IP編輯:增強隱私和解決濫用的措施/常見問題
The basics of temporary accounts
什麼是臨時帳號?
该帐户将自动获得一个用户名。 创建帐户时,将在您的浏览器中设置cookie。 即使您的IP地址发生变化,您作出的编辑仍然可以归属到该用户名下。 而根据更新的隐私方针的概述,使用临时帐户时,您的IP地址只能由获得授权的员工和社群成员访问。
How do temporary accounts work?
- 临时账户名称的组成如下:
~2024-1234567(波浪号、当前年份、自动生成的数字)。用户不能选择或更改其临时账户的名称。 - 自创建日期起经过90天之后,该临时账户将自动过期。
- 后续编辑会分配给新的临时账户。旧账户将被停止使用,无法保留或登录。
- 临时账户不能登录,也没有密码。
- 所有使用相同设备和浏览器进行的编辑都将归属于同一临时账户,即使您使用的IP地址发生变化(比如说,无论您是在家里还是在咖啡店进行编辑)。这是通过浏览器cookie来实现的,该cookie会记住分配给您的临时账户。
- 临时账户不同于浏览历史或打开的标签页。如果您的浏览器在不同设备间同步,您将在不同设备上被分配到不同的账户。这是浏览器的工作方式导致的。
- 要停止使用临时账户,可以随时结束会话或是清除浏览器cookie。
Notable aspects of temporary accounts
- 临时账户与注册账户不同。临时帐户的有效期较短,功能有限。除了常规编辑所收集的数据外,我们不会为临时帐户收集任何其他数据。
- 临时账户并不能使用已登录用户可用的所有功能。 部分操作,例如向维基共享资源上传照片,仅拥有注册账户的用户可以使用。
- 临时账户有自己的用户页与用户讨论页。
- 临时账户可以接收通知,并可以看到关于自己用户讨论页上有新消息的横幅。
- 临时账户可以收到来自已登录编者的感谢。
- 临时账户可以在讨论页中提及其他用户,反之亦然。
参见:
- Help page for the temporary account holders (temporary users)
- 如果您的机器人或工具需要区分临时帐户类型和永久帐户类型,请参阅技术信息页面。
The basics of the project
Why are you working on temporary accounts at all?
Wikimedians began discussing the exposure of IP addresses as a privacy issue shortly after MediaWiki was developed. For example, there is a thread dating back to 2004. For many years, there was no strong incentive to change this, so the Wikimedia Foundation wasn't working on it. But in the meantime, in many countries, new laws and new standards were introduced. Finally, in 2018, the Foundation's Legal department determined that the indefinite public storage of IP addresses presents serious risks. This includes legal risks to the projects and risks to the users. Today, this project is one of the priorities of the Foundation's leadership.
参见:
- 2021年7月以来的项目更新有关法律团队评估的更多详细信息
为什么临时帐户是解决问题的正确方法?
临时账户的设计有一些硬性要求。其中一些是法律性的,一些是技术性的:
| 我们面临的是什么 | 我们决定做什么 |
|---|---|
| One of the founding principles of our movement is that people should be able to make most simple edits without registering a permanent account. | Temporary accounts will be created automatically (people won't need to create an account themselves). |
| Due to legal requirements, edits on the wikis should be attributed to a user identifier other than IP address. | If temporary accounts are enabled on a wiki, an account is created for a user as soon as they commit their first edit. The user is automatically logged in to this account, which is tied to a randomly generated username. This username is displayed in every situation (except for various functionary tools) where IP addresses would have otherwise been displayed. |
| The identifier that a given not logged-in user's edits are attributed to needs to be stable. Creating a new user for each edit is not an option. Otherwise, there would be a too large rate of new users. | As soon as the temporary account is created, the user is logged in. The cookie has a limited lifetime. Within this duration, if the user decides to make more edits, they are all attributed to the same temporary account. A new one is created if the user decides to log out of the temporary account or otherwise use a different browser. The user retains the same temporary account if they change IP address while using the same device/browser. |
| The MediaWiki software can't be changed too much. We need to limit novelties to let existing features work unmodified. | A temporary account does not break anything in the way user accounts are handled. Aside from some special case behaviors that are required (such as some features that need to be disabled for temporary accounts), most code is likely to work without unexpected failures. |
See also:
禁止或限制匿名用户编辑不行吗?
Unlikely.
In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. We've seen large drops in the net non-reverted content edits over time in Persian Wikipedia.
At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.
这些更改将于何时部署在我的wiki?
