The WMF section of the village pump is a community-managed page. Editors or Wikimedia Foundation staff may post and discuss information, proposals, feedback requests, or other matters of significance to both the community and the Foundation. It is intended to aid communication, understanding, and coordination between the community and the foundation, though Wikimedia Foundation currently does not consider this page to be a communication venue.
Discussions of proposals which do not require significant foundation attention or involvement belong at Village pump (proposals)
This page is not a place to appeal decisions about article content, which the WMF does not control (except in very rare cases); see Dispute resolution for that.
Issues that do not require project-wide attention should often be handled through Wikipedia:Contact us instead of here.
This board is not the place to report emergencies; go to Wikipedia:Emergency for that.
Threads may be automatically archived after 14 days of inactivity.
Behaviour on this page: This page is for engaging with and discussing the Wikimedia Foundation. Editors commenting here are required to act with appropriate decorum. While grievances, complaints, or criticism of the foundation are frequently posted here, you are expected to present them without being rude or hostile. Comments that are uncivil may be removed without warning. Personal attacks against other users, including employees of the Wikimedia Foundation, will be met with sanctions.
UPDATE: On Monday, 11 August, the High Court of Justice dismissed the Wikimedia Foundation’s challenge to the UK’s Online Safety Act (OSA) Categorisation Regulations. While the decision does not provide the immediate legal protections for Wikipedia that we hoped for, the Court’s ruling emphasized the responsibility of Ofcom and the UK government to ensure Wikipedia is protected as the OSA is implemented.
The judge recognized the “significant value” of Wikipedia, its safety for users, as well as the damages that wrongly-assigned OSA categorisations and duties could have on the human rights of Wikipedia’s volunteer contributors. The Court stressed that this ruling “does not give Ofcom and the Secretary of State a green light to implement a regime that would significantly impede Wikipedia’s operations”, and indicated they could face legal repercussions if they fail to protect Wikipedia and the rights of its users. In order to achieve that outcome, he suggested that Ofcom may need to find a particularly flexible interpretation of the rules in question, or that the rules themselves may need amendment in Parliament.
If the ruling stands, the first categorization decisions from Ofcom are expected this summer. The Foundation will continue to seek solutions to protect Wikipedia and the rights of its users as the OSA continues to be implemented.
If enforced on Wikipedia, Category 1 demands would undermine the privacy and safety of Wikipedia’s volunteer contributors, expose the encyclopedia to manipulation and vandalism, and divert essential resources from protecting people and improving Wikipedia, one of the world’s most trusted and widely used digital public goods.
For example, the Foundation would be required to verify the identity of many Wikipedia contributors, undermining the privacy that is central to keeping Wikipedia volunteers safe. In addition to being exceptionally burdensome, this requirement—which is just one of several Category 1 demands—could expose contributors to data breaches, stalking, lawsuits, or even imprisonment by authoritarian regimes.
Aww, bye-bye then me lovlies. I have really enjoyed editing Wikipedia. Thank you to every editor who has helped me along the way. I've met some great people here. Thank you for the opportunity to help the worlds best encyclopaedia. Knitsey (talk) 12:32, 11 August 2025 (UTC)[reply]
+1, if this is it for Wikipedia in the UK then I would like to say it’s been an absolute pleasure being a part of this community for over a decade, and I will really miss it, as well as all the people here I’ve connected with as a result. Patient Zerotalk13:03, 11 August 2025 (UTC)[reply]
If this really does become it for Wikipedia in the UK which it might, then it has been a pleasure editing Wikipedia. I would like to give my thanks to everyone who has helped up to this point. I can't believe my time here could be up soon after 5 years and nearly 24,000 edits later. Maurice Oly (talk) 14:01, 11 August 2025 (UTC)[reply]
Is it possible you all are writing your resignation speeches a little quickly? Wouldn't it be better to try to circumvent whatever they're doing with a VPN or something? Is it even confirmed that they're doing anything to Wikipedia yet? –Novem Linguae (talk) 21:55, 11 August 2025 (UTC)[reply]
Since VPNs are routinely blocked by Wikipedia, and the edit restrictions would be imposed by Wikipedia to prevent it breaching the Category 1 threshold, I don't think that users of Wikipedia in the UK can rely on VPNs to be able to edit Wikimedia sites.Nigel Ish (talk) 22:12, 11 August 2025 (UTC)[reply]
In a situation where a VPN is needed, UK editors would probably want to apply for WP:IPBE. This is how Mainland China editors circumvent their country's restrictions, I think. –Novem Linguae (talk) 23:07, 11 August 2025 (UTC)[reply]
As a UK editor, if this were to happen, and I had assurance that Wikipedia administrators wouldn't block me for circumventing the OSA law, I would probably consider doing that. VPNs and browser proxies I have used previously however, have been slow and have issues with maintaining connection across tabs (which for Wikipedia is a must - partaking in multiple discussions on different pages for example). 11WB (talk) 23:18, 11 August 2025 (UTC)[reply]
This is good to know. I have IPBE already and would certainly want to use it to contribute using a VPN if anything does happen. I hope I would be allowed to do so. I believe that the OSA does plan on addressing VPN usage at some point, though, so if that were to happen it would only be a temporary fix. Patient Zerotalk00:51, 12 August 2025 (UTC)[reply]
It's not actually that bad of a loss for Wikipedia. The relevant extracts from the judgement (emphasis mine):
I stress that this does not give Ofcom and the Secretary of State a green light to implement a regime that would significantly impede Wikipedia’s operations. If they were to do so, that would have to be justified as proportionate if it were not to amount to a breach of the right to freedom of expression under article 10 of the Convention (and, potentially, a breach also of articles 8 and 11). It is, however, premature to rule on that now. Neither party has sought a ruling as to whether Wikipedia is a Category 1 service. Both parties say that decision must, for the moment, be left to Ofcom. If Ofcom decides that Wikipedia is not a Category 1 service, then no further issue will arise.
If Ofcom permissibly determines that Wikipedia is a Category 1 service, and if the practical effect of that is that Wikipedia cannot continue to operate, the Secretary of State may be obliged to consider whether to amend the regulations or to exempt categories of service from the Act. In doing so, he would have to act compatibly with the Convention. Any failure to do so could also be subject to further challenge. Such a challenge would not be prevented by the outcome of this claim
Note the use of the words "May be" my guess is that the government will do everything in its power to change may be to not have to. We will just have to wait and see what happens. Maurice Oly (talk) 14:03, 11 August 2025 (UTC)[reply]
I still can't see how we can fall under the Category 1 regulations? They keep talking about the number of users but the key part for us is surely "uses a content recommender system". I saw some saying things like Special:NewPagesFeed would count but it's not algorithmic as defined in the legislation. Even if it was classified as such instead of reducing access, as some have said, just put such feeds behind permissions and remove any perceived "content recommender system"s from the general readership. Worst case is IP editors get a bit restricted. KylieTastic (talk) 14:32, 11 August 2025 (UTC)[reply]
I mistakenly put this on Knitsey's talk page discussion instead of here. I'll repost here. This is my takeaway from this as a UK contributor:
The OSA and how Wikipedia will be categorised by Ofcom is concerning. However, looking at this which lays out how the categorisation works based on the 2 conditions - personally, I don't see how Wikipedia could meet condition 1, as for condition 2, 'allows users to forward or reshare user-generated content' I believe is true and 'has more than 7 million UK users on the user-to-user part of its service, representing c.10% of the UK population' is possible (I don't think the actual number of active registered UK Wikipedians is known publicly). Dependent on how Ofcom determines the second condition, Category 1 could be a possibility. It's clear though if that were to happen, the Wikimedia Foundation don't plan to leave it unchallenged. Hopefully that's some reassurance! 11WB (talk) 14:38, 11 August 2025 (UTC)[reply]
But option (b) needs to hit all three conditions as there is an and at the end of (ii) so if uses a content recommender system can be show to not be true or taken away from the main user base (the readers) then we can ignore the sharing part of the regulation (iii). KylieTastic (talk) 14:56, 11 August 2025 (UTC)[reply]
@KylieTastic: The app has some features that strike me as meeting this criteria more than NPP does. For example, "Places" (which shows articles about places near you if you enable location sharing), "Wikipedia games" (guess what event in history happened first), and actual recommendations for articles that might interest you based on your viewing history. Clovermoss🍀(talk)03:05, 19 August 2025 (UTC)[reply]
A VPN did cross my mind, however Wikipedia itself has very tough policies on those. Editors who are known to be from the UK that begin using VPNs to circumvent any (potential) Category 1 block run the risk of their Wikipedia accounts getting blocked by a Wikipedia admin in return! I think if Wikipedia editing rights were stopped in the UK I would have to hang my coat up on the rack and call it a day (as unfortunate as that would be). 11WB (talk) 15:03, 11 August 2025 (UTC)[reply]
When counting users, do you only count registered users or also IPs and temporary accounts? What about very infrequent editors who might make one edit a year?
The medium article about the original legal challenge that's linked to from the blog post does include some discussion of why it's potentially classifiable under category 1. It looks pretty plausible that with how broadly "content recommender system" is defined, there's a bunch of stuff on wikipedia that could qualify:
a “content recommender system” means a system, used by the provider of a regulated user-to-user service in respect of the user-to-user part of that service, that uses algorithms which by means of machine learning or other techniques determines, or otherwise affects, the way in which regulated user-generated content of a user, whether alone or with other content, may be encountered by other users of the service.
"By means of machine learning or other techniques determines, or otherwise affects" is... broad. I bet that a bunch of moderation tools fall under that definition. A sufficiently hostile reading could get "Special:Random" under it. DLynch (talk) 15:03, 11 August 2025 (UTC)[reply]
It certainly uses an algorithm to pick content to show to a user! It's not a very complicated algorithm, but the law doesn't seem to define "algorithm" in any way, so I think we have to read it as its plain-language meaning. DLynch (talk) 21:46, 11 August 2025 (UTC)[reply]
What about the search bar, which presumably uses an "algorithm" to determine what order the results appear in? "Algorithm" is such a vague word that I'm not sure we'll be able to expunge all algorithms for UK readers. Toadspike[Talk]15:04, 12 August 2025 (UTC)[reply]
@Roxy the dog, in the event editing rights were revoked, I think it comes down to the individual editor to decide what they would do. VPN IPs have the disadvantage of being accessible by anyone, including to those who vandalise, as a result many are already blocked from Wikipedia. It would probably be preferential to cease editing in that scenario (hopefully this won't be the case!). 11WB (talk) 17:47, 11 August 2025 (UTC)[reply]
That seems silly. If I am editing through a VPN, signed in, why would an admin sanction an editor in good standing in these circumstances? - Roxy thedog17:53, 11 August 2025 (UTC)[reply]
I refer to the IP address being used already being previously blocked as VPNs are usable by anybody, including vandals. 11WB (talk) 17:55, 11 August 2025 (UTC)[reply]
I dont care about what random IP editors do, and my Q wasn't about them. Vandals are vandals if they use a VPN or if they dont.
