Policy:Wikimedia Access to Temporary Account IP Addresses Policy - Wikimedia Foundation Governance Wiki

Policy:Wikimedia Access to Temporary Account IP Addresses Policy - Wikimedia Foundation Governance Wiki
Jump to content
From Wikimedia Foundation Governance Wiki
Translate this page
Other languages:
Bahasa Indonesia
Kiswahili
Nederlands
Tiếng Việt
Türkçe
català
italiano
magyar
norsk bokmål
polski
português
português do Brasil
română
slovenčina
suomi
toki pona
čeština
Ελληνικά
български
русский
српски / srpski
українська
עברית
العربية
فارسی
پښتو
नेपाली
हिन्दी
বাংলা
ગુજરાતી
ไทย
မြန်မာဘာသာ
中文
粵語
한국어
This policy or procedure is maintained by the
Wikimedia Foundation
Please note that in the event of any differences in meaning or interpretation between the original English version of this content and a translation, the original English version takes precedence.
+/-
translate
This is a summary of the policy. To read the full terms, scroll down.
Disclaimer: This summary is not a part of policy and is not a legal document. It is simply a handy reference.
The IP addresses of temporary accounts are not made publicly available. However, certain users need access to enforce or discover potential violations of Wikimedia Foundation or user community-based policies. To do this, these users may:
Access and use
temporary account IP addresses.
Disclose
connections between associated temporary accounts when needed.
Disclose
temporary account IP addresses when needed.
Those with access to temporary account IP addresses, bear in mind:
A non-public log details when you
reveal an IP address
You will not
lose access
for mistakenly revealing an IP address; grounds for removing access are if there is a repeated pattern or intentional misuse, or local community consensus.
If you are blocked sitewide from editing a Wikimedia project, you will
lose access
to temporary account IP addresses on that project.
If you have a role that needs persistent and efficient access to IPs, you may have the ability to enable "auto-reveal" to automatically
show IPs
of temporary accounts.
Access to the IP addresses of temporary accounts
helps users protect the Wikimedia projects. This access is separate from access to the
IP Information tool
. As a condition of access, users who have not agreed to the
Access to nonpublic personal data policy
must agree to the following guidelines.
Background
Wikimedia projects are the collaborative product of a global community of volunteer users. The projects can be edited with or without logging into a Wikimedia account. Those who edit without logging into a Wikimedia account do so using a temporary account, which does not have log-in credentials.
Purpose
The Wikimedia Foundation gives certain logged-in users access to the IP addresses of temporary accounts to enable these users to enforce or investigate potential violations of Wikimedia Foundation or user community-based policies. Access is used to fight vandalism and spamming, to check for sockpuppet abuse, and to limit disruption to Wikimedia projects.
Use and disclosure of temporary account IP addresses
Access to the IP addresses of logged-out editors is restricted by policy. This ensures the information is only used for anti-abuse workflows on the Wikimedia projects. Users who have access to IP addresses must not share them with someone who does not have the same access permissions unless disclosure is permissible as per guidelines below.
Outside actors who may want to access IP addresses could contact users who have this right in an attempt to obtain this information. Users with IP access privileges should be aware of this, and alert to the possibility of suspicious access requests.
Use of temporary account IP addresses
Use of temporary account IP addresses is solely for the investigation and discovery of, or enforcement against, vandalism, abuse, spam, harassment, disruptive behavior, and other violations of Wikimedia Foundation or community policies. Use of the IP auto-reveal mode by users who regularly view temporary account IP addresses in the course of investigations and enforcement is permissible, as long as any automatically revealed IP addresses are used solely for the purposes described above.
Access should not be used for political control, to apply pressure on editors, or as a threat against another editor in a content dispute. Note that using multiple temporary accounts is not forbidden, so long as they are not used in violation of policies (an example of a violation includes to evade blocks or bans).
Those with access to temporary account IP addresses are able to determine from which IP addresses a temporary account has performed edits or logged actions on a Wikimedia wiki. This information is only stored for a short period (currently 90 days), so IP addresses used prior to that will not be shown. The IP addresses are accessible by clicking "Show IP" on log, history, and recent changes pages. The IP addresses are also available through the IP Information tool.
