Trust and Safety Product/Temporary Accounts/Access to IP

Translate this page

With the launch of Temporary Accounts, IP addresses for non-logged-in contributors will be replaced with a temporary identifier. This page is meant to provide information about accessing temporary account IP addresses and information related to them.

The policies

IP addresses are considered as personally identifiable information, and access to this data is dictated by the following legal policies. If there is a mismatch in what is written on this page versus what the policy says, please consider the policy as the source of truth.

Who has access

Access by default

MediaWiki Temporary accounts IP access mockup

Global access by default – temporary-account-no-preference

Staff
U4C members
Stewards (T357762)
Ombuds (T371279)

Local access by default – temporary-account-no-preference

Check users (T327913)
Suppressors (T327913)
This can also happen through a global preference (T366618)

Access as opt-in (via preference) tied with advanced roles

Can opt in globally through Special:GlobalPreferences – global-temporary-account-viewer

Global sysops (T371279)
Global rollbackers (T371279)
Abuse filter maintainers (T371279)
Abuse filter helpers (T371279)
Checkusers on any project (T375117)
Oversighters on any project (T375117)

Can opt in locally through Special:Preferences – temporary-account-viewer

Administrators (T327913)
Bureaucrats (T327913)

Other users

The icon of Temporary Account IP Viewers on German and French Wikipedia

Eligible users can be explicitly granted the right by sysops, bureaucrats, or stewards (T390942). Technical enforcement of 300 edits & 180 days old account criteria (T393615).

Stewards can grant local temporary account IP viewer permissions to users not meeting the criteria (T389808).

Removal of access

Voluntary removal

Users who opt-in through a preference can uncheck the preference to forgo their access at any time.
Users who qualify for automatic access (like check users) but do not want to have this access for safety concerns can choose to give up their access by contacting the stewards

Automatic removal

When the user no longer has the appropriate permissions
- If a user loses access to the permission through which they received access (like sysop) then:
  - They will not be able to access IPs, unless:
    - they were granted the IP Reveal rights by an administrator, or
    - they are a member of another user group authorized to access the data (such as Steward).
When the user is blocked
- If a user is blocked sitewide, they lose access to IP Reveal
(not implemented yet) When the user has not been active in past year
- If a user who was manually granted temporary-account-viewer has not been active with edits or log entries for over one year, their right will be automatically removed. They will have to apply for the right again through the manual process. (T375115)

Forced removal

Globally: Stewards can revoke a user's IP Reveal access that was manually granted by taking back the right
Locally: Sysops can revoke a user's IP Reveal access by taking back the right that was granted to manual

IP Reveal

MediaWiki version:

≥ 1.40

Screenshot showing the `Show IP` button used to reveal the IP of a temporary account

Since MediaWiki 1.40, a button is displayed next to temporary account user links which allows the revealing of their IP address.

This functionality can be used by users with the checkuser-temporary-account or checkuser-temporary-account-no-preference rights. Additionally the Enable revealing IP addresses for temporary accounts preference must be enabled for users with either user right to use the tool. Users that are sitewide blocked cannot use the functionality.

These buttons will appear next to temporary account usernames for actions that they have performed, such as on their edits in the history page or on Special:Contributions.

Administrators can see a list of IP addresses used by a temporary account by visiting Special:Block and entering the temporary account into the username field. This is to allow administrators to see whether an IP address block would be more appropriate for preventing abuse by the user.

These will not be shown on the following pages: Special:CheckUser, Special:Investigate, Special:InvestigateBlock, Special:ListUsers, Special:BlockList, Special:ActiveUsers.

Automatically showing IPs for temporary accounts

MediaWiki version:

≥ 1.45

Since MediaWiki 1.45, it is possible to enter into IP auto-reveal mode, in which temporary accounts have their IP addresses displayed next to their names by default. IP addresses display wherever IP reveal buttons would be added, so this is equivalent to clicking on all the IP reveal buttons.

This can reveal a lot of private information, so the mode should only be used for a limited duration, when needed. Usage of the mode is logged.

IP auto-reveal mode is available to users with the checkuser-temporary-account-auto-reveal right, if they are also able to reveal IP addresses of temporary accounts.

IP auto-reveal mode can be switched on and off by clicking on the link in the sidebar tools menu and following the workflow in the dialog that is launched.

IP Info

Design and access

This information doesn't reflect the current settings but will soon be correct (T375086).

