IP編輯:增強隱私和解決濫用的措施/常見問題
Please do not mark this page for translation yet. 目前请不要将此页面标记翻译。 本页面仍是一个草稿,或包括了不完整的翻译标记。在将本页面标记为可翻译前,请解决这些问题。 |
此页面正在建设中 请帮助审阅并编辑此页面。 |
The basics
什麼是臨時帳號?
该帐户将自动获得一个用户名。 创建帐户时,将在您的浏览器中设置cookie。 即使您的IP地址发生变化,您作出的编辑仍然可以归属到该用户名下。 而根据更新的隐私方针的概述,使用临时帐户时,您的IP地址只能由获得授权的员工和社群成员访问。
参见:
- Help page for the temporary account holders (temporary users)
- 如果您的机器人或工具需要区分临时帐户类型和永久帐户类型,请参阅技术信息页面。
为什么所有人需要用户名?
维基媒体的各站点使用的许可协议要求每一笔编辑都有对应的编辑者的名称。
创建一個免費的注册帐户的人可以选择自己的用户名。没有使用注册帐户的人会自动配給到一个临时帐户。 以前,您的编辑将公开归到您的IP地址下,例如 User:192.0.2.1
。
临时用户名看起来是什么样的?
Example of temporary user name:
~2024-1234567
自动生成的臨時帳號用户名将以波浪线(~
)和该帐户首次进行编辑的年份开头。
年份后面跟着五位数為一组的数字,例如 User:~2024-12345-67
。
用户不能注册一個与临时账户名称格式相同的账户。
Users cannot choose a temporary account name. Their account name is auto-generated.
Why are you working on temporary accounts at all?
Wikimedians began discussing the exposure of IP addresses as a privacy issue shortly after MediaWiki was developed. For example, there is a thread dating back to 2004. For many years, there was no strong incentive to change this, so the Wikimedia Foundation wasn't working on it. But in the meantime, in many countries, new laws and new standards were introduced. Finally, in 2018, the Foundation's Legal department determined that the indefinite public storage of IP addresses presents serious risks. This includes legal risks to the projects and risks to the users. Today, this project is one of the priorities of the Foundation's leadership.
参见:
- 2021年7月以来的项目更新有关法律团队评估的更多详细信息
为什么临时帐户是解决问题的正确方法?
临时账户的设计有一些硬性要求。其中一些是法律性的,一些是技术性的:
我们面临的是什么 | 我们决定做什么 |
---|---|
One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. | Temporary accounts will be created automatically (people won't need to create an account themselves). |
Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. | If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed. |
The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. | As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser. |
The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. | A temporary account does not break anything in the way user accounts are handled. Aside from some special case behaviors that are required (such as some features that need to be disabled for temporary accounts), most code is likely to work without unexpected failures. |
See also:
Is the Wikimedia Foundation monitoring the effect of using temporary accounts on our communities?
Yes.
There is a public dashboard for monitoring metrics for the pilot wikis. All these statistics are updated very frequently, for instance, real-time or once every day, to give everyone a good visibility of the actual work of temporary accounts on wikis.
Specifically, the above metrics are publicly available:
Public metrics in detail
|
---|
|
In addition, the Foundation is monitoring some other metrics which for security or privacy reasons are not public.
These include data like the number of requests for assistance from CheckUsers. We will periodically share reports about the non-public metrics.
此頁面的一部分(与this section相关)已过时。 |
Guardrail metrics in detail
|
---|
{{{2}}} |
IP地址出现在许多页面的历史记录中。那些过去的记录会被修改吗?
不会。
切换到临时帐户之前在维基上公开的历史IP地址将不会被修改。维基媒体基金会法律部门已批准这一决定。
这些更改将于何时部署在我的wiki?
- Temporary accounts are already available on pilot wikis: Czech Wikiversity, Igbo Wikipedia, Italian Wikiquote, Swahili Wikipedia, and Serbo-Croatian Wikipedia.
- If the first deployments are successful and we don't have a ton of unexpected work, then in February 2025, we will roll out on larger wikis. We call this major pilot deployment. It may include some top10 wikis, but not English Wikipedia.
- Next, in May 2025, we will deploy on all remaining wikis in one carefully coordinated step.
我们鼓励机器人操作员和工具开发人员尽早测试他们的工具。
Legal details about temporary accounts
What specific legal requirements, regulations or risks are you worried about? Is the Foundation facing legal action? What would happen if we didn't introduce temporary accounts?