The following actions are
logged
Accepting the preference that enables or disables IP reveal.
Revealing an IP address of a temporary account.
Enabling or disabling the IP auto-reveal mode.
Listing the temporary accounts that are associated with an IP address or CIDR range.
Access to temporary account IP addresses should be in compliance with these guidelines, the
, and more restrictive local policies applicable to the relevant project.
Disclosure
Even if a user is violating policy, avoid revealing personal information if possible. Use temporary account usernames rather than disclosing IP addresses directly, or give information such as same network/not same network or similar.
In the course of keeping the projects and other users safe, users may still need to disclose temporary account IP addresses to third parties. Permissible disclosures are limited to the following circumstances:
Users with access to temporary account IP addresses may privately disclose the IP addresses to other users who have the same access rights. To check if a user has access, please confirm using the
user info card
Associations between temporary accounts may be made publicly when reasonably believed to be necessary, even if based on nonpublic information. However, public disclosures of associations between temporary accounts and standard accounts may not be based on nonpublic information due to differing access policies. Public disclosures of associations based on behavioral evidence are permissible.
When a user with access to temporary account IP addresses blocks, unblocks, or performs other administrative actions, such users may make implied disclosures of connections between temporary accounts and their associated IP addresses, such as by issuing consecutive blocks. However, such users may not explicitly connect temporary accounts and their associated IP addresses except as permitted by this policy; for example, direct disclosures in the block reason field are not permitted.
When it is reasonably believed to be necessary, users with access to temporary account IP addresses may also disclose the IP addresses in appropriate venues that enable them to enforce or investigate potential violations of our
, the Privacy Policy, or any Wikimedia Foundation or user community-based policies. Appropriate venues for such disclosures include public pages dedicated to
Long-term abuse
and
sockpuppet investigations
. If such a disclosure is later shown to have been unnecessary or mistaken, then the IP address should be promptly removed from the page text and revision-deletion considered.
Users who have agreed to the separate
Access to nonpublic personal data policy
may also disclose temporary account IP addresses as permitted under that policy.
If temporary account IP addresses need to be disclosed in connection to a
threat of imminent physical harm
, immediately email emergency
wikimedia.org with details of the request so that it can be evaluated for possible Foundation disclosure.
Users can report any formal and informal requests they receive that do not fall under the authorized scope of this policy, including subpoenas from law enforcement, government agencies, attorneys, or other third parties, to the Wikimedia Foundation's legal department at legal
wikimedia.org.
Minimum requirements for access
Access is available only to logged-in users. To gain access, users must fulfill the requirements applicable to their user group, which are outlined below. Users who qualify for both global access and local access, need only meet the requirements associated with global access. The IP reveal right cannot be bundled with user rights given to user groups that are not listed, users who are members of groups that are not listed may gain access through fulfilling the requirements set for
other users
Global access
Members of certain global user groups and certain local user groups require access to temporary account IP addresses across all Wikimedia projects in order to perform their roles. Requirements for access depend on the user group. Users who are members of more than one of the below user groups only need to fulfill the requirements of one of their user groups. For example, a member of both the Ombuds and Abuse filter maintainers user groups will receive automatic access through the Ombuds requirements; such a user's access would still be for both roles.
Stewards, Ombuds, U4C, and Staff
Access is automatically granted to users who are members of any of the following global user groups:
Stewards
Ombuds
Universal Code of Conduct Coordinating Committee (U4C)
, and Staff. Stewards, Ombuds, and U4C members are expected to treat the IP addresses consistent with these guidelines and the
Access to nonpublic data policy
. Staff are expected to treat the IP addresses consistent with their NDA.
Global sysops, Global rollbackers, and Abuse filter maintainers and helpers
Members of the
Global sysops
Global rollbackers
Abuse filter maintainers
, and
Abuse filter helpers
user groups may opt-in globally through
Special:GlobalPreferences
. These users must then agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies. Alternatively, these users may choose not to opt-in globally; global access will then not be granted so long as the users are not also members of global user groups that have automatic access.
