IP編輯:增強隱私和解決濫用的措施/常見問題
The basics of temporary accounts
什麼是臨時帳號?
当您在维基百科或其他维基媒体基金会所托管的网站发布编辑时,如果您没有登录,系统就会为您创建一个临时帐号。
该帐户将自动获得一个用户名。 创建帐户时,将在您的浏览器中设置cookie。 即使您的IP地址发生变化,您作出的编辑仍然可以归属到该用户名下。 而根据更新的隐私方针的概述,使用临时帐户时,您的IP地址只能由获得授权的员工和社群成员访问。
How do temporary accounts work?
- 临时账户名称的组成如下:
~2025-12345-67(波浪号、当前年份、自动生成的数字)。用户不能选择或更改其临时账户的名称。 - 自创建日期起经过90天之后,该临时账户将自动过期,无法使用且无法获取讨论页消息。
- 后续编辑会分配给新的临时账户。旧账户将被停止使用,无法保留或登录。
- 临时账户不能登录,也没有密码。
- 所有使用相同设备和浏览器进行的编辑都将归属于同一临时账户,即使您使用的IP地址发生变化(比如说,无论您是在家里还是在咖啡店进行编辑)。这是通过浏览器cookie来实现的,该cookie会记住分配给您的临时账户。
- 临时账户不同于浏览历史或打开的标签页。如果您的浏览器在不同设备间同步,您将在不同设备上被分配到不同的账户。这是浏览器的工作方式导致的。 如果您对此感到担心,您可以选择创建一个注册账号。
- 要停止使用临时账户,可以随时结束会话或是清除浏览器cookie。
Notable aspects of temporary accounts
- 临时账户与注册账户不同。临时帐户的有效期较短,功能有限。除了常规编辑所收集的数据外,我们不会为临时帐户收集任何其他数据。[需要澄清]
- 临时账户并不能使用已登录用户可用的所有功能。 部分操作,例如向维基共享资源上传照片,仅拥有注册账户的用户可以使用。
- 临时账户有自己的用户页与用户讨论页,但这些页面最终在账户过期时将与创建该页面的人解除关联。 你可以将你的临时账户用户页重定向到你新账户的对应页面。
- 临时账户可以接收通知,并可以看到关于自己用户讨论页上有新消息的横幅。
- 临时账户可以收到来自已登录编者的感谢,但无法送出感谢。
- 临时账户可以在讨论页中提及其他用户,反之亦然。
参见
- Help page for the temporary account holders (temporary users)
- 如果您的机器人或工具需要区分临时帐户类型和永久帐户类型,请参阅技术信息页面。
The basics of the project
Why are you working on temporary accounts at all?
Primarily, to improve the privacy of logged-out users. In addition, this change will allow us to build better anti-abuse tools.
Our wikis should be safer to edit by default for logged-out editors. Temporary accounts allow people to continue editing the wikis without creating an account, while avoiding publicly tying their edits to their IP address. We believe this is in the best interest of our logged-out editors, who make valuable contributions to the wikis and who may later create accounts and grow our community. Even though the wikis do warn logged-out editors that their IP address will be associated with their edit, many people may not understand what an IP address is, or that it could be used to connect them to other information about them in ways they might not expect.
Additionally, our moderation software and tools rely too heavily on network origin (IP addresses) to identify users and patterns of activity, especially as IP addresses themselves are becoming less stable as identifiers. Temporary accounts allow for more precise interactions with logged-out editors, including more precise blocks, and can help limit how often we unintentionally end up blocking good-faith users who use the same IP addresses as bad-faith users.
为什么临时帐户是解决问题的正确方法?
临时账户的设计有一些硬性要求。其中一些是法律性的,一些是技术性的:
| 我们面临的是什么 | 我们决定做什么 |
|---|---|
| One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. | Temporary accounts will be created automatically (people won't need to create an account themselves). |
| Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. | If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed. |
| The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. | As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser. |
| The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. | A temporary account does not break anything in the way user accounts are handled. Apart from the necessary exceptions (such as features that need to be disabled for temporary accounts), most code will continue to work normally. |
参见:
禁止或限制匿名用户编辑不行吗?
不太可能。
In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. 结果大多数都是有害的。 Over time, the Wikipedia in Persian saw large declines in the amount of constructive contributions of content. There is also a 2024 study of Portuguese Wikipedia which has blocked logged-out editing in the main namespace since October 2020. The results of this change were mixed. One of the stated goals of turning off logged-out editing was to reduce moderator burden and reverted edits, and there is evidence that it achieved this goal. On the other hand, there is evidence that this came at the cost of a significant reduction in non-reverted edits, weakening the growth of content in the Portuguese Wikipedia, and potentially leading to other negative long-term effects.
