • contribs) 22:06, 23 June 2025 (UTC)[reply]

• WMF minimum plus demonstrated use case at the discretion of the grantor. — rsjaffe 🗣️ 20:29, 22 June 2025 (UTC): amended to include that the request must have a reasonable use case attached to it (such as, but not restricted to, being on NPP). Just like rollbacker requests, want a reason attached to the request. — rsjaffe 🗣️ 22:13, 22 June 2025 (UTC)[reply]

  I agree with you here, but this is a basic part of the PERM process, so I'm not sure we need to specify it separately. For example, WP:PERM/R doesn't specifically say that users must explain why they want the right, even though they must. Toadspike [Talk] 09:08, 23 June 2025 (UTC)[reply]

• Minimum. WMF's move is rather absurd — it's hardly a privacy issue when you refuse to log into your own account, or when you refuse to create one — but we're stuck with it. We shouldn't make the situation worse by making users jump through additional hoops. Nyttend (talk) 04:01, 23 June 2025 (UTC)[reply]
• Minimum: Whatever WMF sets as the minimum standard should be followed by us. Ofcourse, permission granting administrators can make the judgement of who demonstrates a need for the right, even if they have just 300 edits. In case of misuse, we will also have mechanisms to revoke the right. —CX Zoom[he/him] ^{(let's talk • {C•X})} 20:18, 23 June 2025 (UTC)[reply]
• Mininum + demonstrated need – PharyngealImplosive7 (talk) 23:38, 23 June 2025 (UTC)[reply]
• Minimum. This is no big deal and requirements should be kept low. Users already must "agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies", and, assuming their credibility and good faith generally, particular evidence to prove why they "need" to have access is not necessary. Regarding extended confirmed, generally guidelines for permissions are not tied to that, and this permission should not be either. Adumbrativus (talk) 08:36, 24 June 2025 (UTC)[reply]
• Minimum. Right now it requires 0 standards, so even the minimum is a huge jump. --Ahecht (TALK
  PAGE) 16:28, 24 June 2025 (UTC)[reply]
• Minimum plus discretion of granting admin. RoySmith is correct that there is no significant difference between 300 and 500 edits. 300 edits is not a random number; there was research behind the WMF's choice. Let's stick with the research-backed levels, and raise them later if we find that we actually need to. WhatamIdoing (talk) 03:02, 26 June 2025 (UTC)[reply]
• Minimum No additional formal/numeric requirement, just discretion of WP:PERM. Leijurv (talk) 22:31, 26 June 2025 (UTC)[reply]

• Abo Yemen regarding logging every single instance of the usage of the right is overkill, every time a checkuser views a user's IP address, the access is logged. Surely the same should apply to TAIP. RoySmith (talk) 17:18, 21 June 2025 (UTC)[reply]

  Moved from survey section. That is not something that we can change. I believe that the rationale behind logging is that, like CU, the user right provides access to private data. voorts (talk/contributions) 17:16, 21 June 2025 (UTC)[reply]

  See wmf:Policy:Wikimedia Access to Temporary Account IP Addresses Policy#Use of temporary account IP addresses:

  The following actions are logged:

  • When a user accepts the preference that enables or disables IP reveal for their account.
  • Revealing an IP address of a temporary account.
  • Listing the temporary accounts that are associated with an IP address.

  voorts (talk/contributions) 17:24, 21 June 2025 (UTC)[reply]

  so basically WP:XC users are going to be the new checkusers? Is there a way to oppose this temp acc proposal altogether? 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:26, 21 June 2025 (UTC)[reply]

  No and no. voorts (talk/contributions) 17:31, 21 June 2025 (UTC)[reply]

  ): 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:35, 21 June 2025 (UTC)[reply]

  Not by default, only on request at WP:PERM. Sohom (talk) 17:31, 21 June 2025 (UTC)[reply]

  An RFC to disable editing without an account. ScottishFinnishRadish (talk) 19:47, 21 June 2025 (UTC)[reply]

  I would totally support that. I don't see what value IP editing adds. It certainly doesn't give the editor any additional privacy. If anything, an IP editor has less privacy because their IP address leaks information. With TAIP, the ability to correlate multiple IP addresses leaks a lot more information. And on our side, what we get is a lot more work to manage it, not to mention all the effort that has gone into developing the feature. RoySmith (talk) 21:31, 21 June 2025 (UTC)[reply]

  With TAIP, the ability to see multiple IP addresses is still only given to those with special permission, so TAIP users have much less exposure than IP editors do. Remember that checkusers can already see the IPs of people with accounts. With TAIP only checkusers will be able to see the IPs of those without accounts. And the value that IP editing adds is allowing people to edit the encyclopedia with less friction -- less friction means more people working on it, which makes it overall better, ideally. Mrfoogles (talk) 22:30, 21 June 2025 (UTC)[reply]

  Re: With TAIP only checkusers will be able to see the IPs of those without accounts I suspect that's not what you intended to say. RoySmith (talk) 23:51, 21 June 2025 (UTC)[reply]

  Only real checkusers can look at these logs. JJP_Master (she/they) 04:34, 23 June 2025 (UTC)[reply]

  That's not true. The logs are publicly available, as with all logged actions. voorts (talk/contributions) 12:39, 23 June 2025 (UTC)[reply]

  Special:Log/checkuser-temporary-account seems to be limited to CUs as of right now - will that change, or am I looking in the wrong place? WindTempos _they ^{(talk • contribs)} 13:02, 23 June 2025 (UTC)[reply]

  Nevermind; I was confusing this with the log of blocked IP addresses, which will still be available. See, for example [1]. voorts (talk/contributions) 13:24, 23 June 2025 (UTC)[reply]

  I think that most non-admins are going to find that they actually don't "need" this as much as they were thinking, as the more generic information will usually be sufficient.