CheckUsers and Oversighters
Users who are members of local
CheckUsers
or
Oversighters
user groups may opt-in globally through
Special:GlobalPreferences
. These users are expected to treat the IP addresses consistent with these guidelines and the
Access to nonpublic data policy
Local access
Certain users require access to temporary account IP addresses on individual "local" Wikimedia projects in order to protect those projects. Requirements for access depend on the local user group. Users who are members of more than one of the below user groups only need to fulfill the requirements of one of their user groups. For example, a member of both the local CheckUsers and Bureaucrats user groups will receive automatic access through the CheckUsers requirements; such a user's access would still be for both roles.
CheckUsers and Oversighters
Local access is automatically granted to users who are members of the local
CheckUsers
or
Oversighters
user groups. These users are expected to treat the IP addresses consistent with these guidelines and the
Access to nonpublic data policy
Administrators and Bureaucrats
Local
Administrators
and
Bureaucrats
may opt-in through
Special:Preferences
on the local project and agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies. Alternatively, these users may choose not to opt-in; access will then not be granted so long as the users are not also members of user groups that have automatic access.
Other users
Users who are not a member of one of the above groups may nonetheless need access to the IP addresses of temporary accounts to assist in
patrolling
sock puppet
investigations, or other work to protect Wikimedia projects.
To access temporary account IP addresses, these users must:
Meet all of the following general requirements:
User account is a minimum of 6 months old, and
User account has made a minimum of 300 edits to the local project.
Submit an access request to local administrators, bureaucrats where local consensus dictates,
Note 1
or stewards. There may be additional requirements as part of this review.
Note 2
Opt-in through
Special:Preferences
on the local project, and
Agree to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies, and understand the risks and responsibilities associated with this privilege.
In order to maintain access to the IP addresses of temporary accounts, users in this category must edit or take a logged action
Note 3
to the local project at least once within a 365-day period.
Exceptions to minimum requirements
If a user account does not meet the criteria above, but still has a legitimate reason to access temporary account IP addresses, for a purpose that cannot be reasonably addressed by users who already have this access, stewards are authorized to grant exceptions to the above criteria.
Removing access
An unnecessary or mistaken use or disclosure of temporary account IP addresses on its own is not grounds for removing the user right; a repeated pattern, intentional misuse, or local community consensus should be shown for removal. Users who are sitewide blocked from editing a Wikimedia project will lose access to temporary account IP addresses on that project.
Members of a user group with automatic access who do not wish to have these access privileges should contact ca
wikimedia.org.
Stewards
are authorized to remove access rights for a user with automatic access if the user is determined to have repeatedly or intentionally misused the temporary account IP addresses or local community consensus dictates removal.
Other users
who have been given the user right manually may voluntarily give up their access at any time by visiting
Special:Preferences
. This action is logged. If a user given the user right manually is determined to have repeatedly or intentionally misused temporary account IP addresses, or local community consensus dictates removal, then the users authorized to grant the right are also authorized to remove the right.
Requests for stewards to remove or amend access to temporary account IP addresses may be placed on
Steward requests/Permissions#Removal of access
. When there is community consensus regarding revocation of a user's access rights, a link to the discussion must be provided.
If necessary, requests for review by
Trust & Safety
staff can be made through ca
wikimedia.org, and user access rights removed in line with the
Office actions policy
. Complaints about infringements of the
will be escalated for review by the
ombuds commission
To ensure accountability, a log is kept of which users have access to temporary account IP addresses.
Notes
Communities wishing to change the default from administrators to bureaucrats should make a
request through Phabricator
Examples of additional requirements include:
A minimum of 600 mainspace edits to the local project,
Demonstrated evidence of previous patrolling work,
Community election process, and/or
Other requirements, so long as the requirements are not lower than the general requirements.
A logged action being anything that would appear in Special:Log
See also
Temporary Accounts
Access to temporary account IP addresses FAQ
IP Info
Retrieved from "
Categories
Policies
Legal documentation
Policy
Wikimedia Access to Temporary Account IP Addresses Policy
Add topic