- Temporary accounts are already available on pilot wikis: Czech Wikiversity, Igbo Wikipedia, Italian Wikiquote, Swahili Wikipedia, and Serbo-Croatian Wikipedia.
- If the first deployments are successful and we don't have a ton of unexpected work, then in February 2025, we will roll out on larger wikis. We call this major pilot deployment. It may include some top10 wikis, but not English Wikipedia.
- Next, in May 2025, we will deploy on all remaining wikis in one carefully coordinated step.
我们鼓励机器人操作员和工具开发人员尽早测试他们的工具。
如果社群决定继续使用IP地址呢?
临时帐户功能可用后,将不再允许显示后续进行编辑的IP地址。所有社群都需要为临时账户的变更做好准备。
Is the Wikimedia Foundation monitoring the effect of using temporary accounts on the communities?
Yes.
There is a public dashboard for monitoring metrics for the pilot wikis. All these statistics are updated very frequently, for instance, real-time or once every day, to give everyone a good visibility of the actual work of temporary accounts on wikis.
Specifically, the above metrics are publicly available:
Public metrics in detail
|
|---|
|
In addition, the Foundation is monitoring some other metrics which for security or privacy reasons are not public.
These include data like the number of requests for assistance from CheckUsers. We will periodically share reports about the non-public metrics.
Non-public (guardrail) metrics in detail
|
|---|
|
Administrator actions (across all wikis)
Administrator requests
Administrator health
|
IP地址出现在许多页面的历史记录中。那些过去的记录会被修改吗?
不会。
切换到临时帐户之前在维基上公开的历史IP地址将不会被修改。维基媒体基金会法律部门已批准这一决定。
Legal details about temporary accounts
What specific legal requirements, regulations or risks are you worried about? Is the Foundation facing legal action? What would happen if we didn't introduce temporary accounts?
We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.
This answer is based on attorney advice we are choosing to follow.
Can this change be rolled out differently by location?
No.
We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.
If we tell someone their IP address will be published, isn't that enough?
No.
Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.
How will the project affect CC license attribution?
It will not affect it.
The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so using that as a proxy for un-registered editors is not different from an the temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.
临时账户相关技术细节
临时账号已被部署到各站点了吗?我在哪里测试这一功能?
- All beta cluster wikis except en-rtl Wikipedia
- test.wikipedia.org
- test2.wikipedia.org
Keep in mind that these are testing wikis. Software there may not work as expected.
In addition, users with advanced permissions may test different features on Patch Demo available on T369637.
我的临时账户能持续多长时间?
只要cookie存在,您的临时帐户就始终有效。 该cookie目前设置为自首次编辑后一年后过期。
以下是导致临时帐户丢失且无法找回的最常见情况:
- 您清除了浏览器cookie。
- 您删除了浏览器上创建临时帐户时使用的配置文件。
- 您使用了隐身(私密浏览)窗口,然后关闭了该窗口。
- cookie过期了。
如果您的临时帐户丢失,那么下次您发布编辑时,将会自动为您生成一个具有新用户名的新临时帐户。 如果您想要一个永久帐户,您可以随时注册帐户。
临时用户名會是独一无二的吗?
是的。
如果您在多个启用统一登录的维基上都看到了User:~2024-12345-67這個帐户,您可以确信这是同一个帐户。
What if temporary accounts are only enabled on some wikis?
Some wikis have temporary accounts enabled (pilots) and others do not.
Wikis that have temporary accounts enabled display unregistered editors as temporary accounts. On non-temp-accounts wikis they still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.
This may create a problem with some features that rely on having a persistent user identity across wikis. If your feature(s) are impacted by this change, please come talk to us on the talk page or through Phabricator.
来自有经验的编辑者的问题及对IP地址的获取
我是管理员,需要计算IP段。我可以查看临时账户的IP地址吗?
IP地址存在隐私风险,只有需要掌握这些信息才能进行有效巡逻的人才能看到。
参见:
- 获取临时帐户IP地址法律政策
我有一个合格账户。如何查看 IP 地址?
前往 Special:Preferences 并选择加入。
我需要签署非公开信息保密协议吗?
不。
访问非公开个人数据政策(ANPDP)是维基媒体基金会制定的一项法律政策,规定用戶查核和担任其他特定职务的人员必须保护他们在履行职责过程中获得的非公开个人数据。 志愿者管理员和巡逻员无需签署ANPDP协议。 不过,您需要通过本地维基站点的Special:Preferences选择访问IP 地址。
编者应如何申请该新的用户权限?
正常情况下,该权限将会自动授予符合条件的用户。您唯一會需要做的就是您的维基站点提供该功能时选择加入。
我的社群希望设置更高的要求。我们应该怎么做?