I repeat, "If I am editing through a VPN, signed in, why would an admin sanction an editor in good standing in these circumstances?" Roxy thedog18:01, 11 August 2025 (UTC)[reply]
Apologies, I didn't explain it in the best way. The VPN you log into may be assigned an IP address that has previously been used by a vandal (as IP ranges are the same by service and per chosen country), meaning you'll find it unusable on Wikipedia. That is what I meant to say! 11WB (talk) 18:16, 11 August 2025 (UTC)[reply]
Are you saying that the wiki software would automatically block my VPN, without human intervention, despite my being logged in? Roxy thedog18:33, 11 August 2025 (UTC)[reply]
Most proxies (especially free ones) have been blocked due to abuse. Others are blocked preemptively (due to abuse). Most are blocked by humans, but don't rule out a bot doing it. These blocks are usually hardblocks, not anononly (due to abuse). You take your chances being able to edit on a proxy without IPBE. -- zzuuzz(talk)18:39, 11 August 2025 (UTC)[reply]
The way Zzuuzz explained it is the best way to articulate what I was attempting (quite badly) to explain! Thank you for this! 11WB (talk) 18:42, 11 August 2025 (UTC)[reply]
I temporarily turned on my Chrome extension proxy so I could screenshot the message that shows when you attempt to make any edits using a VPN or proxy IP. You'll see something like this (those are not my regular IP addresses) when attempting to edit on a VPN usually, and you'll find you cannot make any edits as a result. Hope this helps visualise it for you! 11WB (talk) 18:46, 11 August 2025 (UTC)[reply]
This seems overall like the best we really could have reasonably expected out of the courts at this stage... Personally I view it as a strategic victory, it sets us up really well for when/if the OSA does actually have significant deleterious consequences. Horse Eye's Back (talk) 17:44, 11 August 2025 (UTC)[reply]
As I said to someone somewhere else, I think it's clear that Wikipedia has won the argument. Subjecting us to Category 1 rules would be a proper absurdity, in addition to being probably unlawful. -- zzuuzz(talk)18:34, 11 August 2025 (UTC)[reply]
The court case was really about whether Ofcom is required by law to put us in Category 1. The court said it didn't have to put us there, or subject us to Cat 1 rules, and agreed there's a good chance doing so might be unlawful. It's not as bad as it sounds. -- zzuuzz(talk)18:46, 11 August 2025 (UTC)[reply]
This is no way a victory of any sort - any editors from the UK (and possibly even readers) now have a Sword of Damocles over their head, where Ofcom or the Government can decide to designate Wikimedia as a Category 1 website at any time, with all the consequences and loss of editor base that would result.Nigel Ish (talk) 18:54, 11 August 2025 (UTC)[reply]
Whilst this is true, it is mostly out of our control! Your Sword of Damocles is a very good metaphor. The saying I am applying to this is, 'what will be, will be'. 11WB (talk) 18:58, 11 August 2025 (UTC)[reply]
Isn't the case that they already had a Sword of Damocles over their head and the court simply declined to remove said sword although they did comment on what a lovely head it was and what a problem it would be for such a sword to fall? Horse Eye's Back (talk) 19:04, 11 August 2025 (UTC)[reply]
I agree. The judge doesn't want (and may not be allowed) to issue an injunction barring a (currently) counterfactual scenario, but considers WMF's arguments logically and perhaps legally correct. —Compassionate727(T·C)20:30, 11 August 2025 (UTC)[reply]
Were it to come to that (which it seems it hasn't yet), I am sure IPBE would be liberally granted to editors in the UK who are in good standing. I certainly would be willing to do that. SeraphimbladeTalk to me21:37, 11 August 2025 (UTC)[reply]
@Seraphimblade If it does come to that, I'll send you a talk page message! I am kidding of course, I genuinely don't think it'll go to that extreme, things often have a way of working out! TikTok is still available in the US as far as I'm aware. This whole thing has given me a strange sense of déjà vu to be honest... 11WB (talk) 22:52, 11 August 2025 (UTC)[reply]
Not gonna last long for US TikTok users. And by the way, YouTube is starting to verify every US viewer with AI based ID scan. We can't let WMF projects do the same for US readers. WMF might find a workaround to stop implementation of privacy invading policies. Ahri Boy (talk) 07:23, 13 August 2025 (UTC)[reply]
I thought youtube was only doing the ID verification for UK users, I had no idea youtube was doing ID verification for US users. At the moment the WMF is only at risk of having to verify the ID's of UK users. I'm not sure quite how the WMF is going to get around having to do ID checks for UK users given the UK government will 100% want Wikipedia to be a Category 1 website. Maurice Oly (talk) 14:16, 13 August 2025 (UTC)[reply]
There are different requirements in play. There's age verification (for accessing 'harmful' content) and 'verification' (for Cat 1 user-to-user 'empowerment'). The user empowerment part is the shadow on the horizon and has implications that affects everyone here, and probably Youtube as well - UK users must have the option to filter out any non-verified user and any of their content,[1] whatever that means. In our context that means no more warnings or block notices from those pesky unverified admins, no more unverified editing the same page to remove vandalism or POV. It soon gets into bonkers territory. WMF is talking about restricting access from the UK to get out of Cat 1. I don't blame them. -- zzuuzz(talk)17:06, 13 August 2025 (UTC)[reply]
So if an article contains two sentences, and the first sentence is written by an unverified user while the second sentence is written by a verified user, only the second sentence should be shown? And if a verified user corrects a typo in an unverified user's text, only the word with the corrected typo should be shown? Sounds wonderful. --Stefan2 (talk) 17:41, 13 August 2025 (UTC)[reply]
Oh yeah. This was presented to the court in magnificent detail (see #9). But also if a verified user adds vandalism, or a page advertising their services, or writes about how great their idea or ideology is, you'll need to be verified to touch the article or go near them to point out policies. Bonkers I tell you. -- zzuuzz(talk)18:13, 13 August 2025 (UTC)[reply]
You're quoting a politician talking about the Internet? Yes it makes no sense, but here's the law: "A duty to include [...] features which adult users may use or apply if they wish to filter out non-verified users [which means...] prevent non-verified users from interacting with content which that user generates, uploads or shares on the service, and reduce the likelihood of that user encountering content which non-verified users generate, upload or share." -- zzuuzz(talk)20:40, 13 August 2025 (UTC)[reply]
So only adult users can filter out content provided by unverified users, while children would be required to view that content? It sounds like a wonderful suggestion to show something to adults and something else to children, in case the things shown to children are dangerous for children.
If you send a DMCA takedown request, then I suppose you're unverified and so the material provided in the takedown request should have no effect on what verified UK users see? Of course you have to provide your name and address in the takedown request, but are those verified against some kind of ID? --Stefan2 (talk) 03:43, 14 August 2025 (UTC)[reply]
"a variety of signals" determine whether a user is over or under 18, and the option to "use a credit card or a government ID" if you are incorrectly flagged. Yeah, right. Most of the people would be incorrectly flagged anyway and have to surrender their government ID in the name of "protecting the kids" or "national security". While blocking VPNs is protecting Wikipedia vandalism, balance needs to be thought out as well as governments increasingly use their powers to muzzle free speech, and editors are rightly concerned if the government could get their hands on their IP address. ✠ SunDawn ✠Contact me!00:33, 14 August 2025 (UTC)[reply]
Should also add that sooner or later, US lawmakers will catch wind of the "Wikipedia users must undergo ID verification before they are allowed to edit" idea, and that'll mark the beginning of the end for this project. Some1 (talk) 02:46, 14 August 2025 (UTC)[reply]
Wikimedia very much does not need your ID. It only needs to verify that you are older than 18. Wikimedia's statements are very much making this a bigger deal than it is. Wikipedia could just ask you questions you should know after graduating upper secondary school, assuming the test is reliable enough. According to the UK government 68% of pupils finished upper secondary school.
As for content moderation, Wikimedia Commons has c:Commons:Not_safe_for_work (NSFW) which does part of what Wikimedia needs, but needs to go much further. Being verified to post content is basically what FlaggedRevs allready does. I would like to see a page accepting categories of images and articles that are not safe for children and I think NSFW is done that way too. Then Wikimedia just refuses to show articles and images in the categories of said list to kids and people that fail the adult test (the test of whether you finished upper secondary school). Snævar (talk) 18:04, 17 August 2025 (UTC)[reply]
That is exactly what we shouldn't be doing; Wikipedia is not censored and shouldn't be for anyone. And, how do we decide this stuff? Could we, for example, show the article about breast cancer to someone who failed your hypothetical test? I might not pull it up at work, but I still would not consider it inappropriate for a minor to see. SeraphimbladeTalk to me18:25, 17 August 2025 (UTC)[reply]
@Snævar: By your own admission, that would deprive 32% of British adults of access to Wikipedia because they weren't educated enough for your liking. Not to mention the fact that education systems are different between countries, and the fact that people could just look up the answers. No, to verify your age, Wikipedia would need to identify you, and that isn't happening. I'd blackout the site in the UK before agreeing to censor "inappropriate" content (what if conservatives decide that the transgender article isn't appropriate for kids?) and I am not giving the WMF my identity anytime soon. QuicoleJR (talk) 19:04, 17 August 2025 (UTC)[reply]
The issue doesn't seem to be NSFW content moderation, but rather the legislation treating Wikipedia as a social media site, and requiring the ability to screen out content from non-verified persons (which presumably means non-verified persons anywhere - not just from the UK), which appears to include article content as well as talk pages. This would break Wikipedia's editing model.Nigel Ish (talk) 19:19, 17 August 2025 (UTC)[reply]
Still, this would ruin the site, like you said. I'd support any form of protest, even the most extreme options we have, up to an indefinite UK blackout. QuicoleJR (talk) 19:43, 17 August 2025 (UTC)[reply]
As much as I don't want to see an indefinite UK blackout that might be the only way forward, we will just have to wait and see which category Wikipedia ends up in. Though I do fear Wikipedia will end up in category 1. Maurice Oly (talk) 21:25, 17 August 2025 (UTC)[reply]
I support a full blackout on all Wikimedia projects. This is the way of pressing on against the legislation. I may support full blackout in other countries if they follow UK's example. Ahri Boy (talk) 22:40, 17 August 2025 (UTC)[reply]
@Ahri Boy: A blackout affecting all projects would need to be agreed upon at Meta-Wiki. A proposal made on enwiki would only affect enwiki. That being said, I would support such a proposal, here or globally. QuicoleJR (talk) 23:15, 17 August 2025 (UTC)[reply]
@QuicoleJR The test of wether someone has graduated from a secondary school is an example. An example is just that, do not try to frame that as some major point in my argument when it is not. Feel free to find any better way of distinguishing adults from kids.
@Snævar: My point is that there is no question that can reliably separate people by ages, as some adults may not have learned certain things and kids can just Google the answers. It doesn't matter what the question is, this solution would not work. QuicoleJR (talk) 22:31, 18 August 2025 (UTC)[reply]
Tests in schools that allow you to go the internet exist where I live. Those tests are just harder versions of their non-internet versions. We also have tests that give you a Gymnasium (school) pass in a particular field, like German. It could be a TestDaF test or some other standard. We also have an gymnasium competition where people that are good at memorizing compete in questionnaire, so the school system needs to account for those too. The test would test your ability, not whether you can remember an answer from your book from class or some notes from a student google found. Let's say you just go to one of those tests (for exaample TestDaF) and they allow you to go to the internet, do you really think they would allow that if you could just cheese it?
This brings me to my original main point of the example, although I have not said what it is yet. WMF would be convincing an governmental entity that their test works. Since the test is based on the curriculum, a work of the ministry of education, if the WMF test fails it most likely criticizes the government itself. The ministry of education would need to update the curriculum and the WMF would use that work to improve their own test. Snævar (talk) 05:38, 25 August 2025 (UTC)[reply]
The test would test your ability, not whether you can remember an answer
How would tests of skill in history analysis, language arts, mathematics, etc... apply to age? How do you even test someone's skill at aging over the screen?The CNIL article you linked says every age test known at the time of writing is bad; of what you say exists, it gives nothing of the sort.
The CNIL has analysed several existing solutions for online age verification, checking whether they have the following properties: sufficiently reliable verification, complete coverage of the population and respect for the protection of individuals' data and privacy and their security.
The CNIL finds that there is currently no solution that satisfactorily meets these three requirements. It therefore calls on public authorities and stakeholders to develop new solutions, following the recommendations described above. The CNIL deems it urgent that more effective, reliable and privacy-friendly devices be proposed and regulated as soon as possible.
Even being blocked for using the username of someone notable does not require sending id. {{Uw-ublock-wellknown}}
If you choose to keep your current username, please send an email [...] including your real name and your Wikipedia username to receive instructions from our volunteer response team about account verification. Please do not send documentation without being requested to do so. (emphasis added)
Do not send unsolicited scans of your passport or driver's license to the volunteer response team. Instead, you should contact them to find out the best way to prove your identity. The best way will vary, but could be by using an email address on a domain name that belongs to you. (links in original; emphasis added) JuniperChill (talk) 21:14, 19 August 2025 (UTC)[reply]
As an example, you probably have been to an intersection with lights before. Well, those lights can break and then the police dictates the traffic. Even if the lights are active, what the police says goes. With law, you have a hierarchy. The constitution is at the top, then statuary law, then regulations, then any community or company rules. Those rules are probably there to make it hard for the police to come after you, but you still need to follow the law, even if Wikipedia's rules say otherwise. Also see my comments on a passport not being necessary. You have the option to not answer an age test/submit an ID and then you will have some access to Wikipedia, but not anything unsafe to a child, like porn or violence. Snævar (talk) 06:02, 25 August 2025 (UTC)[reply]
The following discussion has been closed. Please do not modify it.
Writing an open letter to "the High Court of Justice/Ofcom/UK government/etc." isn't going to go anywhere. You will see that royal marriages are subject to certain impediments that other marriages aren't because they were removed by the Marriage Acts as regards the rest of the population, which say they don't apply to royal marriages [3]. So, as Lord Pannick said 21 years ago, Charles and Camilla's Marriage Act ceremony was null and void. A High Court action was duly filed after Charles' accession in October 2022. The deep state immediately got to work, enlisting officials in the court office to propagate lies, the defendant and the officials did not copy the defence to the plaintiff and a crooked judge was found to deliver a secret five-paragraph judgment which made no reference to the evidence submitted by the plaintiff, only the lies secretly submitted by the defendant.
The fraud was particularised in a further High Court action filed this month. The defendants should have been served two weeks ago and the plaintiff notified, but there has been silence. There are twelve defendants, including the king, the attorney general, the secretary of state, the government lawyer who failed to serve the plaintiff and those officials who have been identified. Wikipedia editors will only be able to save the encyclopaedia by giving extensive news coverage to these events and ensuring they remain in the forefront in the weeks ahead. Otherwise, Wikipedia will be shut down and the c ase will remain in the court office forever. 80.41.151.12 (talk) 17:56, 23 August 2025 (UTC)[reply]
Back to the main topic for a third time. The memory of the events of Sunday, 31 August 28 years ago is still fresh (comments, [4], procession [5]). Harry will be returning to the UK on 8 September to continue the work. So let's give it all we've got. I propose the following banner for the main page:
Errors (rare) in Wikipedia are spotted and corrected in seconds by anyone. The UK government proposes to inhibit this process by designating Wikipedia as a Category One website under the Online Safety Act. It is also preventing Judges from hearing cases brought against it which it knows it will lose. Read the amazing judgment here.
Errors (rare) in Wikipedia are spotted and corrected in seconds by anyone. Not as often as you seem to think. I routinely catch introduced errors up to 24 hours old in my daily watchlist patrol, and ocassionally find older ones. I once found an error that had sat uncorrected for eight years (sad to say, I had introduced it myself). - Donald Albury16:25, 31 August 2025 (UTC)[reply]
It is also preventing Judges from hearing cases brought against it which it knows it will lose.