We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.
This answer is based on attorney advice we are choosing to follow.
Can this change be rolled out differently by location?
No.
We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.
If we tell someone their IP address will be published, isn't that enough?
No.
Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.
How will the project affect CC license attribution?
It will not affect it.
The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so using that as a proxy for un-registered editors is not different from an the temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.
Single wiki community questions
如果社群决定继续使用IP地址呢?
临时帐户功能可用后,将不再允许显示后续进行编辑的IP地址。所有社群都需要为临时账户的变更做好准备。
禁止或限制匿名用户编辑不行吗?
Unlikely.
In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. We've seen large drops in the net non-reverted content edits over time in Farsi Wikipedia.
At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.
临时账户相关技术细节
临时账号已被部署到各站点了吗?我在哪里测试这一功能?
- All beta cluster wikis except en-rtl Wikipedia
- test.wikipedia.org
- test2.wikipedia.org
Keep in mind that these are testing wikis. Software there may not work as expected.
我的临时账户能持续多长时间?
只要cookie存在,您的临时帐户就始终有效。 该cookie目前设置为自首次编辑后一年后过期。
以下是导致临时帐户丢失且无法找回的最常见情况:
- 您清除了浏览器cookie。
- 您删除了浏览器上创建临时帐户时使用的配置文件。
- 您使用了隐身(私密浏览)窗口,然后关闭了该窗口。
- cookie过期了。
如果您的临时帐户丢失,那么下次您发布编辑时,将会自动为您生成一个具有新用户名的新临时帐户。 如果您想要一个永久帐户,您可以随时注册帐户。
Will temp accounts change if IP address changes?
No.
Just as with registered accounts, the account doesn't change when IP addresses do.
临时用户名會是独一无二的吗?
是的。
如果您在多个启用统一登录的维基上都看到了User:~2024-12345-67
這個帐户,您可以确信这是同一个帐户。
What if temporary accounts are only enabled on some wikis?
There will be time when some wikis will have temporary accounts enabled (pilots) and others will not.
Wikis that have temporary accounts enabled will display unregistered editors as temporary accounts. On non-temp-accounts wikis they will still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.
This may create a problem with some features that rely on having a persistent user identity across wikis. If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.
来自有经验的编辑者的问题及对IP地址的获取
我是管理员,需要计算IP段。我可以查看临时账户的IP地址吗?
IP地址存在隐私风险,只有需要掌握这些信息才能进行有效巡逻的人才能看到。
参见:
- 获取临时帐户IP地址法律政策
我有一个合格账户。如何查看 IP 地址?
前往 Special:Preferences 并选择加入。
我需要签署非公开信息保密协议吗?
不。
访问非公开个人数据政策(ANPDP)是维基媒体基金会制定的一项法律政策,规定用戶查核和担任其他特定职务的人员必须保护他们在履行职责过程中获得的非公开个人数据。 志愿者管理员和巡逻员无需签署ANPDP协议。 不过,您需要通过本地维基站点的Special:Preferences选择访问IP 地址。
编者应如何申请该新的用户权限?
正常情况下,该权限将会自动授予符合条件的用户。您唯一會需要做的就是您的维基站点提供该功能时选择加入。
不過,每个wiki可能也会设置自己的申请流程,會采用较最低标准較高一點的标准,例如对每项申请逐案审查。维基媒体基金会自身将不会要求相关流程严苛到类似于成为规模较大的社群的管理员这样的情况。社群可以选择通过现有流程处理这些请求、或设置新的流程。 比如,英语维基百科可能会选择在w:en:Wikipedia:Requests for permissions接受申请,德语维基百科则可能会是在w:de:Wikipedia:Administratoren/Anfragen处理申请,乌克兰语维基百科可能是在w:uk:Вікіпедія:Заявки на права патрульного。非常小的社群则常在其互助客栈(Village pump)处理类似的请求。
我的社群希望设置更高的要求。我们应该怎么做?
请遵照访问临时账号的IP地址#本地要求中的相关指示。通常,这意味着需要在社群中开展讨论、记录下社群的共识,然后按照请求wiki配置更改的流程申请变更配置。
用户权限何时開始可用?什么时候可以开始授予?