At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.
这些更改将于何时部署在我的wiki?
- Temporary accounts are already available on the following wikis:
- 捷克语维基学院, 波斯语维基词典, 丹麦语维基百科, 伊博语维基百科, 意大利语维基语录, 日文维基语录, 书面挪威语维基百科, 罗马尼亚语维基百科, 塞尔维亚语维基百科, 塞尔维亚-克罗地亚语维基百科, 斯瓦希里语维基百科, 粤文维基百科
- 捷克语维基百科, 韩文维基百科, 土耳其语维基百科
- We will introduce temporary accounts on larger wikis in June 2025. It may include some top-10 wikis, but not English Wikipedia.
- Finally, later in 2025, we will deploy temporary accounts on all remaining wikis in one carefully coordinated step.
我们鼓励机器人操作员和工具开发人员尽早测试他们的工具。
如果社群决定继续使用IP地址呢?
临时帐户功能可用后,将不再允许显示后续进行编辑的IP地址。所有社群都需要为临时账户的变更做好准备。
Is the Wikimedia Foundation monitoring the effect of using temporary accounts on the communities?
是。
There is a public dashboard for monitoring metrics for the pilot wikis. All these statistics are updated very frequently, for instance, real-time or once every day, to give everyone a good visibility of the actual work of temporary accounts on wikis.
The following specific metrics are publicly available:
Public metrics in detail
|
|---|
|
In addition, the Foundation is monitoring some other metrics which for security or privacy reasons are not public.
These include data like the number of requests for assistance from CheckUsers. We will periodically share reports about the non-public metrics.
Non-public (guardrail) metrics in detail
|
|---|
|
Administrator actions (across all wikis)
管理员请求
管理员健康
|
IP地址出现在许多页面的历史记录中。那些过去的记录会被修改吗?
不会。
切换到临时帐户之前在维基上公开的历史IP地址将不会被修改。维基媒体基金会法律部门已批准这一决定。
Legal details about temporary accounts
What specific legal requirements, regulations or risks are you worried about? Is the Foundation facing legal action? What would happen if we didn't introduce temporary accounts?
We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.
This answer is based on attorney advice we are choosing to follow.
Can this change be rolled out differently by location?
否。
We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.
If we tell someone their IP address will be published, isn't that enough?
No.
Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.
How will the project affect CC license attribution?
它不会受到影响。
The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so their use to identify unregistered editors is no different in this respect from the use of temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.
临时账户相关技术细节
我在哪里测试这一功能?
- All beta cluster wikis except en-rtl Wikipedia
- test.wikipedia.org
- test2.wikipedia.org
Keep in mind that these are testing wikis. Software there may not work as expected.
In addition, users with advanced permissions may test different features on Patch Demo available on T369637.
临时账户能持续多长时间?
只要cookie存在,临时帐户就会一直有效。 该cookie目前设置为自首次编辑后三个月过期。
以下是导致临时帐户丢失且无法找回的最常见情况:
- 用户清除了浏览器cookie。
- 用户删除了其浏览器上创建临时帐户时使用的配置文件。
- 用户使用了隐身(私密浏览)窗口,并关闭了该窗口。
- cookie过期了。
如果您的临时帐户丢失,那么下次您发布编辑时,将会自动为您生成一个具有新用户名的新临时帐户。 如果您想要一个永久帐户,您可以随时注册帐户。
临时用户名會是独一无二的吗?
是的。
如果您在多个启用统一登录的维基上都看到了User:~2024-1234567这个帐户,那您可以确信这是同一个帐户。
What if temporary accounts are only enabled on some wikis?
Some wikis have temporary accounts enabled (pilots) and others do not.
Wikis that have temporary accounts enabled display unregistered editors as temporary accounts. On non-temp-accounts wikis they still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.
This may create a problem with some features that rely on having a persistent user identity across wikis.
If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.
What happens if the software can't set the temporary-account cookie?
If it's not possible to set a cookie, for example the browser is configured to block all cookies, the editor would have their edit saved successfully. However, the temporary account would be a single-use one, and it would be deleted immediately.
对IP地址的获取
谁可以看到临时账户的IP地址?
IP地址存在隐私风险,只有需要掌握这些信息才能进行有效巡逻的人才能看到。
参见:
- 获取临时帐户IP地址法律政策
我有一个合格账户。如何查看 IP 地址?