Nothing to do with parliamentary privilege. The case was filed on 11 August and the court office should have served the defendants and notified the plaintiff within five working days. Instead it has done nothing, effectively telling the plaintiff to pound sand. 80.44.78.34 (talk) 13:01, 1 September 2025 (UTC)[reply]
There seems to be zero appetite for a blackout right now. Closing this sub thread to focus on other topics which aren't so clear-cut. QuicoleJR (talk) 11:57, 18 August 2025 (UTC)[reply]
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
I think it's time we begin discussing a blackout in detail. The primary downside of such a thing would be its effect on our British users, but I think we can get around that (for now at least) by giving them IP block exemption so that they can use a VPN. We should also probably discuss timing (when and how long to do a blackout) and logistics (how we will do a blackout). Of course, to actually initiate one, we would need an RFC. Anyway, what are everyone's thoughts? QuicoleJR (talk) 23:21, 17 August 2025 (UTC)[reply]
I think that, at this point, enough people would oppose on the basis that the court basically said "if they really do try to apply Category 1 to Wikipedia, you'd have very good grounds to sue then", with hints of "and you'd probably win", that the RFC would fail. There are enough people who will oppose any blackout at all that you need a very credible threat to motivate enough other people to overcome them. Anomie⚔23:31, 17 August 2025 (UTC)[reply]
Maybe, but I'd like to at least get the discussion started, even if it isn't time for a blackout yet. I've been considering, as an alternative to starting a blackout now, potentially having an RFC to pre-approve a black out to activate if and when we get declared as a Category 1. I'd personally support doing it earlier, but this would also be a decent option if that can't get enough support. QuicoleJR (talk) 23:40, 17 August 2025 (UTC)[reply]
According to the article, the first categorization decisions from Ofcom are expected this summer, so if we decide to do a blackout or any form of "protest", it should ideally occur days or weeks before Sept 22. Some1 (talk) 23:37, 17 August 2025 (UTC)[reply]
Similar to Anomie, I would oppose action on the basis of the court decision. The court decision didn't actually change anything immediately, and in general I would prefer responding to executive and legislative action rather than judicial. If any action is taken in relation to Category 1, it should be very clearly scoped around the direct impacts of the designation's implications (and I suspect those details would be clearer closer to the time given some of the legislation seems vague), and would need to be worth the risk of it being ineffective and setting a standard that community complaints can be ignored. CMD (talk) 00:56, 18 August 2025 (UTC)[reply]
Now is not the time for a UK blackout discussion, as at this point we don't know wether Wikipedia will be in category 1 or not. Once confirmed that Wikipedia is in category 1 and all legal options have run dry them we should start a discussion on a UK blackout. Maurice Oly (talk) 01:06, 18 August 2025 (UTC)[reply]
It looked more to me like the court was saying "It's premature to decide this right now, but categorizing Wikipedia that way would be a pretty questionable decision and we'd be very skeptical of that" than "Sure, go ahead and do that." So, I think at this point we should wait and see what happens; hopefully Ofcom will take the hint. If they do, great. If not, we can discuss next steps once something has actually happened rather than "might happen". SeraphimbladeTalk to me06:18, 18 August 2025 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
Well, I am admin, have 10+ years experience, and about 50 edits in the past 24h. Please discuss above in the main topic, we do not need to open additional topics for the same subject.Ymblanter (talk) 13:17, 31 August 2025 (UTC)[reply]
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
There are too many non-admin closes around here by people who don't say they are non-admin closes, have only two years' editing experience and 72% of whose edits in the past 24 hours have been reverts. The following comment was placed where it was because a request was made for it to be placed there. Leave it be, and please WP:AGF. Nobody's trying to derail anything. Given that the British government thinks that WMF cannot be trusted to moderate its own website its lawyers (and anyone else interested) might like to research whether before in recorded history the government of a democratic country has refused to pass a case to a Judge because it knows it will lose. Trust in the Labour government has plummeted to such an extent that it is level-pegging with the Conservatives in third place.
The closer of the second thread below this one invites me to continue the discussion here. I accept the invitation and will attempt in a few words to convey the horrific nature of this judgment, which is only 258 words long, although it is one of the most momentous ever issued by the High Court. It was not handed down by a High Court Judge but by an employee of the Church of England. My thanks to PBradley-WMF for the two posts above added this morning. I now know a lot more about the OSA than I did before. I see that the government rejects the advice of Lord Pannick - that is ironic considering that the reason why they are not passing the case filed on 11 August to a Judge for trial, instead directing it to gather dust in the court office forever because they know they will lose, is indicative that they now (yes, it's the same people) accept that the advice he gave, which they rejected 21 years ago, was correct.
At paragraph (5) the judge says "contrary to what [s/he] says in the claim form, the claimant does not appear to have complied with the pre-action protocol." The evidence included a letter from the defendant declining to engage in the pre-action protocol. At paragraph (2) the judge says "The decision under challenge here was made on 25 July 2022. The claim was filed on 2 August 2024, over 24 months later." The evidence included a copy of the claim form stamped with the date, 21 October 2022, when it was received in the court office and bearing the signature of the receiving clerk.
At paragraph (3) the judge says "the burden of the claim appears to challenge a decision protected by Parliamentary Privilege." The evidence included irrefutable proof that what a peer gets up to in his spare time can never be the subject of Parliamentary Privilege. In the few remaining weeks before Wikipedia is consigned to history I urge Wikipedians in the U K to lobby their MPs (e.g. by visiting their surgeries) to raise the matter on the floor of the House of Commons. The rules on the reporting of Parliamentary debates will ensure it receives widespread coverage. Maybe @:Jimbo Wales would like to do that? 80.41.151.12 (talk) 16:30, 27 August 2025 (UTC) — Preceding unsigned comment added by 89.243.9.179 (talk) [reply]
Your posts keep getting hatted, reverted, or closed because you seem to be ranting about the non-recognition of a royal wedding rather than anything that's actually relevant to being discussed on this page. Anomie⚔13:39, 30 August 2025 (UTC)[reply]
The subject matter of the case is irrelevant. What is relevant is that the government is manipulating the judicial system by preventing Judges ruling on selected cases. This destroys the system of checks and balances that the executive/legislature/judiciary system is designed to perpetuate. This is more important to democracy than the war in Ukraine. If the government succeeds in destroying Wikipedia it will not stop there. Whether on this page or another Wikipedians should be given the facts and the opportunity to comment. 89.243.9.179 (talk) 13:58, 30 August 2025 (UTC)[reply]
Only gonna address this: The closer of the second thread below this one invites me to continue the discussion here. I think it was less an invitation and more letting you know that you could do it, but it wasn't recommended. --Super Goku V (talk) 02:55, 31 August 2025 (UTC)[reply]
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
Community Tech team is looking for idea/feedback regarding watchlist filtering
I think the way to keep updated would be to watchlist to the Community Tech Wishlist updates page. @JWheeler-WMF should be able to give more specific advice on that (I actually wonder if it would be too much work to convert the page to use the Newsletter extension?) Sohom (talk) 00:26, 8 September 2025 (UTC)[reply]
[6] They have issued a subpoena for Iksander on "foreign operations and individuals at academic institutions subsidized by U.S. taxpayer dollars to influence U.S. public opinion", and pointing to the ADL's complaints about Wikipedia as a basis. "The panel is seeking documents and communications about Wikipedia volunteer editors who violated the platform’s policies, as well as the Wikimedia Foundation’s efforts to “thwart intentional, organized efforts to inject bias into important and sensitive topics.”" Masem (t) 18:28, 27 August 2025 (UTC)[reply]
To the best of my understanding of how hose committees work, the Hill story, and looking at the letter itself ([7] also linked from the story), it is not a subpoena that has been issued to the WMF at this time. Just a letter asking for information but not requiring it. But IANAL and hopefully WMF will soon provide information about what they intend to do. Skynxnex (talk) 19:10, 27 August 2025 (UTC)[reply]
Here's the letter they sent [8]. Their #4 demand is especially concerning:
Records showing identifying and unique characteristics of accounts (such as names, IP addresses, registration dates, user activity logs) for editors subject to actions by ArbCom.
It's not too hard to read that they want real names and other such details which can be gleaned off IP addresses that would be in server logs for registered users. Masem (t) 20:16, 27 August 2025 (UTC)[reply]
The Hill reports the WMF's response as follows: In a statement, a Wikimedia Foundation spokesperson said the organization had received the request and are reviewing it. “We welcome the opportunity to respond to the Committee’s questions and to discuss the importance of safeguarding the integrity of information on our platform,” the spokesperson said. It would be good to hear from a WMF representative here if they can share any other details about their planned response. —Ganesha811 (talk) 21:22, 27 August 2025 (UTC)[reply]
This sort of request letter is something WMF can handle, and I don't think we need details on their planned response. If their response is as boilerplate generic as much of the letter, which clearly doesn't evidence much research into how Wikipedia works, that would be fine. CMD (talk) 07:49, 28 August 2025 (UTC)[reply]
I'm guessing the WMF will take their time, possibly a few weeks, and then make a further reply. Depending on what happens after that, we can always start discussing a WP-blackout of the US or whatever as needed. And in the meantime, we can update related WP-articles in a WP:PROPORTIONate manner as and if more RS coverage becomes available. US Congress probe of Wikipedia or somesuch might pop into existence one day. Gråbergs Gråa Sång (talk) 08:06, 28 August 2025 (UTC)[reply]
To what extent is this a performance for their voters? Why would they assume the editors are either foreign operatives or working for a taxpayer-funded university? Tech for Palestine was funded by an American tech billionaire, wasn't it? Also, why would they need the WMF to explain how Arbcom sanctioned pro-Palestine editors earlier this year, when Arbcom cases are fairly public? Rjjiii (ii) (talk) 11:44, 28 August 2025 (UTC)[reply]
Agree that this is performative. The letter uses "individuals at academic institutions subsidized by U.S. taxpayer dollars" editing Wikipedia as a rationale for Congress' access to sensitive user info, but if the issue were really Wikipedians in Residence at American universities as a matter of spending propriety, then the appropriate target would be requesting info from the institutions running such programs. ViridianPenguin🐧 (💬) 12:04, 28 August 2025 (UTC)[reply]
Yes, all Wikipedias in Residence have publicly declared accounts. I understood the committee as accusing some of having secondary accounts to POV push on the university's dime, which they want the WMF to reveal. That holds zero weight without identification of a single case though. ViridianPenguin🐧 (💬) 23:56, 28 August 2025 (UTC)[reply]
The surface level read of this is they want to find students here on visas that are critical of Israel (on the flawed thinking that being anti-Israel or pro-Palestine must mean they are pro-Hamas and thus support terrorism) so they can be revoked/deported, but we also know that the conservatives have long had a problem with the liberal lean of the truth and may be trying to find other bad actors that work to deny the conservative POV in articles. Masem (t) 12:31, 28 August 2025 (UTC)[reply]
Indeed. Common Dreams just published an article opining that "The [House Oversight] effort furthers the goals of the Heritage Foundation, which has launched a plan to "identify and target Wikipedia editors" using a number of underhanded tactics." GorillaWarfare (she/her • talk) 21:09, 28 August 2025 (UTC)[reply]
A permanent one-country blackout wouldn't work here, since the WMF is headquartered in the United States. Unless they decide to move, they would have to comply with any demand by Congress, blackout or no blackout. We could do a temporary blackout like with the SOPA/PIPA protests, but a permanent blackout would be giving them exactly what they want, and would not be able to protect the site. QuicoleJR (talk) 21:06, 28 August 2025 (UTC)[reply]
Having the Office action: Removals on the article Caesar DePaço thread, WMF loses legal challenge to UK Online Safety Act (OSA) at High Court thread, and this thread all appear on the same page is wild--what a month August has been for the WMF. As I said in the other thread, this feels like the beginning of the end for this project. Fwiw, a blackout seems like a fun idea. Some1 (talk) 01:34, 29 August 2025 (UTC)[reply]
I'm still holding out hope that we will survive this, although I'm beginning to wonder if the WMF should move its headquarters to a different country. It has definitely not been a good month for us, but this is why we have the WMF. I trust that they can take care of all legal issues, and America has some solid protections for freedom of speech. QuicoleJR (talk) 01:42, 29 August 2025 (UTC)[reply]
I like what Will Stancil said: "The other thing is that if you have the morally, logically correct position in a conflict – or are simply standing up for a popular institution or a stable status quo – you should WANT to fight, as long as possible, in as large a public forum as possible, because that's how you persuade people." Carlstak (talk) 02:47, 29 August 2025 (UTC)[reply]
To me, these 3 things happening in the same month paint a pattern of the internet getting more and more regulated by governments as time goes on. Many governments (especially conservative governments and authoritarian governments) are trying to make the internet less free and end the internet's wild west phase. The UK isn't the only country trying to crack down on children using the internet (example: Online Safety Amendment in Australia, various state bills in USA).