IP Info is available for some logged-in users. It is displayed in a box on the Special:Contributions page of unregistered editors. An abridged version is accessible via a popup on log, history, and recent changes pages.

Box on the Special:Contributions page
Popup on log, history, and recent changes pages

For detailed information on who has access, see Access to Temporary Account IP Addresses Policy.

Log

A log is kept of queries made using the IP Information tool and how the information was accessed. Access to this log is limited to Foundation staff and certain advanced user groups. The following is an example of what is logged:

10 May 2022 User:A viewed limited IP Information popup for 1.1.1.1
10 May 2022 User:B viewed full IP Information popup for 2.2.2.2
10 May 2022 User:C viewed limited IP Information infobox for 3.3.3.3
10 May 2022 User:D viewed full IP Information infobox for 4.4.4.4

Information available

Please note that IP information is not guaranteed to be correct. It is for the most part based on the relevant IP information provider's own good faith efforts to identify and classify activity (from these IP addresses / IP address ranges) which it has observed across the wider Internet.

Field	Source	Description	Where accessible
Location	Maxmind	The geographic location associated with the IP address.	Popup and Special:Contributions
ISP	Maxmind	The Internet Service Provider associated with the IP address.	Popup and Special:Contributions
ASN	Maxmind	The autonomous system number associated with the IP address.	Special:Contributions
Organization	Maxmind	The organization operating this IP address (may differ from ISP).	Special:Contributions
Version	Parsed by MediaWiki	IP address version v4 or v6.	Special:Contributions
Behaviors	Spur - client.behaviors	Specific types of activity which devices have engaged in or have been previously affiliated with, using this IP address.	Special:Contributions
Risks	Spur - risks	Risks that Spur has determined based on their collection of data. These risks vary and will matter differently based on specific use-cases of Spur Context data.	Special:Contributions
Connection type	Spur - client.types	The different types of client devices that have been observed using this IP address.	Special:Contributions
Tunnel operator	Spur - tunnels.operator	The provider or operator of the VPN service that this IP address has been associated with.	Special:Contributions
Proxies	Spur - client.proxies	Proxies that have been observed using this IP address. This does not mean that all traffic from this IP address is associated with this proxy network, since the IP address may be in use by both proxied and non-proxied traffic.	Special:Contributions
Users on this IP	Spur - client.count	The average number of clients that have been observed on this IP address. It takes into account all activity from this IP address. This is calculated over a 24 hour period.	Special:Contributions
Active blocks	On-wiki data	The number of active blocks against this IP address.	Popup and Special:Contributions
Contributions	On-wiki data	The number of wiki edits made from this IP address.	Popup and Special:Contributions

Special:IPContributions

This page is used to find all the edits performed by temporary accounts on a given IP address or CIDR range within the CheckUser data retention period (by default 90 days). This page is only available if temporary accounts are known on a wiki.

To use this page, you must have the ability to reveal the IP addresses of temporary accounts (as described in the Showing IPs for temporary accounts section).

Open Special:IPContributions.
In the IP address or range: field, input an IP (IPv4 or IPv6) or CIDR range.
Adjust parameters as necessary and submit a search. This action will be logged to the checkuser-temporary-account log which will be visible to users with the checkuser-temporary-account-log right.

Screenshots
Input form
Example results

Special:GlobalContributions

This special page is only available if the Extension:GlobalPreferences and Extension:CentralAuth extensions are installed. The tool allows users to see edits performed by a given target across all wikis performed within the CheckUser data retention period (by default 90 days).

The tool can search for the following types of targets:

A username (named or temporary). This shows the recent revisions across all wikis from that user.
An IP address or CIDR range. This shows recent revisions performed by temporary accounts on that IP address or range. The user can only see results on wikis where they have the ability to reveal the IP addresses of temporary accounts (as described in the Showing IPs for temporary accounts section).

The page does not show contributions from anonymous users whose name is their IP address. This is due to technical limitations with the current database table structure.

When using this tool for an IP address or range, the user will make authenticated connections to multiple projects; doing so may result in autocreation of local accounts. (T385752)

Open Special:GlobalContributions.
In the Username, IP address or range: field, input a user name, an IP (IPv4 or IPv6) or CIDR range.
Adjust parameters as necessary and submit a search. If searching with a target as an IP address or CIDR range, this action will be logged to the checkuser-temporary-account log which will be visible to users with the checkuser-temporary-account-log right.
Alongside local results, results will be returned from other wikis. If searching using an IP address as an IP address or CIDR range, then the results will be limited to the wikis where you have the ability to reveal temporary account IP addresses (as described in the Showing IPs for temporary accounts section).