  Every single use will be logged. This is happening so that if an IP address (which is explicitly protected as private information by various countries' laws) turns up, e.g., on an "anonymous" social media post, the WMF should be able to figure out exactly which editor(s) accessed that information. I therefore suggest to editors that they use it when they need it, and not use it when they don't – and to make sure that you don't violate any of the confidentiality rules that you're signing up for. WhatamIdoing (talk) 03:09, 26 June 2025 (UTC)[reply]

• There's 1 point, the user having TAIV, would about a half CU. WMF rolled out this policy only for privacy of the anonymous editors. It's one of the reasons extended confirmed is required as only trusted users should receive this right (Most of the users voting this are from the preceding discussion). This would also reduce chances of socks receiving TAIV as they would likely be caught before the get extended confirmed. OPHYRIUS ^⚔ 17:55, 23 June 2025 (UTC)[reply]

• For those supporting options B and C: if one admin, bureaucrat, or functionary requests removal, can their request be overridden by a consensus of a group of admins, bureaucrats, or functionaries? Do they need to find consensus against removing the privilege, or does a lack of consensus to remove the privilege suffice? isaacl (talk) 16:46, 22 June 2025 (UTC)[reply]

  I assume that one could go to Wikipedia:Administrative action review. — rsjaffe 🗣️ 20:26, 22 June 2025 (UTC)[reply]

  I agree. This would be the same as any other admin removing a right that they're authorized to. If reversal is necessary, it's easy enough to ask the stewards to give the right back. voorts (talk/contributions) 20:37, 22 June 2025 (UTC)[reply]

  In this case, I think option B should be omitted from the actual written policy. The normal collaborative practice is that administrators can take an action on their own initiative, but if a consensus (in most cases, within the community) is determined, then it takes precedence. Option B only allows for a consensus to be established among administrators, bureaucrats, and functionaries. If review is to take place at the administrative action review venue, then the normal collaborative practice suffices. isaacl (talk) 21:43, 22 June 2025 (UTC)[reply]

  I think a consensus of functionaries (e.g., on the CU/OS email group if someone reports TAIV abuse concerns to them) should be allowed to authorize revocation of the right. Likewise, a consensus of admins on a user talk page deciding on unblock conditions should be allowed to agree to revoke TAIV. The community shouldn't be overriding functionary determinations (that's for ArbCom and the Ombuds), and they could review a consensus of admins via AN as always. voorts (talk/contributions) 21:51, 22 June 2025 (UTC)[reply]

  Sure, but that's a subset of option C, since any individual functionary or admin can implement the consensus from a group of functionaries or admins, just like a group of checkusers today can consult with each other to decide on implementing a block. I agree it make sense that functionary decisions to revoke the privilege, which could be based on private information, shouldn't be reviewable by the community. isaacl (talk) 02:12, 23 June 2025 (UTC)[reply]

• Given @Szymon's comment above, I think this question is now a moot point. Any objections to closing it? voorts (talk/contributions) 12:37, 23 June 2025 (UTC)[reply]

  Although any admin may be technically capable of removing the privilege, the community still needs to establish a process of how to decide when it should be removed: can an individual admin decide on removal, or does it have to be a community consensus? Can checkusers and oversighters act unilaterally (with any review to be performed by the arbitration committee)? (I'm not sure if bureaucrats should be in a different category than admins for this process.) isaacl (talk) 16:44, 23 June 2025 (UTC)[reply]

  Well the question was framed as "who can ask the stewards to remove it", but now that we know we don't need the stewards, the question being presented here is incorrect/inapt. Additionally, why do we need to decide on if admins can remove the right? Admins are already the ones who will be granting the right and can remove it. Why should this user right be different than other ones? voorts (talk/contributions) 16:51, 23 June 2025 (UTC)[reply]

  To me, who pushes the buttons is a distinct issue from the decision-making process. So I think the idea that the user right should be handled the same as the current ones still applies even if a request had to be made to the stewards to actually remove the privilege. Question 2 seemed to me to be examining other decision-making processes, but I agree a version of it is not needed if no one wants to consider other processes. isaacl (talk) 17:34, 23 June 2025 (UTC)[reply]

  I really think we ought to handle this just like any other ordinary, sub-admin permission. That includes individual admins removing it when they deem that appropriate. And just like any other ordinary, sub-admin user right, if someone loses it and wants to complain, they can follow the same processes that we use now. Reinventing the wheel is unnecessary. Just make this be a normal user right, handled in the normal ways. WhatamIdoing (talk) 03:12, 26 June 2025 (UTC)[reply]

  Sure; with the withdrawal of question 2, I don't think anyone is proposing a different process. isaacl (talk) 04:09, 26 June 2025 (UTC)[reply]