However, while that is probably bad overall, I do not think it spells the end of Wikipedia. I think this feels like the beginning of the end for this project is way too pessimistic. We should have some faith that this project that we've built that is the 10th most visited website in the world will be quite resilient to most attacks. –Novem Linguae (talk) 05:58, 29 August 2025 (UTC)[reply]
I am topic-banned in the area targeted so I know that I may not be allowed to discuss this situation, but revealing the IP addresses of editors, including me, should worry everyone who uses this site. I think that the WMF should be taking drastic action to protect its contributors, who probably began editing without suspecting that they would eventually be targeted in a federal investigation. Would migrating arbitration case logs to somewhere private be feasible for the time being? Salmoonlight (talk) 04:17, 29 August 2025 (UTC)[reply]
Okay, I take my back my "performance for their voters" comment above. If any people at all are feeling intimidated and chilled by these letters then they're already a problem. Let's hope that the WMF can help Comer and Mace understand free speech and the First Amendment, Rjjiii (talk) 17:47, 30 August 2025 (UTC)[reply]
This isn't just me feeling intimidated. On my user page I identify myself as being LGBTQ+ and pro-Palestine in a so-called red state. In the event that my IP address gets leaked, through either the purposeful malice or incompetence of the committee, I could be physically harassed in real life. Salmoonlight (talk) 19:50, 30 August 2025 (UTC)[reply]
The committee can ask for whatever info it wants, but that doesn't mean that the WMF is going to supply that info to the committee. As noted above, this isn't a subpoena. FactOrOpinion (talk) 00:38, 31 August 2025 (UTC)[reply]
I think they're only being polite, and recognizing that there may be areas where the WMF's goals align with the committee's goals (e.g., "safeguarding the integrity of information on our platform"). But providing editors' IP addresses isn't going to be one of them. FactOrOpinion (talk) 01:16, 31 August 2025 (UTC)[reply]
How has WMF responded to the letter / how do they plan on responding? If WMF decides to reveal users' IP addresses, will this be announced, so users' may make their own arrangements to protect their safety? VR(Please ping on reply)05:01, 29 August 2025 (UTC)[reply]
See [9] and several other media reports on how they have responded so far. My guess is that they're probably planning for the time being, so how might not really exist yet in all details. Gråbergs Gråa Sång (talk) 05:11, 29 August 2025 (UTC)[reply]
That's been well known; there's been rumblings of either an EO or a bill that would strip non-profits of that status if they support "terrorism", and under this admin, they're already using language that simply opposing the ruling party is akin to that. Such a law/EO shouldn't survive a court review, but that's not a sure thing. Masem (t) 13:49, 29 August 2025 (UTC)[reply]
It may not survive but it may still introduce chaos temporarily as the court sorts out the issue, unless the a temporary injunction on the EO or law if a bill is passed can be obtained almost immediately. For example, the original organisation in India which was the fiscal sponsor for a majority of Wikimedia related outreach activities was denied a renewal of a license to receive foreign funds. It caused local volunteers to either cancel or postpone activities for months before an alternative organisation was found. – robertsky (talk) 01:33, 31 August 2025 (UTC)[reply]
Seems that right-wing outlets are celebrating this investigation while defeating their own argument by bringing up disparate cases of genuine manipulation on Wikipedia that have long been resolved. It'd be nice if mainstream journalists who feign concern about the death of democracy would clear the fog of war already considering the rate at which they pump out articles. Salmoonlight (talk) 02:29, 31 August 2025 (UTC)[reply]
Maybe it will help focus some minds a bit if there are potentally Americans involved, rather than just those pesky expendable Indians, who all look the same anyway. Phil Bridger (talk) 20:10, 31 August 2025 (UTC)[reply]
I don't see how this is comparable to that lawsuit. This isn't even a congressional subpoena, much less a court ruling, and it's not clear to me how it could become a lawsuit. Nor do I see a reason to think that the relevant laws and jurisprudence are the same in the US and India. FactOrOpinion (talk) 22:21, 31 August 2025 (UTC)[reply]
I think the best way to understand what's happening is that they are using the threat of revoking Wikipedia's tax-exempt status as a cudgel to get WMF to give them personal information about editors that Republicans think they can portray as bad actors. --Tryptofish (talk) 22:25, 31 August 2025 (UTC)[reply]
If by "they," you mean Republicans in Congress, they have no power over WMF's tax status; they could attempt to change tax law, but clearly couldn't single out WMF, and would likely face resistance by diverse non-profits in their districts/states if they tried to make a broad change. If by "they," you mean the IRS under the Trump administration, I assume that WMF would sue in response. The Trump admin. wants the IRS to revoke Harvard's tax exempt status, and so far, the IRS has resisted, though of course that could change. There are some bad actors among editors, which is why we have ANI, AE, recent changes patrol, ... FactOrOpinion (talk) 23:14, 31 August 2025 (UTC)[reply]
Interesting response to Mike Masnick's column about this:
"I've edited Wikipedia pages before. And I'm in California (so 9th Circuit). If any 1A lawyers want to file a claim against Comer and Mace for 1A violations/attempting to chill speech and need a named plaintiff, sign me up." FactOrOpinion (talk) 01:18, 1 September 2025 (UTC)[reply]
Upcoming and current events and conversations Let's Talk continues
Wikimedia Futures Lab: Apply before Sep 4 to join The Wikimedia Futures Lab, the in-person convening hosted on January 30 – February 1, 2026 in Frankfurt, Germany with participants from affiliates, contributors and external experts, to learn more about global trends and discuss potential movement-wide responses.
Wikimania 2026: The theme and date for Wikimania 2026 have been decided: Liberté, Équité, Fiabilité (Freedom, Equity, Reliability). This edition will take place in Paris, from July 21 to July 25, 2026.
Tech News: Some of the latest updates from Tech News week 34 and 35: An A/B test comparing two versions of the desktop donate link launched on testwiki and English Wikipedia for 0.1% of logged out users on the desktop site. The experiment will run for three weeks, ending on 12 September; Administrators can now access the Special:BlockedExternalDomains page from the Special:CommunityConfiguration list page. This makes it easier to find.
Community Wishlist: Template authors can now use additional CSS properties, since the CSS sanitizer used by TemplateStyles was updated. These improvements are a Community Wishlist wish.
Wikipedia Mobile Apps: The Android app team has launched a new experiment in Italy that lets logged-out readers of Italian and English Wikipedia set their own donation reminders based on how often they read. This new approach responds to feedback from donors who say their motivation to give is tied to their reading habits. Instead of one-size-fits-all banners, readers can now choose reminders that fit their own usage, all while keeping their privacy intact.
For information about the Bulletin and to read previous editions, see the project page on Meta-Wiki. Let askcacwikimedia.org know if you have any feedback or suggestions for improvement!
Hello, we are the Wikimedia Foundation Product Safety and Integrity team, a team dedicated to the security and safety of users of the Wikimedia wikis. We have been integrating a new bot detection service, with the goal of replacing our current CAPTCHA with something that can hold up better against modern AI bots and other automated activity. In the coming weeks, we would start a trial here on English Wikipedia. We will be monitoring its deployment beforehand as we roll this out across several trial wikis, to make sure it is stable and performant.
This service will start by protecting the account creation page (Special:CreateAccount). We may extend it later to protect editing or other sensitive actions.
In this trial, we’ll be looking to see how well the new service does at stopping or slowing bot-driven activity, and how well it helps real humans more easily use Wikipedia.
Why our CAPTCHA needs replacement
Wikipedia needs strong tools to defend itself from malicious automated (including AI-driven) activity. The CAPTCHA we use today hails from an earlier era of the web. It has been aging poorly for some time, and is especially unsuited for the new era of AI. We know it also annoys many of our human users, and likely shuts some of them out.
We’ll be testing out replacing our current CAPTCHA with hCaptcha, a third-party service specializing in bot detection. They have a particular focus on privacy-sensitive customers, such as Signal and many other internet services, that make them a good fit for the Wikimedia wikis.
We want to be upfront that this trial will involve us integrating wikis directly with a third-party proprietary service. This is new for Wikimedia, and something we, as the Foundation, don’t take lightly. However, it’s not feasible for us to build a service ourselves that can keep the projects safe in this era. Organizations that are dedicated to running bot detection services have dramatically more expertise and resources to offer than us – especially the ongoing work of keeping up with the cat-and-mouse game of bot detection and evasion as it changes each year.
We’ve always operated Wikipedia in the most privacy-sensitive way we can, which has helped us avoid the kind of casual information sharing and online tracking that has become so common to the modern web. To maintain this commitment, we’ve set it up so that hCaptcha cannot see raw IP addresses of visitors, nor will it be able to see what specific actions are being taken or what URLs are being accessed. Any information about visiting devices that does get collected as part of bot detection will be discarded by hCaptcha within 10 days.
Our Legal department has approved such implementation of hCaptcha and confirmed that it is in line with our Privacy policy and Terms of Use.
hCaptcha is already live on test2wiki, where you can test it out today. If you do test it out manually, bear in mind that you are unlikely to actually see a CAPTCHA-style puzzle due to how hCaptcha works (see below).
How the bot detection trial will work
Unlike our current CAPTCHA, with this new approach, the service will work primarily invisibly. Most visitors (around 99.9%) will never see a puzzle to solve at all.
For those visitors that do see a puzzle, they will need to complete it to create an account. These are visual puzzles, but for users with sight issues or other accessibility needs, a text-based puzzle is available that can be completed using only a keyboard.
The service will send back a “risk score” that is their confidence level in the account having been made by an inauthentic user. This risk score will not be public, but will be saved privately to enable analysis and responses to potentially bot-driven activity by WMF and volunteer investigators.
Visitor IP addresses will not be sent to the service – all requests to the service go through a proxy we host ourselves that drops raw IPs and uses hashed versions instead.
The code we load from the service will be sandboxed so that it cannot see or interfere with the page context of the user session, and so that the service can’t see the specific URL of the page.
During the trial we’ll be analyzing how bots are engaging with the wikis, making sure hCaptcha isn’t making it unexpectedly harder to use Wikipedia, and identifying any further privacy and security measures we can take. We will review this analysis, and will engage publicly with the communities about how the trial went, before we make decisions on expanding the use of hCaptcha to replace our current CAPTCHA.
See our project page for more technical details and more information about risks and how we are mitigating them. See also our Diff post to read an expanded version of this announcement. Subscribe to our newsletter to stay in touch.
Thanks to the team for your work on this – I have really appreciated the thoughtfulness with which you've approached this deployment. I particularly appreciate the trial to collect data that informs technical decisionmaking going forward: I know that we're not yet confident about just what kinds or volume of abuse will be best addressed through this new service vs. other technical solutions vs. existing infrastructure, but I fully support the experimentation that it will take to gather the data to answer this question. Best, KevinL (aka L235·t·c) 15:02, 4 September 2025 (UTC)[reply]
I hope the trial is successful (just about anything must be better than CAPTCHA) but if it is not please accept that it has been unsuccessful. Far too many times I have seen things being trialled in Wikipedia and then the trial being lauded as a success (my guess is because of the sunken costs fallacy) when it is not. Phil Bridger (talk) 16:14, 4 September 2025 (UTC)[reply]
Will the risk score be available to checkusers? Similarly, will account creation attempts that were rejected due to hCaptcha feedback be logged in the CU database? RoySmith(talk)16:47, 4 September 2025 (UTC)[reply]
@RoySmith While we won't get into great detail here about exactly what checkusers will see, we were a little more explicit about incorporating these signals into investigation tools in our blog post: "We are also planning to incorporate the bot detection data we get from this into the tools we provide to our trusted volunteer investigators to respond to sockpuppeting and other inauthentic activity." We'll soon have a product page going up with some public details. EMill-WMF (talk) 18:01, 4 September 2025 (UTC)[reply]
The blog post says that the service drops raw IPs and uses hashed versions instead, but if the hash function is deterministic, one can easily create rainbow tables mapping each IP to a unique hash. Of course, if by hash you mean a randomly generated UUID, then this won't be a problem. I would say that some IPs are more problematic than others (proxies, botnets, etc.), so it might be worthwhile to do some local processing with, say, the Spur databases.
This is a massive change and would likely require site-wide consensus (listed at WP:CENT and everything). Introducing nonfree code onto Wikimedia sites can be seen as even more drastic than adding AI summaries to articles, especially when that code is obfuscated and performs deep fingerprinting of the browser (or device, for Wikipedia's mobile apps), including canvas fingerprinting.
Using a deliberately exaggerated configuration (navigator.webdriver === true, Chrome on Windows 10, user agent claims Firefox on Windows 10, DevTools set to emulate a mobile device), I managed to get an hCaptcha to appear and even got one of their text captchas. I had to solve 3 of these:
Within this data string 4355 * 8591 9489 + 7025 - 1616, retrieve the penultimate set of numerals
Find the center collection of numbers from the data shown: 3186 ... 5233 / 6930 * 2367 ... 2090
Point out the second group of digits in the provided set: 1821 9018 | 2321 - 7393 % 4377 ^ 2352
This was surprising, as I thought it would ask questions like "What is the colour when you look up on a sunny morning and there's no roof?", but it's all numbers. I'm pretty sure I got the first one wrong (I typed 81 when I was supposed to type 7025), but it still accepted my answer (despite the navigator.webdriver value ¯\_(ツ)_/¯).
@EMill-WMF, (and @Chaotic Enby) and I had a conversation about the fingerprinting aspect of the scripts, the long and short is that iff hCAPTCHA keeps the promises/guarantees they claim to provide, the risk of device re-identification by hCAPTCHA is low even through highly invasive techniques is low because they do not have access to surrounding information that identifies you as a contributor to Wikipedia. There is a seperate conversation to be had about the non-free nature of the code, but I think that a necessary tradeoff within this context. Sohom (talk) 16:28, 7 September 2025 (UTC)[reply]
Thanks for the ping. One of the key aspects is Any information about visiting devices that does get collected as part of bot detection will be discarded by hCaptcha within 10 days, which hasn't been explicitly codified in the contract with hCaptcha, and is currently more of a "verbal agreement" as far as I understand it. If this is followed through, there is less worry to be had, but codifying it could be a helpful step in terms of trust.Beyond that, I am sad to see that the possibility of running the hCaptcha model locally (which was mentioned during the conversation) hasn't been elaborated on in this announcement.Chaotic Enby (talk · contribs) 21:33, 7 September 2025 (UTC)[reply]
"hasn't been explicitly codified in the contract with hCaptcha" – If this is true then any kind of hCaptcha rollout is a non-starter, and it's concerning that this hasn't been communicated clearly in the original post or at mw.
Yeah, that's not acceptable and the initial communication is bad and misleading. The opening message here stated that the data "will be discarded by hCaptcha within 10 days"immediately before a sentence starting with "Our Legal department has approved such implementation of hCaptcha ..." with no mention of 180 days.
I'm sure the WMF and involved parties are trying to communicate openly, but the statements given so far give a false impression of what the reality of the agreements in place are. Device fingerprinting data is sensitive, and the difference between retaining sensitive data for ten days vs half a year is massive. A "verbal agreement" with hCaptcha is inadequate to ensure such sensitive user data is properly protected, and if WMF's legal team hasn't advised the same then I'd be very surprised. fifteen thousand two hundred twenty four (talk) 03:11, 9 September 2025 (UTC)[reply]
To my understanding of how this is came to be is that folks at hCAPTCHA have told engineers at the WMF that the way their current systems are architected, their systems only store customer data for 10 days for everyone. It is my understanding that WMF staff did not push for this 10 day restriction to be codified in the contract for specifically the trial period since there was a understanding the systems handling such data would not change significantly during that time period. A point to note is that, if the WMF terminates their contract with hCAPTCHA, per their ToS, WMF can ask for all the data to be deleted and destroyed. I'm not sure if this arrangement will continue going forward, after the trial, but my understanding is that is up for debate. (For what it's worth, I've lobbied for the 10-day data retention policy to be codified in the contract in conversation because of similar concerns to the ones you raise) Sohom (talk) 03:57, 9 September 2025 (UTC)[reply]
Thank you for cluing me into the backstory, my feelings remain unchanged. The WMF really shouldn't play fast and loose with user data like this. The data is sensitive and real, trial or not. The fact that this concern was raised previously and went unresolved and uncommunicated is disappointing and concerning. fifteen thousand two hundred twenty four (talk) 04:13, 9 September 2025 (UTC)[reply]
I am not especially worried either about hCaptcha keeping the user data from the trial. My bigger concern is that the contract for the trial might be used as a template for a future rollout, and will not address the 10 day restriction explicitly. This is compounded by the fact that this legal aspect wasn't mentioned in either announcement, meaning that the WMF might not be especially careful with codifying it. As Sohom said, the current data retention systems aren't a cause of worry, but third-party companies can easily change their architecture without giving us time to renegotiate the terms of the contract, if safeguards aren't codified in writing. Chaotic Enby (talk · contribs) 13:10, 9 September 2025 (UTC)[reply]
"the current data retention systems aren't a cause of worry" – This is also based on hCaptcha saying "trust us". I'm assuming the WMF was not given access to perform an audit themselves, so it's just the word of a for-profit company that tracks users at scale (to prevent abuse of course) that they only retain data for 10 days despite their ToS having a carve out for 180 days. A layperson should be skeptical, a lawyer should be scowling.
