Wikipedia:Requests for comment/Temporary account IP-viewer

Discussion preceding this RfC and ongoing discussion about the intersection of TAIV and other user rights.

See also this FAQ.

The WMF is removing public access to IP addresses and replacing them with temporary accounts. (This will not affect visibility of IP addresses or edits from before implementation.) Temporary accounts are tied to browser cookies, which are set to expire three months from the first edit. This means that they will be different across web browsers and devices. The WMF has determined that temporary accounts are necessary to protect user privacy and comply with legal requirements, while maintaining the ability to edit Wikimedia sites anonymously.

The WMF has also created a new user right for access to temporary account IP addresses, which has come to be known as temporary account IP-viewer (TAIV). The minimum criteria for editors (other than functionaries, 'crats, and admins) seeking the user right are:

1. minimum account age of 6 months and 300 edits;
2. specifically applying for access;
3. opting in for access via Special:Preferences; and
4. "[a]gree[ing] to use the IP addresses in accordance with these guidelines, solely for the investigation or prevention of vandalism, abuse, or other violations of Wikimedia Foundation or community policies, and understand[ing] the risks and responsibilities associated with this privilege".

Activation and use of the right will be logged.

Users who are site-blocked will lose the user right. Stewards may revoke the right upon request at meta:Steward requests/Permissions#Removal of access "if the user is determined to have misused the temporary account IP addresses or local community consensus dictates removal."

Question 1: Should we adopt the minimum or heightened standards for TAIV? If the latter, please specify.

Question 2: Should we authorize any of the following actors to request removal of TAIV upon evidence of misuse of the right?

• Option A: the Arbitration Committee or its delegates
• Option B: a consensus of (i) functionaries, (ii) 'crats, or (iii) admins
• Option C: individual (i) functionaries, (ii) 'crats, or (iii) admins

• Option 1A: (i) 500 edits/6 months and (ii) a demonstrated need for TAIV, as evidenced by counter-vandalism work, participation in NPP or AfC, sock hunting, etc. You should at least have extended confirmed to get this user right. The demonstrated need requirement is to ensure editors have a good track record and prevent abuse up front. I do not believe that we need to specify that editors should not be blocked or banned because I think that should usually be heavily weighed against an editor seeking any permission. voorts (talk/contributions) 17:01, 21 June 2025 (UTC)[reply]
• Option 1A per voorts, but I think that logging every single instance of the usage of the right is overkill 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:13, 21 June 2025 (UTC)[reply]
• Option 1A, tho I would still prefer a explicit "not under any kind of sanctions for X months" rider attached, I think the current requirement are okay as a initial blueprint for the community to start with. Sohom (talk) 17:29, 21 June 2025 (UTC)[reply]

• Option 1A Our Discussion already tells why. OPHYRIUS ^⚔ 17:48, 21 June 2025 (UTC)[reply]

• Meh. One part of me wants to say "Of course we want this as strict as possible", but honestly, there's no practical difference between 6/300 and 6/500. The important thing is that you have to make a specific application; I think we can trust the folks at WP:PERM to exercise good judgement on who they give it to. RoySmith (talk) 18:24, 21 June 2025 (UTC)[reply]
• What Voorts said. Seems like a good standard. Mrfoogles (talk) 22:32, 21 June 2025 (UTC)[reply]

• Abo Yemen regarding logging every single instance of the usage of the right is overkill, every time a checkuser views a user's IP address, the access is logged. Surely the same should apply to TAIP. RoySmith (talk) 17:18, 21 June 2025 (UTC)[reply]

  Moved from survey section. That is not something that we can change. I believe that the rationale behind logging is that, like CU, the user right provides access to private data. voorts (talk/contributions) 17:16, 21 June 2025 (UTC)[reply]

  See wmf:Policy:Wikimedia Access to Temporary Account IP Addresses Policy#Use of temporary account IP addresses:

The following actions are logged:

• When a user accepts the preference that enables or disables IP reveal for their account.
• Revealing an IP address of a temporary account.
• Listing the temporary accounts that are associated with an IP address.

voorts (talk/contributions) 17:24, 21 June 2025 (UTC)[reply]

so basically WP:XC users are going to be the new checkusers? Is there a way to oppose this temp acc proposal altogether? 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:26, 21 June 2025 (UTC)[reply]

No and no. voorts (talk/contributions) 17:31, 21 June 2025 (UTC)[reply]

): 𐩣𐩫𐩧𐩨 Abo Yemen (𓃵) 17:35, 21 June 2025 (UTC)[reply]

Not by default, only on request at WP:PERM. Sohom (talk) 17:31, 21 June 2025 (UTC)[reply]

An RFC to disable editing without an account. ScottishFinnishRadish (talk) 19:47, 21 June 2025 (UTC)[reply]

I would totally support that. I don't see what value IP editing adds. It certainly doesn't give the editor any additional privacy. If anything, an IP editor has less privacy because their IP address leaks information. With TAIP, the ability to correlate multiple IP addresses leaks a lot more information. And on our side, what we get is a lot more work to manage it, not to mention all the effort that has gone into developing the feature. RoySmith (talk) 21:31, 21 June 2025 (UTC)[reply]

With TAIP, the ability to see multiple IP addresses is still only given to those with special permission, so TAIP users have much less exposure than IP editors do. Remember that checkusers can already see the IPs of people with accounts. With TAIP only checkusers will be able to see the IPs of those without accounts. And the value that IP editing adds is allowing people to edit the encyclopedia with less friction -- less friction means more people working on it, which makes it overall better, ideally. Mrfoogles (talk) 22:30, 21 June 2025 (UTC)[reply]

• All of the above: Generally, admins can already revoke advanced permissions, and we trust them to do so without abusing that authority. But, since the WMF requires that stewards process removals of TAIV, we should make it our "local community consensus" that a good faith request from any of the above actors "dictates removal" of the user right. voorts (talk/contributions) 17:01, 21 June 2025 (UTC)[reply]
• All of the above. Allowing somebody to view private data means they have the ability to abuse that data (post it publicly, for example). If somebody has gone rogue, the first person (admin, etc) to observe this should be able to prevent further harm by revoking the right quickly. If it turns out they over-reacted, it's easy enough to restore it after some discussion. This is similar to the "tool of first resort" philosophy used by oversighters. RoySmith (talk) 17:24, 21 June 2025 (UTC)[reply]
• AotA, What folks above me have said, we should have a zero tolerance policy for mucking around with private data, particularly one that could be used to deanonymize users. Sohom (talk) 17:34, 21 June 2025 (UTC)[reply]

• All of Above per RoySmith & Sohom. OPHYRIUS ^⚔ 17:48, 21 June 2025 (UTC)[reply]
• All of the above -- it should be easy for anyone admin or above to request removal of permissions like this. Mrfoogles (talk) 22:31, 21 June 2025 (UTC)[reply]