Screenshots
Input form
Example results

Access to IP addresses – who has the right

Who is able to see the IP address of temporary accounts?

Stewards, CheckUsers, global sysops, admins, and other community members who meet qualifying thresholds and are granted the right by their community admins, as well as certain staff at the Wikimedia Foundation.

There are privacy risks associated with IP addresses. This is why they will be visible only to people who need to have that information for effective investigation or prevention of different policy violations.

I have a qualified account. How can I see the IP addresses?

Please follow your community's guidelines to request this right from admins and/or bureaucrats and/or stewards (as defined by your community). Once you have been granted this right you may go to the page Special:Preferences, find the section Temporary account IP reveal, check the checkbox, and hit Save. Please read the note:

Before enabling this setting, you must read and agree to the "Access to Temporary Account IP Addresses Policy". In particular:
You must meet the eligibility criteria described in the Policy;
You must not access, use or disclose information about temporary account IP addresses except if it is reasonably necessary for the investigation of or enforcement against vandalism, abuse, spam, harassment, disruptive behavior, and other violations of Wikimedia Foundation or community policies. If you do share the information with others, you must be sensitive about where and how you do that, and you should remove the information when it is no longer reasonably necessary for others to see it.
If you have read and agree to the Policy, you may enable the preference by checking the checkbox. Other users with access to temporary account IPs can view the status of this preference.

Will I need to sign any non-disclosure agreement?

No.

There is the access to nonpublic personal data policy (ANPDP). It is a legal policy from the Wikimedia Foundation about how checkusers and people with certain other roles must protect non-public personal data that they obtain in the course of their duties. Volunteer admins and patrollers do not need to sign it. However, you will need to opt-in to access to IP addresses through Special:Preferences at your local wiki.

How will editors apply for this new user right?

This is automatically assigned to users who have permissions related to anti-abuse tasks, as defined in the policy. The only step they need to take is to opt-in when it becomes available at their wiki.

Other users need to apply for the right, and administrators or stewards can grant these rights.

The Wikimedia Foundation is not requiring a process equivalent to becoming an admin in the largest communities. Communities may choose to handle these requests via their existing processes, or to set up new pages. For example, the English Wikipedia may choose to take requests at w:en:Wikipedia:Requests for permissions, and the German-language Wikipedia may choose to handle requests at w:de:Wikipedia:Rechtevergabe, and the Ukrainian Wikipedia may choose to handle requests at w:uk:Вікіпедія:Заявки на права патрульного. Very small communities often take similar requests on their village pump.

For "other users" (as they are categorized in the policy), is it possible to bundle this right with an existing group, like patrollers?

No, at least not currently. This is what we announced in May 2025:

Separation of the new right (checkuser-temporary-account) out to a new group (Temporary account IP viewers), as opposed to technically attaching it to any existing group (like patroller). We have decided to do this for a few reasons:
- Having access to IP addresses carries risk. This right is similar to checkuser. IP addresses are considered personally identifiable information (a kind of personal data). Outside actors who want to access IP addresses will now need to interact with users who have this right. Users with this right should be aware of this, and alert to the possibility of suspicious access requests.
- Good practices for privacy protection. Giving access to users who are trusted but do not need access to carry on their work is not in line with good practices for processing personal data.
- Removal of right. Access to IPs will be logged (example). If any misuse of this right is detected, it can be taken away separately from any other permissions the user may hold. It would be difficult and sometimes also unreasonable to remove the rights unrelated to access to IP addresses.
- You may grant the new right to all users belonging to a certain existing group individually. These users must meet the criteria for Temporary account IP viewers, though.
- For clarity – all this does not affect administrators, bureaucrats, checkusers, stewards, and other groups mentioned in the global policy.

We have also documented this decision in Limits to configuration changes.

My community wants to set higher requirements. How do we do that?

Each wiki can set its own process with standards higher than the minimum. Make sure that consensus of your community does not contradict the global policy, and instead, adds requirements of your choice to the global ones.

When will the user right become available? When can we start assigning it?

The user right has already been added to the MediaWiki software. Communities can start giving the right at any time.

The minimum requirements for non-admins are too high

This may occasionally be true, such as when a wiki is newly created. In such cases, contact the stewards.