The fact that this is a trial is no different than if it is a full rollout when it comes to protecting user data, the data is the same and is just as sensitive as it will be during a full rollout, and the trial is not limited to ten days, so there is no strong legal barrier to hCaptcha retaining data for longer than what has been described in these announcements.
I think the difference between "a commitment by the vendor" and "a legal commitment by the vendor" is not zero, but not beyond the ability of WMF to judge, alongside meaningful other tradeoffs that forcing a legal commitment now for this trial could bring in timeline, cost, etc. Yes, we should make our position as a community known (that it would be much better to have a legal commitment). But in my view, this is not a blocker. Best, KevinL (aka L235·t·c) 23:53, 9 September 2025 (UTC)[reply]
A reasonable view. I think the community should be afforded the opportunity to make that judgement since it directly impacts the privacy of individual users, however due to lacking communication from the WMF it seems that the community is going to go mostly unawares which is possibly the more serious issue here. fifteen thousand two hundred twenty four (talk) 00:04, 10 September 2025 (UTC)[reply]
the part about using aggregate/de-identified data for “any purpose” also seems pretty vague and makes me nervous as well. There’s no industry standard term for what that means and in a lot of places and cases it’s not anonymized such that it can’t be de-anonymized. I have no idea whether this company does or doesn’t handle this well, but it’s all on faith. Driftingdrifting (talk) 04:11, 9 September 2025 (UTC)[reply]
hCaptcha's puzzles are image labeling tasks. The makers of hCaptcha also sell image labeling services to other companies - the labor involved is the labor of the users solving these hCaptcha tasks. Would Wikipedia's users be part of this labor pool? What sort of compensation would Wikimedia be getting for selling this labor? MrOllie (talk) 15:00, 7 September 2025 (UTC)[reply]
@MrOllie, citation needed, to my understanding, the CAPTCHA's served at Wikimedia are math puzzles and "move this shape here" which are typically more about mouse movement than image labelling. Sohom (talk) 15:07, 7 September 2025 (UTC)[reply]
No, if you get served a challenge, it will probably be an image labelling task (I tested it), though you can switch to a text-based "Accessibility Challenge" (see comment above). hCaptcha apparently still sells their labelling services despite them ending their payment program. Although, based on the fact that Enterprise users couldn't earn rewards for solves at all originally, I'd wager that hCaptcha simply does not send data labelling tasks to Enterprise users. I don't know where you got "math puzzles" from, although hCaptcha does sometimes use "move this shape here" puzzles. OutsideNormality (talk) 15:18, 7 September 2025 (UTC)[reply]
I was involved in testing some of this before this post was made, the CAPTCHA challenges that were served to me were almost always "move this shape here" and math/digit-based challenges in text mode. Sohom (talk) 15:45, 7 September 2025 (UTC)[reply]
For (non-public information reasons) hCAPTCHA's docs seem to be somewhat outdated, which is why I chose to ignore them (that's on me) :) Sohom (talk) 15:58, 7 September 2025 (UTC)[reply]
Going off into the weeds a bit, it would be interesting if we could customize this into some wiki-specific task, say "Select all the images containing a misspelled word", and showing them real screenshot fragments with words some automated process suspects might be misspelled. In addition to the bot-filtering function, it would also get some useful work done for the encyclopedia. RoySmith(talk)15:58, 7 September 2025 (UTC)[reply]
A big change from our current CAPTCHA, where every use of it involves solving a challenge, is that hCaptcha can work invisibly, and we've configured it so that the challenges are supposed to be quite rare (0.1% or less of the time). So, while we certainly do still have to care about them from a usability and accessibility perspective, they likely won't be at a volume that would be useful for deriving secondary value. EMill-WMF (talk) 19:33, 7 September 2025 (UTC)[reply]
The focus on IP and a cookie subset in the privacy discussions feels a little disingenuous. While I appreciate the effort to obfuscate IP addresses (assuming that hash is appropriately salted, otherwise it’s a nearly useless gesture), I’m a lot more concerned about the “thousands” of signals they are using to uniquely identify my browser. JavaScript + HTML5 include some very invasive, privacy violating features that it sounds like are now being shared with a third party? I’m more worried about that than IP tracking. Driftingdrifting (talk) 04:33, 9 September 2025 (UTC)[reply]
There is no meaningful technical way to isolate/elide those browser-based signals. Any attempt to do that would be not sustainable in the long term as a solution. Sohom (talk) 12:56, 9 September 2025 (UTC)[reply]
That's very true, but for me that feels more like a reason to either not do this or to be absolutely rock-solid in the privacy agreement with this company. I'm less than convinced this is impossible for them to do themselves if they wanted to, where WMF makes tech investments continues to baffle me; this seems like it should be up there in terms of priorities and it isn't rocket-science. Driftingdrifting (talk) 14:57, 9 September 2025 (UTC)[reply]
As the latest human authentication methods are based on behavioural analysis, large training datasets are invaluable for improvements. Even if the WMF were to turn on human authentication tests for everyone logging in, I think companies dominant in the field are able to collect much more data and have an ongoing revenue stream to support continually improving their models. To be able to match countermeasures that are also continuously updated, the WMF would need a business model that supported collecting a lot more data, and that would likely mean spinning up a for-profit subsidiary and attaining significant market share. isaacl (talk) 17:29, 9 September 2025 (UTC)[reply]
I'm less than convinced this is impossible for them to do themselves if they wanted to. My understanding is that filtering bot traffic is a game of whack-a-mole that would be hard to do in-house. Using a third party service that specializes in it and is used on multiple major websites makes those tools better than what we could develop. –Novem Linguae (talk) 20:34, 9 September 2025 (UTC)[reply]
I don't know much about current bot detection technologies, so I can't speak for whether hCaptcha is the right one or not. But I do agree with the idea that we can't be experts at everything and shouldn't try. There's a ton of things that need to get done that can only be done in-house. I'm sure we could all reel off a list of a dozen "must have" features or bug fixes that we want done in the MediaWiki code base by yesterday. Every person-hour spent working on bot detection is a person-hour that can't be spent on those things.
This is the kind of thing that benefits from a broad customer base. Let's say our bot detection vendor has (to pick an absurdly low number) 100 customers. If some new bot attack springs up and is launched against one of their other customers, the vendor starts working on analyzing it and implementing counter-measures. By the time the bot master gets around to launching it at us, the fix may already be in and we're protected. RoySmith(talk)20:54, 9 September 2025 (UTC)[reply]
I understand that I'm not the first user to make this complaint, but I'm astonished that the Foundation still feels the need to run extreme, screen-filling pleas for donations. I'm not sure how worldwide or coordinated these campaigns are across different WMF chapters, but (at least in Australia) Wikimedia places giant banners begging for donations on the Wikipedia homepage when logged in, and fills the entire screen with a similar plea for money when one even clicks on an article if they aren't logged in! Is this not just a bit excessive? The Foundation's article on this wiki has a whole section titled Excessive spending and fundraising and asserts that its budget has a "significant surplus" and that it's in ownership of "vast money reserves". Why on Earth does the WFM feel the need to use this Wiki to grab at users' wallets at every opportunity? Loytra (talk) 08:08, 7 September 2025 (UTC)[reply]
The short answer is that anything "obnoxious" the WMF does in donation banners has been A/B tested to work better than not doing it, getting more donations. Overall year over year, I think traffic to Wikipedia is declining because search engines and AI are using our content, so the overall strategic situation isn't great. The "significant surplus" and that it's in ownership of "vast money reserves" part is probably talking about the Wikimedia Endowment, which works like a retirement account but for organizations. The idea behind retirement accounts is to build up a huge reserve of money, invest it, then live off the interest, making it self-sustaining. So just because the WMF has a ton of money doesn't mean they should cancel all fundraising and spend the endowment down to $0. They are in my opinion prudently trying to build up the endownment so that it can generate enough interest to fund things in perpetuity. Hope that explanation makes sense. –Novem Linguae (talk) 09:56, 7 September 2025 (UTC)[reply]
Also this from the August 2025 Readers Newsletter: Wikipedia's pageviews have either stayed flat or declined in the past few years, while global internet usage has increased. This means that the percentage of internet users that find, use, and appreciate Wikipedia is decreasing significantly.Some1 (talk) 17:41, 7 September 2025 (UTC)[reply]
What on earth is that page, key takeaways, the tiny actual article, and then an FAQ section all identical. Columbia business school? Anyway, if anyone actually knows what is meant by articles whose content resembles what ChatGPT would generate (generalist articles?), it would be interesting to know. CMD (talk) 02:31, 8 September 2025 (UTC)[reply]
@Chipmunkdavis, Sections 2.1 and 2.2 in the paper explain this. They looked at articles created from 2021-12 to 2023-11 (to straddle the launch of ChatGPT). They cross reference that against the top 1000 most viewed articles per month to get 2206 articles created recently with high pageviews. Then they prompt Chat GPT 3.5 turbo with each of those articles:
"You are an assistant whose task is to write an encyclopedic article for a given topic chosen by the user, similar to those found on Wikipedia. Generate an encyclopedic article in English with title "[title of actual Wikipedia page]"
They compute a similarity score between the actual text of the Wikipedia article and the text Chat GPT generates. And their analysis goes on from there to say that articles that had high similarity experienced a drop in pageviews. But from figure 2(a) there on page 3 of the paper, the drop looks kind of tiny. And there's a bigger increase in pageviews to dissimilar articles.
As someone who works on this data, I'd have to do a lot of work to validate that what they found actually suggests what they say. Because there are just too many moving parts to make this clean of a conclusion. But it's certainly thought provoking. Milimetric (WMF) (talk) 13:47, 11 September 2025 (UTC)[reply]
Thanks. Agree with the concerns, and I'm not sure bucketing all articles as a binary similar/dissimilar is sensible at any rate. The data also suggests overall page views went up after ChatGPT's launch, which is not in my priors. I wonder which articles are more similar, my instinct is that it is the niche ones where Wikipedia is the primary accessible source. CMD (talk) 15:07, 11 September 2025 (UTC)[reply]
Just out of curiosity and planning(cause I kinda want to do something regarding it) where can I see a full list of newly "born", incubated and shut down(both ones that didn't get out of Incubator and ones that did) Wikimedia projects? Brickguy276 (talk) 20:05, 8 September 2025 (UTC)[reply]
Is there anyone at the foundation who can confirm that this attempt at contact actually happened? Or is the Nypost just making it up (as usual) Trade (talk) 22:17, 9 September 2025 (UTC)[reply]
Based on the nypost article and looking at the AFD, this nypost article seems to be a knee jerk to fan the flames of their dislike of liberal bias on WP. The AFD closed almost by snow to keep and they apparently did not look at that, only that it got nominated. It's a puff piece we should not worry about. Masem (t) 22:37, 9 September 2025 (UTC)[reply]
Our proposal in a nutshell: Temporary accounts offer improved privacy for users editing without an account and improved ways to communicate with them. They have been successfully rolled out on 1046 wikis, including most large Wikipedias. English Wikipedia has defined the criteria for Temporary Accounts IP Viewer (TAIV) right and granted it to 100+ users. We plan to launch temporary accounts on enwiki on October 7th. If you know of any tools, bots, gadgets, etc. using data about IP addresses or being available for logged-out users, please help test that they work as expected and/or help update these.
Hello, from the Product Safety and Integrity team! We would like to continue the discussions about launching temporary accounts on English Wikipedia. Temporary accounts are relevant to logged-out editors, whom this feature is designed to protect, but they are also very relevant to the community. Anyone who reverts edits, blocks users, or otherwise interacts with logged-out editors as part of keeping the wikis safe and accurate will feel the impact of this change.
Temporary accounts have been successfully deployed on almost all wikis now (1046 to be precise!), including most large Wikipedias. In collaboration with stewards and other users with extended rights, we have been able to address a lot of use cases to make sure that community members experience minimal disruption to their workflows. We have built a host of supporting features like IP Info, Autoreveal, IPContributions, Global Contributions, User Info etc. to ensure adequate support.
With the above information in mind, we think everything is in good shape for deploying temporary accounts to English Wikipedia in about a month, preferably October 7th. We see that your community has decided on the threshold for non-admins to access temporary accounts IP addresses, and there are currently over 100 non-admin temporary account IP viewers (TAIVs).
The wikis should be safe to edit for all editors irrespective of whether they are logged in or not. Temporary accounts allow people to continue editing the wikis without creating an account, while avoiding publicly tying their edits to their IP address. We believe this is in the best interest of logged-out editors, who make valuable contributions to the wikis and who may later create accounts and grow the community of editors, admins, and other roles. Even though the wikis do warn logged-out editors that their IP address will be associated with their edit, many people may not understand what an IP address is, or that it could be used to connect them to other information about them in ways they might not expect.
Additionally, our moderation software and tools rely too heavily on network origin (IP addresses) to identify users and patterns of activity, especially as IP addresses themselves are becoming less stable as identifiers. Temporary accounts allow for more precise interactions with logged-out editors, including more precise blocks, and can help limit how often we unintentionally end up blocking good-faith users who use the same IP addresses as bad-faith users. Another benefit of temporary accounts is the ability to talk to these logged out editors even if their IP address changes. They will be able to receive notifications such as mentions.
How do temporary accounts work?