Please follow your community's guidelines to request this right from admins and/or bureaucrats and/or stewards (as defined by your community). 前往 Special:Preferences 并选择加入。
启用此设置前,您必须阅读并同意《访问临时账号IP地址方针》。具体如下:如果您已阅读并同意该方针,您可通过勾选复选框来启用此设置。
- 您必须符合方针中描述的资格标准;
- 您不得访问、使用或透露临时账号的IP地址信息,除非存在用于调查或对破坏、滥用、垃圾内容、骚扰、扰乱行为,及其他违反维基媒体基金会或社群方针政策的行为采取强制措施的合理必要性。如果您确实需要与他人共享信息,您必须谨慎处理共享的地点与方式,并且在他人不再需要查看时删除信息。
我需要签署非公开信息保密协议吗?
不。
访问非公开个人数据政策(ANPDP)是维基媒体基金会制定的一项法律政策,规定用戶查核和担任其他特定职务的人员必须保护他们在履行职责过程中获得的非公开个人数据。 志愿者管理员和巡逻员无需签署ANPDP协议。 不过,您需要通过本地维基站点的Special:Preferences选择访问IP 地址。
编者应如何申请该新的用户权限?
This is automatically assigned to users who have permissions related to anti-abuse tasks, as defined in the policy.
正常情况下,该权限将会自动授予符合条件的用户。您唯一會需要做的就是您的维基站点提供该功能时选择加入。
Other users need to apply for the right, and administrators or stewards can grant these rights. Read the policy to learn more.
For "other users" (as they are categorized in the policy), is it possible to bundle this right with an existing group, like patrollers?
No, at least not currently. This is what we announced in May 2025:
- Separation of the new right (
checkuser-temporary-account) out to a new group (Temporary account IP viewers), as opposed to technically attaching it to any existing group (like patroller). We have decided to do this for a few reasons:- Having access to IP addresses carries risk. This right is similar to checkuser. IP addresses are considered personally identifiable information (a kind of personal data). Outside actors who want to access IP addresses will now need to interact with users who have this right. Users with this right should be aware of this, and alert to the possibility of suspicious access requests.
- Good practices for privacy protection. Giving access to users who are trusted but do not need access to carry on their work is not in line with good practices for processing personal data.
- Removal of right. Access to IPs will be logged (example). If any misuse of this right is detected, it can be taken away separately from any other permissions the user may hold. It would be difficult and sometimes also unreasonable to remove the rights unrelated to access to IP addresses.
- You may grant the new right to all users belonging to a certain existing group individually. These users must meet the criteria for Temporary account IP viewers, though.
- For clarity – all this does not affect administrators, bureaucrats, checkusers, stewards, and other groups mentioned in the global policy.
We have also documented this decision in Limits to configuration changes.
我的社群希望设置更高的要求。我们应该怎么做?
不過,每个wiki可能也会设置自己的申请流程,會采用较最低标准較高一點的标准,例如对每项申请逐案审查。维基媒体基金会自身将不会要求相关流程严苛到类似于成为规模较大的社群的管理员这样的情况。社群可以选择通过现有流程处理这些请求、或设置新的流程。 Make sure that consensus of your community does not contradict the global policy, and instead, adds requirements of your choice to the global ones.
The Wikimedia Foundation is not requiring a process equivalent to becoming an admin in the largest communities. Communities may choose to handle these requests via their existing processes, or to set up new pages. 比如,英语维基百科可能会选择在w:en:Wikipedia:Requests for permissions接受申请,德语维基百科则可能会是在w:de:Wikipedia:Administratoren/Anfragen处理申请,乌克兰语维基百科可能是在w:uk:Вікіпедія:Заявки на права патрульного。非常小的社群则常在其互助客栈(Village pump)处理类似的请求。
用户权限何时開始可用?什么时候可以开始授予?
该用户权限可能会在今年(2023年)晚些时候添加到MediaWiki软件中,尽管最初不会在所有维基中都有用。如果社群希望使用需要单独审查的流程,则可以随时开始预先批准编者。
我认为对非管理员的最低要求太高
有的时候可能这句话也没错,比如某个社区刚刚成立的时候。在这种情况下,该社区的成员需要从维基媒体基金会的法律部门申请豁免。请联系$email-address,并随信附上您所在社区的具体情况的解释。 In such cases, contact the stewards.
我是管理员,但我不想要该用户权限
除非您选择接受协议,否则您将无法看到任何有关临时账户IP地址的信息。
我认为有人在滥用相关权限
请将隐私相关问题报告给申诉专员委员会。为确保问责机制,我们将保留相关工具的使用日志以及有权访问该工具的用户清单。
其他有关潜在滥用的相关疑问请报告给监管员,只需要在m:Steward requests/Permissions#Removal of access上提交请求即可。如果监管员确定发生了滥用情况,他们有权阻止该用户访问相关的IP地址信息,即使用户符合自动授予条件或已通过社区流程获得访问权限。
If someone is blocked, are they able to use this right?
If a user is blocked sitewide, the software won't let them reveal IP addresses. If they have a partial block, they are able to use this right.