Currently, the policy does not allow having different requirements on different wikis.
用户权限何时開始可用?什么时候可以开始授予?
该用户权限可能会在今年(2023年)晚些时候添加到MediaWiki软件中,尽管最初不会在所有维基中都有用。如果社群希望使用需要单独审查的流程,则可以随时开始预先批准编者。
我认为对非管理员的最低要求太高
有的时候可能这句话也没错,比如某个社区刚刚成立的时候。在这种情况下,该社区的成员需要从维基媒体基金会的法律部门申请豁免。请联系privacy
wikimedia.org,并随信附上您所在社区的具体情况的解释。
我是管理员,但我不想要该用户权限
除非您选择接受协议,否则您将无法看到任何有关临时账户IP地址的信息。
我认为有人在滥用相关权限
请将隐私相关问题报告给申诉专员委员会。为确保问责机制,我们将保留相关工具的使用日志以及有权访问该工具的用户清单。
其他有关潜在滥用的相关疑问请报告给监管员,只需要在m:Steward requests/Permissions#Removal of access上提交请求即可。如果监管员确定发生了滥用情况,他们有权阻止该用户访问相关的IP地址信息,即使用户符合自动授予条件或已通过社区流程获得访问权限。
一些社群目前在公开的页面记录一些不良行为者的活动信息,包括他们的IP地址(例如,持续出没的破坏者)。这种页面是否仍然被允许?
是的。
社群应在长期破坏者列表中同等对待登录用户和临时帐户持有者的IP。他们可能会在必要时列出IP地址,但他们应该通过临时帐户用户名来提及。
参见:
我们是否可以公开记录可疑(但未确认)使用临时帐户的不良行为者所使用的IP地址?
总体而言,不可以。但有些情况可以,暂时的。
When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.
For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.
If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?
No. The IP address should not be published.
With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.
Experienced contributor questions
Where can I test how my advanced permissions work with temporary accounts?
Users with advanced permissions may test different features on Patch Demo available on T369637.
用户使用临时账号扰乱需要封禁时怎么办?
临时账户的IP将被存储,IP封锁将继续起作用,并且临时账户将受到IP封锁。 Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.
滥用者不能直接清除cookie吗?
是的,他们可以。临时账户无意解决任何反破坏问题。
我们知道滥用者通过不断变化的IP池进行编辑同时掩盖浏览器代理数据的问题。这不能通过临时账户来解决。这也不是该项目的设计目标。否则,我们将需要使用可信令牌、禁用匿名编辑或指纹识别,所有这些都是非常复杂的措施,需要大量的社群和技术考虑。
Tools will be adapted to ensure that bidirectional mappings between temporary accounts within the last 90 days and IPs can be safely and efficiently navigated by trusted functionaries. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without elevated user rights, or if some of the edits involved are more than 90 days old.
Will temporary accounts be covered by the autoblock mechanism?
自动封锁功能可阻止破坏者和其他高风险用户继续破坏项目,因为他们会立即创建一个新账户。 临时账户的自动锁定与注册用户的自动锁定相同。 (IP addresses are not available to the public.)
More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.
Is there a limitation for creating many temporary accounts from the same IP address?
Yes.
There is a limitation preventing from creating too many accounts from the same IP address too quickly.
The current threshold for regular accounts is six per IP address per day ($wgAccountCreationThrottle).
In addition to that, there is a similar limitation for temporary accounts, which is also six per IP address per day ($wgRateLimits).
This threshold can be changed quickly if necessary.
We have investigated the ideal thresholds of the limit (T357771). We will check nuanced responses to tripping thresholds, including CAPTCHAs, temporary blocks, calls to create an account, etc.
During the entire rollout, we will analyze rate limit trips (T357763). To learn more, see T357776.
What are the functional differences between using a Special:Checkuser on a temporary account, and revealing the IP address?
The IP reveal feature can show you the IP address used for a particular edit by a particular temporary account, the last IP address used by a temporary account, all the IP addresses used by a temporary account, or all the temporary accounts edits on a given IP address or IP address range.
Why are there so many temporary accounts with zero edits?
This is because of AbuseFilter at work.
Temporary accounts are not created at the moment of a successful edit save, but at the moment of any save attempt. AbuseFilter prevents some edits from being saved. These attempts need to be logged, and in the log, each attempt needs to be assigned to a performer. This is why an account needs to be created.
参见
- Help:Temporary accounts – a help page for temporary account holders (temporary users)
- 方针:存取臨時帳號的IP位址––法律政策
- Documentation for developers