When a logged-out user completes an edit or a logged action for the first time, a cookie will be set in this user's browser and a temporary account tied with this cookie will be automatically created for them. This account's name will follow the pattern: ~2025-12345-67 (a tilde, year of creation, a number split into units of 5). All subsequent actions by the temporary account user will be attributed to this username. The cookie will expire 90 days after its creation. As long as it exists, all edits made from this device will be attributed to this temporary account. It will be the same account even if the IP address changes, unless the user clears their cookies or uses a different device or web browser. A record of the IP address used at the time of each edit will be stored for 90 days after the edit. Users with Temporary Accounts IP viewer right (TAIV) will be able to see the underlying IP addresses.
This increases privacy: currently, if you do not use a registered account to edit, then everybody can see the IP address for the edits you made, even after 90 days. That will no longer be possible on this wiki.
If you use a temporary account to edit from different locations in the last 90 days (for example at home and at a coffee shop), the edit history and the IP addresses for all those locations will now be recorded together, for the same temporary account. Users who meet the relevant requirements will be able to view this data. If this creates any personal security concerns for you, please contact talktohumanrightswikimedia.org for advice.
For community members interacting with logged-out editors
A temporary account is uniquely linked to a device. In comparison, an IP address can be shared with different devices and people (for example, different people at school or at work might have the same IP address).
Compared to the current situation, it will be safer to assume that a temporary user's talk page belongs to only one person, and messages left there will be read by them. As you can see in the screenshot, temporary account users will receive notifications. It will also be possible to thank them for their edits, ping them in discussions, and invite them to get more involved in the community.
User Info cardWe have recently released the User Info card feature on all wikis. It displays data related to a user account when you tap or click on the "user avatar" icon button next to a username. We want it to help community members get information about other users. The feature also works with temporary accounts. It's possible to enable it in Global Preferences. Look for the heading "Advanced options".
For users who use IP address data to moderate and maintain the wiki
For patrollers who track persistent abusers, investigate violations of policies, etc.: Users who meet the requirements will be able to reveal temporary users' IP addresses and all contributions made by temporary accounts from a specific IP address or range (Special:IPContributions). They will also have access to useful information about the IP addresses thanks to the IP Info feature. Many other pieces of software have been built or adjusted to work with temporary accounts, including AbuseFilter, global blocks, Global Contributions, User Info, and more.
For admins blocking logged-out editors:
It will be possible to block many abusers by just blocking their temporary accounts. A blocked person won't be able to create new temporary accounts quickly if the admin selects the autoblock option.
It will still be possible to block an IP address or IP range.
Temporary accounts will not be retroactively applied to contributions made before the deployment. On Special:Contributions, you will be able to see existing IP user contributions, but not new contributions made by temporary accounts on that IP address. Instead, you should use Special:IPContributions for this.
See our page Access to IP for more information about the related policies, features, and recommended practices.
If you know of any tools, bots, gadgets etc. using data about IP addresses or being available for logged-out users, you may want to test if they work on testwiki or test2wiki. If you are a volunteer developer, read the documentation for developers, and in particular, the section on how your code might need to be updated. If you know of tools, bots or gadgets that have not yet been updated and you don’t know of anyone who can update these, please reach out to us.
If you want to test the temporary account experience, for example just to check what it feels like, go to testwiki or test2wiki and edit without logging in.
Tell us if you know of any difficulties that need to be addressed. We will try to help, and if we are not able, we will consider the available options.
To learn more about the project, check out our FAQ – you will find many useful answers there. You may also look at the updates and subscribe to our new newsletter. If you'd like to talk to us off-wiki, you will find me on Discord and Telegram.
We would like to thank stewards, checkusers, global sysops, technical community members, enwiki functionaries and everybody else who has contributed their time and effort to this project. Thank you for helping us get here. NKohli (WMF) and SGrabarczuk (WMF) (talk) 11:38, 11 September 2025 (UTC)[reply]
It's still not clear to me what would be allowed to discuss publicly.
Temp account X seems the same as Temp account Y
Temp account X seems the same as older IP editor Y
We should rangeblock IP adresses X to stop temp account A, B and C
Temp account X is a school account for school X / a government account for department Y / ...
...
Should all these only be had "behind closed doors" somewhere, or are these allowed in the same circumstances as we would discuss them now (SPI, ANI, ...)? Fram (talk) 11:53, 11 September 2025 (UTC)[reply]
Thanks @Fram, first we wanted to emphasize, to make it just clear to everybody around, that temp accounts are just a different paradigm; they don't match 1:1 with IPs, and in some cases it doesn't make sense or there's no need to link them with IPs 1:1.
These restrictions only apply when you (1) use data from the IP reveal tool to make the link and (2) discuss publicly. All of the above can be discussed in a private venue where only TAIV users can see the information. Also if the link is only behavioral, then any user, including those who have TAIV, can make the link publicly. But if you do have TAIV and talk publicly, there may be an implication that you used the tool to make the link. CUs often get around this by declining to comment about IPs if they have run CU on a user, so they can avoid the implication that they linked the IP and user together using CU data.
Now to your questions:
This is OK if necessary for anti-abuse purposes, and you can even say "Temporary account X is using the same IP address as temporary account Y" as long as you don't mention the specific IP.
Not publicly, unless the link is made purely through behavioral evidence (i.e. edits).
Not publicly. You can, however, say "Please block the common IP ranges used by temporary accounts A, B, and C" publicly where the admin could use IP reveal to find which range you were talking about. Another option for non-admin TAIVs is to say "Please block this IP due to abuse from temp accounts" (without naming the accounts).
If you are using access to IP addresses to get this information, then probably not okay. If using edits, then okay.
Finally, a very important note just for context: on other projects, including large Wikipedias, we have seen a significant decline in IP blocks, indicating that temporary account blocks are often effective remedies for one-off abuse. Even if we agree that English Wikipedia is unique and whatnot, there is a pattern and hopefully discussions about blocking IPs won't be that frequent (phab:T395134#11120266).
Thanks. So access to IP adresses is treated as CU access basically? That seems like a severe step backwards in dealing with vandalism, sockpuppetry, LTAs, ... Curs both ways of course, we now also exonerate people with things like "the IPs used by that vandal located all in country X, but this new IP comes from country Y, making it unlikely to be a sock. This happens in standard ANI discussions and the like, not requiring any CU access, but will no longer be possible for most editors.
Your "Finally, a very important note just for context: on other projects, including large Wikipedias, we have seen a significant decline in IP blocks, indicating that temporary account blocks are often effective" seems like a non-existent advantage. We had many "single" IP blocks, these will be changed to "single" TA blocksn this is not an advantage or disadvantage of TAs. The issues are rarely with the simple straightforward cases.
A very simple example: when I look at the revision history of [10] I immediately see that the last three IP edits are made by the same person, using two IP adresses. If we are lucky, in the future, this would be one temp account. If we aren't lucky, then these would be two completely unrelated temp accounts.
Or take this edit history for a school. Since March, I see different IPs in the 120.22 range; it seems likely that this is either the school or the village or city, so no socking, unless these 4 were all from an IP provider in, say, France, in which case it's much more likely to be the same person in each case. From now on, no more means to raise such issues or notice them if you are not of the few (and if you are, you can't raise it publicly).
Or to make it more concrete still: we have this current ANI discussion where a non-admin raises an issue related to completely disparate IP adresses: "a certain editor who has been editing over several months from various IPs, all geolocating first to South Korea, then more recently to Japan. " If said IP disables or removes cookies, there is no way that most of our editors would be able to adequately see or raise such issues, they would just have to say "there is a range of temp accounts, no idea if there is any connection between them".
@Fram With respect to Your "Finally, a very important note just for context: on other projects, including large Wikipedias, we have seen a significant decline in IP blocks, indicating that temporary account blocks are often effective" seems like a non-existent advantage. We had many "single" IP blocks, these will be changed to "single" TA blocksn this is not an advantage or disadvantage of TAs. [sic] The point being made here is that even in larger wikis there has not a significant requirement to resort to IP blocks (which are still going to be allowed). It appears that based on the trends WMF is monitoring, there is evidence that most typical vandals are not shifting across temporary accounts by disabling or removing cookies. Sohom (talk) 15:08, 11 September 2025 (UTC)[reply]
I understand the point being made, and I don't see the importance of it. Most IP blocks that are now being made also don't require CU, SPI, ANI discussions, ... Basically, for the "easy" IP problems nothing changes, but the more complicated ones get harder to spot, discuss, ... "Most typical vandals" are not the ones I am talking about.
A report like this one from this month could no longer be publicly posted. In the future, the editor who posted it has temp IP rights, so he could notice that a group of temp accounts is from "This large IP range in Australia ", but wouldn't be allowed to post this fact. They link to an IP range edit log[11] which would no longer be possible in such a discussion, as that would disclose the IPs of the temp accounts. It would lead to such discussions being had in back chambers, out of view of most editors, and more importantly still impossible to be initiated by most editors. That kind of stuff is the issue, not the "one-off vandals will get a 31h block on the temp account instead of on the IP". Fram (talk) 15:19, 11 September 2025 (UTC)[reply]
There's also a lot of "appears to be a one-off-vandals" that with a quick check of some small ranges turns out to be someone vandalizing for months or years. That visibility will be gone, too. ScottishFinnishRadish (talk) 15:21, 11 September 2025 (UTC)[reply]
@ScottishFinnishRadish, @Fram You will still be able list temp-account edits by IPs and ranges at [[Special:IPContributions/<insert IP address here>]]. I don't understand how we suddenly be unable to make the requests that you are pointing to. Sohom (talk) 15:49, 11 September 2025 (UTC)[reply]
I will not request the temp IP viewer right under the above rules. I have had one ridiculous outing block for coupring someone's handle to someone's real name, even though they were listed as such on their Wikidata page and they used both in combination elsewhere as well: I will not risk getting another block because I somehow "outed" and IP address I learned through that right but was not allowed to share with the masses no matter how useful that might be. And no admin c.s. will be allowed to show such IPcontributions list when they may not reveal the IP address behind the temp account name. Fram (talk) 15:54, 11 September 2025 (UTC)[reply]
That's on you, the above directive is pretty explicit that you can report "hey Special:IPContributions/192.168.0.0/16 (not exactly that, but you get the drift) is a bunch of school kids, can a admin block it" or "hey Special:IPContributions/192.168.0.0/24 appears to a bunch of temporary accounts with very similar disruptive edits to game engines". It's a change of vocabulary yes, but the kinds of reports you are talking about are definitely doable and not being explicitly disallowed. Sohom (talk) 16:05, 11 September 2025 (UTC)[reply]
""hey Special:IPContributions/192.168.0.0/24 appears to a bunch of temporary accounts with very similar disruptive edits to game engines". " That makes no sense. IPs are not temporary accounts. And in any case you restrict such reports and the checking of such reports!), now made by regular editors (see my link to such a report in the current ANI) to a much smaller group of people. By the way, the people with the right can see the IP address belonging to a temp account: but can they easily do the reverse? Fram (talk) 16:14, 11 September 2025 (UTC)[reply]
appears to be a bunch of temporary accounts sorry for the typo. (A IP range can map to multiple temporary accounts since a TA corresponds to a machine). Also, you do realize that almost anyone with rollback or NPR will be able to make the same report with no problems. The persons who will be able to take action (i.e. block, revert) is already limited and almost all of the folks who can respond will already have TAIV (or will be handed TAIV at PERM with zero questions). Sohom (talk) 16:28, 11 September 2025 (UTC)[reply]
Yes, and when they state "Special:IPContributions/192.168.0.0/24 includes temp accounts X, Y and Z, two of which have been blocked already" or some such, they should get blocked for outing as making that claim publicly (linking IP to temp account name) will be disallowed. If we follow the WMF rules on this, people will need to be very, very careful not to accidentally break them. Even claiming "temp accounts X, Y and Z all locate to Perth, Australia, so are likely socks" is not allowed, as one can only know that through the IP adresses, and publicly stating anything learned by seeing the IP addresses is, again, not allowed. Fram (talk) 16:49, 11 September 2025 (UTC)[reply]
So that'll add how many seconds to the average task that is done 10,000 times a month by a few dozen people? A ten second increase adds dozens of hours per month to an already overwhelmed workflow. Or this extra stuff doesn't get checked anymore, which is more likely, and everyone wastes even more time dealing with unmitigated vandals. ScottishFinnishRadish (talk) 16:44, 11 September 2025 (UTC)[reply]
@ScottishFinnishRadish, If your gripe here is "this adds 10 seconds to a existing workflow", I see that as a okay tradeoff to the other alternative, which is "WMF (and Wikipedia) gets sued out of existence by frivolous GDPR lawsuits" or "we lose legitimately a significant chunk of good contributions from IP addresses by blocking all IP editing". Sohom (talk) 18:10, 11 September 2025 (UTC)[reply]
You forgot "there's not enough labor available to keep up with the increased workload and trying to keep up leads to administrator burnout and even less labor available for the increased workload which leads to increased burnout..." ScottishFinnishRadish (talk) 18:14, 11 September 2025 (UTC)[reply]
@ScottishFinnishRadish Admin burnout and not electing enough admins is a "us" problem. The fix is nominating folks at WP:AELECT, WP:RFA (the very same processes you are defending as set in stone) and fighting to make it easier for the community member to elect worthy candidates to adminship, not arguing against the implementation of a system that has been brought on to prevent us from being sued from existence and where WMF has put in significant effort into reducing the friction down to 10 seconds. Sohom (talk) 18:22, 11 September 2025 (UTC)[reply]
Uh, the very same processes you are defending as set in stone, what?We don't actually know what the additional time required will be, and having worked with the interface to place over 13,000 blocks, I think 10 seconds is on the low end of the scale. Editor and administration time is not cheap and putting a system in place that will result in a huge increase in labor cost without looking at the available labor is probably going to be worse than what we've seen at ptwiki.We're routinely dealing with bot attacks that will require an IP block as well as a temporary account block that use multiple IPs a minute. The end result of increasing the workload of defending against these attacks is no one actually doing the work. ScottishFinnishRadish (talk) 18:34, 11 September 2025 (UTC)[reply]
Uh, the very same processes you are defending as set in stone, what? - We are talking about the inflexibility of community processes to deal with TAs and why they might not scale.