一些社群目前在公开的页面记录一些不良行为者的活动信息,包括他们的IP地址(例如,持续出没的破坏者)。这种页面是否仍然被允许?
是的。
社群应在长期破坏者列表中同等对待登录用户和临时帐户持有者的IP。他们可能会在必要时列出IP地址,但他们应该通过临时帐户用户名来提及。
参见:
我们是否可以公开记录可疑(但未确认)使用临时帐户的不良行为者所使用的IP地址?
总体而言,不可以。但有些情况可以,暂时的。
When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.
For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.
When it comes to documenting connections between logged-in and temporary users, non-CheckUser-level evidence, like editing patterns may be documented publicly. Documenting publicly that a temporary account and a regular account are connected based on evidence restricted for CheckUsers would be against the policy, even if IP addresses wouldn't be documented.
If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?
No. The IP address should not be published.
With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.
Experienced contributor questions
Where can I test how my advanced permissions work with temporary accounts?
Users with advanced permissions may test different features on Patch Demo available on T369637.
临时账号持有者需要封禁时怎么办?
临时账户的IP将被存储,IP封锁将继续起作用,并且临时账户将受到IP封锁。 Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.
滥用者不能直接清除cookie吗?
是的,他们可以。临时账户无意解决任何反破坏问题。
我们知道滥用者通过不断变化的IP池进行编辑同时掩盖浏览器代理数据的问题。这不能通过临时账户来解决。这也不是该项目的设计目标。否则,我们将需要使用可信令牌、禁用匿名编辑或指纹识别,所有这些都是非常复杂的措施,需要大量的社群和技术考虑。 This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.
We will adapt tools to ensure that trusted functionaries can safely and efficiently navigate the bidirectional mappings between temporary accounts within the last 90 days and IPs. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without advanced permissions, or if some of the edits involved are more than 90 days old.
Will temporary accounts be covered by the autoblock mechanism?
自动封锁功能可阻止破坏者和其他高风险用户继续破坏项目,因为他们会立即创建一个新账户。 临时账户的自动锁定与注册用户的自动锁定相同。 (IP addresses are not available to the public.)
More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.
Is there a limitation for creating many temporary accounts from the same IP address?
Yes.
There is a limitation preventing from creating too many accounts from the same IP address too quickly.
The current threshold for regular accounts is six per IP address per day ($wgAccountCreationThrottle).
In addition to that, there is a similar limitation for temporary accounts, which is also six per IP address per day ($wgTempAccountCreationThrottle).
This threshold can be changed quickly if necessary.
We have investigated the ideal thresholds of the limit (T357771). We will check nuanced responses to tripping thresholds, including CAPTCHAs, temporary blocks, calls to create an account, etc.
During the entire rollout, we will analyze rate limit trips (T357763). To learn more, see T357776.
Do I need to reveal each IP separately?
No, if you have high-level rights named in the policy like administrator, bureaucrat, CheckUser, etc.
If you have these rights and need quick access to different IP addresses at the same time, you can enable Autoreveal in the Tools menu. Then, for a limited time, you will be able to see the IP addresses of all temporary accounts visible in the logs. You will be able to extend the duration of Autoreveal.
The current configuration of temporary accounts will make retro-patrolling impossible
Currently, the 90-day period after which IP address of a temporary account becomes inaccessible seems reasonably long. We have consulted with the Stewards on this. If you can demonstrate need for a longer period, contact us.
In any case, the 90-day limit doesn't apply to behavioral evidence or patterns of editing – these will continue to be visible. The number itself may be changed, and we will be paying attention to your thoughts and evidence of more difficult investigation. It is important to note that for instances of proven long-term abuse behaviors, we can publicly document the IP address for patrolling needs.
What are the functional differences between using a Special:Checkuser on a temporary account, and revealing the IP address?
The IP reveal feature can show you the IP address used for a particular edit by a particular temporary account, the last IP address used by a temporary account, all the IP addresses used by a temporary account, or all the temporary accounts edits on a given IP address or IP address range.
Why are there so many temporary accounts with zero edits?
This is because of AbuseFilter at work.
Temporary accounts are not created at the moment of a successful edit save, but at the moment of any save attempt. AbuseFilter prevents some edits from being saved. These attempts need to be logged, and in the log, each attempt needs to be assigned to a performer. This is why an account needs to be created.
What does 'Legacy IP edits' mean, visible in Special:Contributions and related pages?
This refers to edits by anonymous users before temporary accounts were enabled, whose IP addresses are visible in their usernames.
参见
- Help:Temporary accounts – a help page for temporary account holders (temporary users)
- 方针:存取臨時帳號的IP位址––法律政策
- Documentation for developers
- Help:Extension:CheckUser