该用户权限可能会在今年(2023年)晚些时候添加到MediaWiki软件中,尽管最初不会在所有维基中都有用。如果社群希望使用需要单独审查的流程,则可以随时开始预先批准编者。
我所在的社群已存在拥有高于最低要求之用户权限的用户组。如果社群没有选择建立单独的审核流程,这些用户可全部自动获得该权限。我们可以将该权限全部授予他们吗?
只要用户组中的所有用户都满足或超过所有最低要求,新的用户权限就可以分配到现有的用户组。该用户组的未来成员将需要满足或超过所有最低要求。
我认为对非管理员的最低要求太高
有的时候可能这句话也没错,比如某个社区刚刚成立的时候。在这种情况下,该社区的成员需要从维基媒体基金会的法律部门申请豁免。请联系privacy wikimedia.org,并随信附上您所在社区的具体情况的解释。
我满足了权限自动授予的最低要求,但我的社群要求单独审查,而他们拒绝了我的请求!
是否将此用户权限授予满足最低要求的人完全取决于社群。没有人一定要给你这个用户权限的,不是吗?
我是管理员,但我不想要该用户权限
除非您选择接受协议,否则您将无法看到任何有关临时账户IP地址的信息。
我认为有人在滥用相关权限
请将隐私相关问题报告给申诉专员委员会。为确保问责机制,我们将保留相关工具的使用日志以及有权访问该工具的用户清单。
其他有关潜在滥用的相关疑问请报告给监管员,只需要在m:Steward requests/Permissions#Removal of access上提交请求即可。如果监管员确定发生了滥用情况,他们有权阻止该用户访问相关的IP地址信息,即使用户符合自动授予条件或已通过社区流程获得访问权限。
一些社群目前在公开的页面记录一些不良行为者的活动信息,包括他们的IP地址(例如,持续出没的破坏者)。这种页面是否仍然被允许?
是的。
社群应在长期破坏者列表中同等对待登录用户和临时帐户持有者的IP。他们可能会在必要时列出IP地址,但他们应该通过临时帐户用户名来提及。
参见:
我们是否可以公开记录可疑(但未确认)使用临时帐户的不良行为者所使用的IP地址?
总体而言,不可以。但有些情况可以,暂时的。
When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.
For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.
If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?
No. The IP address should not be published.
With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.
Experienced contributor questions
用户使用临时账号扰乱需要封禁时怎么办?
临时账户的IP将被存储,IP封锁将继续起作用,并且临时账户将受到IP封锁。 Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.
滥用者不能直接清除cookie吗?
是的,他们可以。临时账户无意解决任何反破坏问题。
我们知道滥用者通过不断变化的IP池进行编辑同时掩盖浏览器代理数据的问题。这不能通过临时账户来解决。这也不是该项目的设计目标。否则,我们将需要使用可信令牌、禁用匿名编辑或指纹识别,所有这些都是非常复杂的措施,需要大量的社群和技术考虑。
Tools will be adapted to ensure that bidirectional mappings between temporary accounts within the last 90 days and IPs can be safely and efficiently navigated by trusted functionaries. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without elevated user rights, or if some of the edits involved are more than 90 days old.
Will temporary accounts be covered by the autoblock mechanism?
自动封锁功能可阻止破坏者和其他高风险用户继续破坏项目,因为他们会立即创建一个新账户。 临时账户的自动锁定与注册用户的自动锁定相同。 (IP addresses are not available to the public.)
More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.
Is there a limitation for creating many temporary accounts from the same IP address?
Yes.
There is a limitation preventing from creating too many accounts from the same IP address too quickly.
The current threshold for regular accounts is six per IP address per day ($wgAccountCreationThrottle
).
In addition to tht, there is a similar limitation for temporary accounts, which is also six per IP address per day ($wgRateLimits
).
This threshold can be changed quickly if necessary.
We have investigated the ideal thresholds of the limit (T357771). We will check nuanced responses to tripping thresholds, including CAPTCHAs, temporary blocks, calls to create an account, etc.
During the entire rollout, we will analyse rate limit trips (T357763). To learn more, see T357776.
What are the functional differences between using a Special:Checkuser on a temporary account, and revealing the IP address?
The IP reveal feature can show you the IP address used for a particular edit by a particular temporary account, the last IP address used by a temporary account, all the IP addresses used by a temporary account, or all the temporary accounts edits on a given IP address or IP address range.
参见
- 方针:存取臨時帳號的IP位址––法律政策