We don't actually know what the additional time required will be, and having worked with the interface to place over 13,000 blocks, - While I respect your opinions here, I think you are overestimating the amount of time here, you see a bunch of edits across different TAs, a non-TAIV editor starts reverting posts on AIV that a bunch of TAs are posting similar edits, a admin looks at the IP addresses for a few accounts (two or three more extra click than normal), clicks on the IPContributions and widens the search space untill all the TAIVs listed in the AIV report are covered and blocks the IP range and we are done. (If a TAIV editor sees the same edits, they directly report the IP address range and a admin blocks). I do understand your point about friction but I don't see it in the vast majority of the cases we aren't adding anywhere the amount of friction where folks will "just not do it". (and I assume with time user-scripts will be developed to make process smoother and less clicks). Sohom (talk) 19:42, 11 September 2025 (UTC)[reply]
There is Autoreveal mode for users with the checkuser-temporary-account-auto-reveal right, which reduces friction for users who need to be able to scan a list of IP addresses of temporary accounts when viewing logs. KHarlan (WMF) (talk) 21:03, 11 September 2025 (UTC)[reply]
Thanks. So if, there is an IP vandalizing pages infrequently over months or years, and once discovered, I would like to go back to check if their previous edits were also reverted, that would now be impossible? ARandomName123 (talk)Ping me!17:39, 12 September 2025 (UTC)[reply]
That was my thought as well. Even if someone who cleans up/investigates copyvio has TAIV, the lookback seems quite limited so you would have to hope that each temp account is doing something obvious on a behavioral level to link them. And then that circles back to if you can name a CCI after an IP address & list the temp accounts there. @SGrabarczuk (WMF): I'm not comfortable with "it may actually be OK to document IPs" - there should be definitive clarification one way or other before the rollout occurs. Sariel Xilo (talk) 20:03, 12 September 2025 (UTC)[reply]
Even if we agree that English Wikipedia is unique and whatnot, there is a pattern and hopefully discussions about blocking IPs won't be that frequent (phab:T395134#11120266). I hope we agree that if EnWiki isn't unique, it's uniqiue in size (though I would argue that EnWiki, like all other large projects actually is unique in its practices and challenges, even if much is common). And so even if the number of range blocks decrease, the scale of exceptions may cause more problems than even other large projects. Best, Barkeep49 (talk) 15:09, 11 September 2025 (UTC)[reply]
I think this line of thinking (disabling IP editing) is short-sighted and will lead to a eventual demise of the the project (if we don't let people know we allow editing, we lose potential new editors/contributors). We should not' be making it harder for people to edit, instead we should be looking at ways to make it easier for folks to engage and edit our content (especially in the context of the fact that a lot of our content is being indiscriminately being remixed by AI). Sohom (talk) 13:07, 11 September 2025 (UTC)[reply]
Bizarrely, the only major test we have had of this has not in any way lead to the demise of said project. Protuguese Wikipedia has disabled IP editing since October 2020 (according to the Temp Accounts FAQ, question "Would disallowing or limiting anonymous editing be a good alternative?" where the WMF claims "there is evidence that this came at the cost of a significant reduction in non-reverted edits, weakening the growth of content in the Portuguese Wikipedia, and potentially leading to other negative long-term effects."
These claims seem false or at the very least severely overstated (no surprise, sadly, to see this kind of thing when the WMF wants to promote what they want or suppress what they don't want), there is no reduction in the number of editor edits[12] compared to e.g. 2019 (2020-2021, the Covid years, are a bad comparison). The same can be seen for the number of new pages[13]. The number of new editors is stable as well[14].
So contrary to what the WMF claims and what you predict, there are no negative effects from disabling IP editing (on the one large wiki who has done this). Fram (talk) 15:33, 11 September 2025 (UTC)[reply]
The number of new editors is stable as well The chart you linked to shows a slow decline/downward trend since 2020 to the present day (August 2023 was 9K, August 2025 is 7K). Again, this is not a Freenode style sharp drop-off we are talking about but a slow downward decline not unlike stack overflow. Sohom (talk) 15:55, 11 September 2025 (UTC)[reply]
Er, August 2023 was 7894, not 9K. August 2025 was 7227. As comparison, enwiki August 2023 was 93052, August 2025 was 85195. So Pt is at 91.5%, and enwiki is at, hey, 91.5%. Frwiki 11989 / 10656, or 88%. Dewiki 5919 / 5594 = 94.5%. So it seems like the decline for ptwiki is exactly in line with that of other large Wikipedia versions in general, and identical to the enwiki one. Fram (talk) 16:07, 11 September 2025 (UTC)[reply]
I misspoke, I meant June 2024, I think we can quibble statistics for a hot second, but there is a significant anecdotal and UX research behind the fact that you present people with a "sign up before doing the thing" screen, you see a steady user-attrition in that area of the funnel. If you are telling me that Wikipedia is somehow so special that this doesn't apply, I'm going to need a to see a lot more data than what you are showing me at the moment. Sohom (talk) 16:22, 11 September 2025 (UTC)[reply]
So you have no evidence for your claims, you compared apples and oranges, but according to you it should happen as you predict and I somehow need more than figures of the past 5 years to prove that this didn't that didn't materialize, actually didn't materialize? Perhaps what you and your "sighificant anecdotical research" e.g. haven't taken into consideration, is that there may be many more editors who stick around because they no longer have to deal with lots of IP vandalism?
Anyway, "I misspoke, I meant June 2024"? Oh right, that month with 7880 new editors, that makes all the difference in explaining how you came up with 9K... Please don't make such a mistake a third time or I will have to consider it deliberate. Fram (talk) 16:37, 11 September 2025 (UTC)[reply]
Fram, your message above is extremely adversarial and abrasive. I will refrain from engaging in this particular thread any further unless you reword your statement because your point here appears to be engage with me personally rather than with the issue more broadly. Your comment implies that I'm trying to deliberately misrepresent information in some way, which I sincerely am not and is a asusmption of bad faith.
To explicitly answer your question, there is a clear slow decline visible and yes, I misspoke, I meant June 2023. Also, here is the other thing, we do need some kind of IPMasking, otherwise we open ourselves to lawsuits related to GDPR. I do not have access to any data about editor attrition due to IPMasking, but the whole reason the WMF is doing IP masking is to make sure admins and patroller have the tools they need to still continue doing anti-vandalism even with the legislation-required changes. Best, Sohom (talk) 17:30, 11 September 2025 (UTC)[reply]
I see no reason to change anything in my statement when you cherrypick one month and rwice fail to pick the right one to boot. June 2023 is also a thousand up from June 2022, so what´s that supposed to prove? One doesn´t check trends over 5 or more years by comparing one month from midway in the set with one from near the current end, unless one wants to prove some otherwise unsupported point. Fram (talk) 18:20, 11 September 2025 (UTC)[reply]
If temporary accounts goes poorly - something that seemingly hasn't happened on other large projects - that seems like a logical response for the community to make. However, many people have been in favor of turning off IP editing for a while and so temporary accounts aren't forcing those people, or the community to that position. I have seen the value of IPs on their own merits, and seen the from Editor reflections many editors with registered accounts started as IPs and so we should be careful about turning off that gateway. Best, Barkeep49 (talk) 14:25, 11 September 2025 (UTC)[reply]
This is what's known as the Brussels effect. Its why for example, caps on bottles are tethered in the UK, even though its required under EU law. Countries outside the EU may have this treatment, so that companies don't create a queue for EU and non-EU lanes. JuniperChill (talk) 18:18, 11 September 2025 (UTC)[reply]
I’m concerned that IP info will disappear after 90 days. This will make it difficult to address long term abusers with stable addresses, of which there are a significant number. Instead, we’ll be playing whack a mole every 90 days or so, unless we can somehow retain info on IP use. — rsjaffe🗣️15:10, 11 September 2025 (UTC)[reply]
As I’m thinking about this some more, one way to retain the ip record is to block the ip rather than the temp account when we suspect a long term abuser with perhaps a stable ip. If the block of the ip isn’t sufficient, then block the temp account. — rsjaffe🗣️15:33, 11 September 2025 (UTC)[reply]
As I understand it, I as a CU cannot do this because the Ombuds have decided this is the same as the longstanding prohibition on connecting IPs to an account. But I hope non-CU admins could without jeopardizing the right. Best, Barkeep49 (talk) 15:42, 11 September 2025 (UTC)[reply]
Even CUs can block on behavioural similarities, unless that's changing too. A bigger question is perhaps, if an IP is blocked, is that block visible on the temp account and can others see the reason for the block as they do now? CMD (talk) 15:45, 11 September 2025 (UTC)[reply]
Correct. I could block a temp account based on behavior. But I can't do what SFR and rsjaffe are mooting: block the IP as a signal before blocking the temp account (or at least can't without obfuscating it in some other way). Best, Barkeep49 (talk) 15:50, 11 September 2025 (UTC)[reply]
If the IP is blocked but not the temporary account: All temporary accounts on that IP address will be prevented from editing, because all IP address blocks apply to temporary accounts (even if the IP address block isn't a hardblock)
If the temporary account is blocked but not the IP: The temporary account targeted by the block will be unable to edit. Additionally, if autoblocking is enabled on the block targeting the temporary account then:
The last IP used will be autoblocked for 1 day (in the same way as autoblocking works for registered accounts)
Attempts to edit using that blocked temporary account will also cause an autoblock to be created
Thanks very much, hopefully this can all be collated somewhere. I suppose the remaining question is whether other users see IP blocks and their reasoning, and if so how. CMD (talk) 16:32, 11 September 2025 (UTC)[reply]
Blocks placed on IP addresses will continue to be visible on Special:BlockList and other places that show blocks. However, a user wouldn't be able to see that a temporary account is blocked by an IP address block, unless they use IP reveal (TAIV) to get the IP address and then look for the block targeting that IP (such as opening the contributions page for that IP). WBrown (WMF) (talk) 08:41, 12 September 2025 (UTC)[reply]
Really? If that is the case, how are admins expected to handle say vandalism reports of a temporary account where an IP is already blocked? Always block the temp account as well? CMD (talk) 09:58, 12 September 2025 (UTC)[reply]
If the IP address is blocked, then the temporary account cannot edit. Therefore, the admin wouldn't need to take additional blocking action on the temporary account. However, if the temporary account switches IP addresses then they will be able to edit.
Given that, if the target of the block is intended to be the temporary account the admin should block the temporary account. This will usually mean that it is better to block the temporary account first as opposed to the IP address.
We have seen that blocks of temporary accounts on other wikis have been enough to prevent abuse in most cases. Generally an admin would want to block the underlying IP address(es) if:
If this user has evaded blocks by logging out, waiting for the autoblock to expire, and making another edit
Multiple temporary accounts are editing for a sustained period on the same IP (therefore, it's easier to block the IP than multiple temporary accounts)
The issue I raise is vandalism reports, as given we now can't see if an editor is blocked multiple reports could be made. I suppose an admin could reply "Already IP blocked" and that wouldn't disclose the IP connection, but I suspect if multiple reports come in a dual block of teh temporary account as well will provide the clearest information. CMD (talk) 12:25, 12 September 2025 (UTC)[reply]
This is useful information. Is there any compendium of lessons learned so far? That would help reduce the disruption that I’m sure will occur as we learn over time how to address this new way of tracking unlogged-in users. — rsjaffe🗣️13:19, 12 September 2025 (UTC)[reply]
Or rotate their IPv6 address by simply restarting their router. Autoblocks should inherit the block settings of the TA, and if they are using IPv6 addresses, they should apply across the /64 range as well. ChildrenWillListen (🐄 talk, 🫘 contribs) 20:04, 12 September 2025 (UTC)[reply]
@Barkeep49, I can't block the IP as a signal before blocking the temp account - I'm pretty sure you can, I'd like somebody else to confirm it but as far as I know, this happens on other wikis, it's a tradeoff Legal is OK with. SGrabarczuk (WMF) (talk) 16:17, 11 September 2025 (UTC)[reply]
I'm glad to hear admins can. But (and I would hope @RoySmith or some other Ombud reading this corrects me if I'm wrong) the Ombuds have written that I cannot as a checkuser. They did so in a message sent to checkusers in March and when I wrote in reply I find the implication that CUs will have to take similar measures to blocking two connected IPs as we do to blocking a registered account and an IP address to be incredibly surprising. no one corrected me or said I was misunderstanding in anyway. Best, Barkeep49 (talk) 16:32, 11 September 2025 (UTC)[reply]
It's great that we'll be able to block the temporary account MAB or Salebot is using, then spend additional time to view the IP and check if it's a proxy before placing the proxy block, and if we're lucky finish that process before their bot has moved onto the next temporary account on another IP that will require twice as many blocks and three times as much time to take care of. Or, as Barkeep points out, since we've gotten conflicting information I might have to block the temporary account, find an active checkuser or other trusted editor I can disclose the IP to, have them block it, and waste multiple people's time. ScottishFinnishRadish (talk) 16:49, 11 September 2025 (UTC)[reply]
@Barkeep49 I don't remember your specific comment, but I assume it was in response to the OC's email of 17 March, which is reproduced for public view at meta:Ombuds commission/2025/Temporary Accounts. I encourage anybody reading that to note that it's full of weasel words like "limited experience", "initial", "preliminary guidance", "evolving landscape", "current understanding", etc. I should also point out that just like ArbCom, the OC doesn't make policy; we (again, like ArbCom) just get blamed for trying to enforce it. RoySmith(talk)17:16, 11 September 2025 (UTC)[reply]
On the other hand, if an LTA comes back within 90 days on a new temp account and we can behaviorally link it to the prior temp account, and find that both are on the same ip, then we can go for a prolonged ip block. I think there’s going to be a significant learning curve to this as we figure out how to address chronic abusers. — rsjaffe🗣️16:02, 11 September 2025 (UTC)[reply]
There's also this: When it is reasonably believed to be necessary, users with access to temporary account IP addresses may also disclose the IP addresses in appropriate venues that enable them to enforce or investigate potential violations of our Terms of Use, the Privacy Policy, or any Wikimedia Foundation or user community-based policies. Appropriate venues for such disclosures include pages dedicated to Long-term abuse. If such a disclosure later becomes unnecessary, then the IP address should be promptly revision-deleted. (Source) SGrabarczuk (WMF) (talk) 17:28, 11 September 2025 (UTC)[reply]
You can configure your browser to reject cookies, and in that case, a new temporary account will be created for every edit you make. See this FAQ entry. Note that if you do this, you can edit only 6 times/day before you have to create a real account, per this FAQ entry. OutsideNormality (talk) 03:30, 12 September 2025 (UTC)[reply]
Hi! I want to note that we are not implementing any tracking cookies in your browser. Tracking cookies are used to track your browsing history and activities, typically across multiple websites. We are adding a cookie to attribute your edits to an anonymized username. And your data (IP address) will be stored for a limited amount of time and be exposed to a smaller group of individuals. We have a similar cookie for registered accounts, except that it lasts for a longer time period. -- NKohli (WMF) (talk) 09:32, 12 September 2025 (UTC)[reply]
Cookies don’t anonymize edits, they de-anonymize them. They enable activity to be tracked across IP addresses. (Or whatever you want to call it that isn’t “tracking”—haha, gotcha! It’s totally not tracking because we defined tracking as something you do with muffins, not cookies!) This cookie has no other purpose and I don’t want it. 98.97.6.48 (talk) 00:51, 13 September 2025 (UTC)[reply]
Some questions about temporary accounts:
Would there still be a way for an unregistered user to view all of their own IP's (post-rollout) contributions, or equivalently the list of their own IP's past temporary accounts?
Some questions about temporary account viewers:
If an unregistered user only edits constructively and without engaging in vandalism, trolling, or similar shenanigans, then would it be against the rules for a TAIV to check their IP address, or could they just decide to do it on a whim?
What's stopping a rogue TAIV user from programmatically checking the IP of every single temporary account that has edited in the last 90 days and dumping that list somewhere? Would there be ratelimits put in place or something? 98.170.164.88 (talk) 05:49, 12 September 2025 (UTC)[reply]
To answer your first question about temp accounts, what do you mean by "their own IP"? :) This was a fundamental concern with how we handle unregistered editors. IPs can change, sometimes very rapidly. We cannot say IP 1.2.3.4 is always User ABC.
Contributions made before the launch of temp accounts will not be affected. So a user can see edits made by logged out editors an IP/range from before the rollout. Post rollout, a temporary account holder can look at their contributions from their temp account. If they have happened to have other temp accounts in the past, they'll need to remember which ones those are if they want to see their contributions from those temp accounts.
To answer your questions about temporary account viewers:
The policy lays this out so please refer to it. We tried to make it as succinct and clear as we could. If you have clarifying questions about anything outlined in the policy, please let me know. Happy to answer.
There is a log in place but we do not have any rate-limits. We trust that editors with this right will exercise their judgement and act in the best interests of the project. We also expect that admins will ensure users who are granted this right truly need this right to carry out anti-vandalism efforts.
Chipmunkdavis, Rsjaffe, and other interested parties: I have made an attempt to document the answers to questions in this discussion at User:Perfect4th/Temporary accounts. It's roughly topical; anyone who wishes to or has a better understanding than what I wrote is free to correct it, reorder in a way that makes sense, add further answered questions, etc. Happy editing, Perfect4th (talk) 18:23, 12 September 2025 (UTC)[reply]
Nice. Thanks for making this. Perhaps you should consider moving it to projectspace, or someone should create something similar to it in projectspace. I think a projectspace page to put tips, tricks, and notes on temporary accounts is going to be needed to help get everyone up to speed. –Novem Linguae (talk) 21:07, 12 September 2025 (UTC)[reply]
Just checking — The cookie will expire 90 days after its creation means that the cookie expiration is not refreshed by subsequent visits by the same browser? So an "IP editor" will get a series of user names – a new name per browser every 90 days? Which means that any discussions in the user's talk page will need to be linked or moved to the new account if the discussion is to continue? Is the cookie lifetime 90 days on all wikis? — GhostInTheMachinetalk to me15:35, 11 September 2025 (UTC)[reply]
Since its not possible to delete an account on Wikipedia due to attribution issues, does it mean temporary talk pages will be kept after 90 days? Messages from IP users get deleted after a few years, but remains visible in the edit history. JuniperChill (talk) 18:13, 11 September 2025 (UTC)[reply]
It is up to each wiki to decide how they want to handle the talk pages of old temporary accounts (leave them unchanged, blank them, or delete them). I don't expect enwiki to delete them. jlwoodwa (talk) 23:56, 11 September 2025 (UTC)[reply]
To the best of my understanding: 1. it is 90 days after the temporary account was created (globally, not locally), which is public information, and 2. it has the same effect as blocking it for the remainder of its lifetime (modulo a brief difference in autoblock behavior at the end, perhaps). jlwoodwa (talk) 01:06, 12 September 2025 (UTC)[reply]
To answer your first question: When a temporary account has expired, this information is shown publicly on Special:CentralAuth. For example, at testwiki the temporary account ~2024-10120 is shown as having expired. I am not aware of an interface that shows when a temporary account is expected to expire (though you could estimate this by looking at when the account was registered and comparing it to the current date)
To answer your second question: Any block placed on a temporary account for longer than it's remaining lifetime will succeed. We do not prevent the blocking of temporary accounts for more than 90 days. One advantage with this is because there may be a need to track block evasion. For example:
A temporary account is editing disruptively and an admin decides to block the user behind the temporary account indefinitely (intentionally)
The admin communicates that this block is indefinite and editing the wiki again would be considered block evasion
The user ignores this and, after waiting till their old temporary account expires and waiting for any autoblocks expire, they edit again getting a new temporary account
A different admin receiving the report of block evasion can more easily see that there is still an active block on the first temporary account that applies to the user behind the account. Without a block longer than the expiry time of the temporary account, then the different admin would need to check that the intention was to block the user for more than the lifetime of their old temporary account
If there is no need to block the user behind the temporary account, then a block of 90 days as standard would be enough to always ensure that they are prevented from editing throughout the lifetime of that temporary account
"If there is no need to block the user behind the temporary account, then a block of 90 days as standard would be enough to always ensure that they are prevented from editing throughout the lifetime of that temporary account" Under what circumstances would we ever block a temp account without the need to block "the user behind the account"? Blocks (excluding some username blocks, which aren't relevant here) are always for the user behind the account, and not for the account itself. Fram (talk) 09:21, 12 September 2025 (UTC)[reply]
Yes, I agree that blocks are intended for the user behind the account and so in probably all cases the best approach would be to block the temporary account indefinitely.
I mentioned the last point primarily from the point of view that some wikis have requested that we change the default blocking period for temporary accounts on their wiki to 90 days (T398626). Without a change in blocking policy to indicate 90 day blocks apply to the user indefinitely, these 90 day blocks would no longer prevent that user from editing under the blocking policy after their original temporary account expires. WBrown (WMF) (talk) 09:38, 12 September 2025 (UTC)[reply]
Perhaps one nice thing about temporary accounts will be that they can be blocked like regular users, without special rules about block duration. There are many IPs out there that have only gotten 36 hour blocks or one week blocks, when a full account would have normally been indef'd. In other words, it simplifies blocking. (And of course the normal indef appeals process can be used. Indefinite is not infinite.) –Novem Linguae (talk) 21:47, 12 September 2025 (UTC)[reply]
WMF, in the FAQ it is claimed in the section "Would disallowing or limiting anonymous editing be a good alternative?" that this is "unlikely" because at the Portuguese wikipedia "On the other hand, there is evidence that this came at the cost of a significant reduction in non-reverted edits, weakening the growth of content in the Portuguese Wikipedia, and potentially leading to other negative long-term effects." As I described above, these claims seem false, and the growth or decline of ptwiki seems exactly in line with that of other large Wikipedia versions. There is no significant extra loss of new articles, user edits, or new editors compared to these other Wikipedias. See e.g. the number of active editors[15]. So based on what numbers do you claim these statements to be true? Fram (talk) 16:30, 11 September 2025 (UTC)[reply]
I'm very curious about this as well. Because the public research I've seen suggests it didn't harm ptwiki, but have had multiple conversations with various WMF staffers who firmly believe it did. While I expressed reasons other than this above why I supported keeping IP editing, that was before I realized that no matter what temp accounts reset after 90 days. So understanding what evidence we have about this would be important for me in any such discussion about disabling IP editing. Best, Barkeep49 (talk) 16:47, 11 September 2025 (UTC)[reply]
I too am interested in this question, and share Fram's concern that causal inference in statistics is very hard and at minimum a proper difference-in-difference model is necessary to attempt to capture the causal effect of disallowing IP editing on content, which we don't seem to have. KevinL (aka L235·t·c) 17:57, 11 September 2025 (UTC)[reply]
Hello! I want to first clarify about the metric. The leading metric we looked at for ptwiki is Net non-reverted content edits - defined as the number of content (main-namespace) edits that were not reverted within 48 hours, excluding bot edits, reverted edits, and edits that reverted other edit. We chose this metric because we felt it was most representative of the impact on the community's content health as a result of this change. Unfortunately this metric is not displayed by default on stats.wikimedia.org.
We have measured the impact of this change three times since the change was implemented: In August 2021, June 2022 and April 2024. Each time we saw a similar downward trend in Net non-reverted content edits. You can see how the numbers compare over the four years in the most recent report, Table 6. In Q1 of this year we saw a decline of as much as 36% compared to pre-restriction days. We also compared this trend with Spanish, German, French and Italian Wikipedias and did not see the same trend on those wikis.
You are right in noting that there have been many positive outcomes from this change as well - lower blocks, reverts, page protections -- all point to a decrease in vandalism on the project. The feedback from the survey was quite positive as well. However, we do not think the decline in net non-reverted content edits is worth the trade-off. @Benjamin Mako Hill and his team wrote about the Value of IP Editing to offer their perspective on this too in case you haven't seen it.
Lastly, I want to point out that before embarking on temporary accounts our team seriously considered turning off logged out editing as a viable alternative. Some of you might recall that we put out a call to communities that want to experiment with this change. The Farsi Wikipedia experiment was a result of this call. If this option did turn out to be viable, it would have been the easier way out - way less work than temporary accounts. Unfortunately the results from ptwiki and fawiki were not what we had hoped for. -- NKohli (WMF) (talk) 13:19, 12 September 2025 (UTC)[reply]
I find it disingenuous that you never mentioned the only metric that matters: the editors of ptwiki are happy with banning IP edits, and they have no intention of going back. Moreover, the metric you do focus on, net non-reverted content edits clearly shows that ptwiki was already in decline before it. Tercer (talk) 14:43, 12 September 2025 (UTC)[reply]
I disagree that editor happiness is the only metric that matters. I am here to serve our readers and so if our readers are being hurt by having old information, when new information would be possible, or (more importantly) incorrect information when correct information would be possible, that matters a great deal to me. It also matters a great deal to me about whether turning off IP editing harms the pipeline to gaining more new registered editors. Best, Barkeep49 (talk) 17:30, 12 September 2025 (UTC)[reply]
I'm not sure I agree with We chose this metric because we felt it was most representative of the impact on the community's content health as a result of this change. If community systems are overwhelmed in a community that has IP editing (with or with-out Temp Accounts) the edits that stay unreverted may be, on the whole, a net negative to the project and to its readers. Put another way: if a community is overwhelmed then the net non-reverted edits are lower pre-change than policies and guidelines would suggest they should be and if they are then not overhwelmed afterwards, may be showing the true rate. I also am not sure I agree that it is the only metric worth looking at - as I indicated above statistics about overall community health in terms of editor registration, retention, and "moving up the ranks" - also feel worth examination. I would suggest English Wikipedia is not currently overhwelmed and so we do have a good baseline - something I don't know was the case for ptwiki - but I do worry that these changes will overwhelm the system because of the extra work that it is going to require to dealing with unregistered accounts. Best, Barkeep49 (talk) 17:38, 12 September 2025 (UTC)[reply]
It's also worth noting that @MuddyB: complained about the surge of vandalism on the Swahili Wikipedia (where he is an admin), following the enabling of temporary accounts, though as I understand IP editing may have been previously disabled outright on this wiki. [16]Hemiauchenia (talk) 23:32, 12 September 2025 (UTC)[reply]
I think it inevitable that Wikipedia projects will disable anonymous editing in the future. As projects grow, the opportunity for anonymous editors to do anything productive continues to shrink. (1) The level of knowledge necessary to contribute positively to the projects keeps increasing. More policies, more guidelines, more standards, more templates. This growth in required knowledge is glacially slow but inexorable. (2) There is ever increasing lack of ability for editors to contribute in general due to the (ever unattainable, thankfully) goal of completing the project. The lack of productive work possibilities gives ever decreasing opportunities to anonymous users to contribute positively. (3) The ratio of administrators to the amount of work administrators need to do continues to worsen. Those are just a few of the factors in play that are driving this reality. Imagine, if you will, Wikipedia 50 years from now. There will always be growth to be sure, but the opportunity for anonymous users to do anything will be almost absent. There needs to be a long term strategy to reverse these trends, else new blood coming into the projects will die. We're already in a long term drought. --Hammersoft (talk) 14:52, 12 September 2025 (UTC)[reply]
There won't be any wikipedia 50 years from now. What wikipedia does is harness the energy of many people to read books, newspapers, journal articles, etc, and distill them into encyclopedia articles. In way less than 50 years from now, AI will be good enough to make that an obsolete concept. RoySmith(talk)01:26, 13 September 2025 (UTC)[reply]
Yeah, 50 years is quite optimistic. I can see the project lasting for another decade or two, but beyond that... I'm not so sure. Some1 (talk) 01:43, 13 September 2025 (UTC)[reply]
wikimedia.org know if you have any feedback or suggestions for improvement!
wikimedia.org for advice.
.jpg)