I'm an admin, but I don't want this user right

You won't be able to see any of this information unless you enable the preference.

I believe that someone is misusing this information

Please report privacy-related concerns to the ombuds commission. To ensure accountability, logs are kept of tool usage and of which users have access to the tool.

Other concerns about potential misuse may be brought to a steward by placing a request on m:Steward requests/Permissions#Removal of access. Stewards are authorized to block a user’s access to IP addresses if they determine that misuse occurred. This will prevent access even if the user would be automatically eligible or has been granted access through a community process.

If someone is blocked, are they able to use this right?

If a user is blocked sitewide, the software won't let them reveal IP addresses. If they have a partial block, they are able to use this right.

Access to IP addresses – moderation workflows and blocking

What happens if a temporary account is associated with multiple IP addresses?

When a user reveals the IP address of a temporary account from a history/log page, in most cases the IP revealed is the one responsible for that specific action. To view a temporary account's editing history, one can use the page Special:IPInfo which is linked from the temporary account's contributions page.

What if a temporary account holder needs to be blocked?

Temporary accounts' IPs will be stored for a period of 90 days. IP addresses can still be blocked. Temporary accounts can also be independently blocked, including global blocks and autoblocks.

Can't an abuser just clear cookies?

Yes, they can. Temporary accounts are not intended to solve any anti-abuse problems.

We know the problem of abusers making edits through a pool of changing IPs while masking browser agent data. This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.

We have adapted tools to ensure that trusted functionaries can safely and efficiently navigate the bidirectional mappings between temporary accounts within the last 90 days and IPs. However, abuse from a user who clears cookies may become difficult or impossible to detect and mitigate for users without advanced permissions, or if some of the edits involved are more than 90 days old.

If a user clears their browser cookies but continues using the same IP address, will there be any way to connect them back to their previous temporary account?

Especially in shared environments like universities and schools, where multiple unrelated users might be using the same IP, how will the system handle that?

If a user clears their cookies and edits again, they will be granted a new temporary account. This can only happen a maximum of six times per day after which the account creation limit will be reached. Users who have access to view temporary account IP addresses will be able to make the connection between IPs and temporary accounts through the page Special:IPContributions.

Will temporary accounts be covered by the autoblock mechanism?

Autoblocks stop vandals and other high-risk users from continuing to disrupt the projects by immediately creating a new account. Autoblocks for temporary accounts are the same as autoblocks for registered users. (IP addresses are not available to the public.)

More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.

How to do moderation work without exposing other users' private data?

We have a few tips, both for community members who can't block other users, and for admins:

We recommend focusing on asking admins to block temporary accounts instead of asking to block both temporary accounts and IPs. This is because often, it suffices to only block temporary accounts.
- If a temporary account is blocked with autoblocking enabled, the IP they were using will be blocked for 24 hours. If a temporary account user doesn't switch IPs, there isn't a need to block their IP unless the block needs to be longer than 24 hours.
If a user is using many temporary accounts over multiple IPs, we recommend to also ask to block the IPs. We discourage from writing down the IP addresses themselves as part of the request, though.
We discourage from linking registered accounts and temporary accounts publicly. It would allow non-CheckUsers establish the registered account IP.
Some connections may be traced by analyzing public logs. This is a trade-off. We limit access to different logs, but it's not always the best solution.

The current configuration of temporary accounts will make retro-patrolling impossible

Currently, the 90-day period after which IP address of a temporary account becomes inaccessible seems reasonably long. We have consulted the Stewards on this. If you can demonstrate need for a longer period, contact us. We are open to extending this period.

In any case, the 90-day limit doesn't apply to behavioral evidence or patterns of editing – these will continue to be visible. The number itself may be changed, and we will be paying attention to your thoughts and evidence of more difficult investigation. It is important to note that for instances of proven long-term abuse behaviors, we can publicly document the IP address for patrolling needs.

Access to IP addresses – documentation

Some communities currently have public pages for documenting the activities of some bad actors, including their IP addresses (e.g., Long-term abuse). Will this documentation still be permitted?

Yes.

The communities should treat the IPs of logged in users and temporary account holders the same on the Long-term abuse list. They may list the IP addresses when necessary, but they should refer to the abusers by their temporary account usernames.

Can we publicly document the IP addresses used by suspected (but not confirmed) bad actors who are using temporary accounts?

In general, no, but sometimes yes, temporarily.

When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.

For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.

When it comes to documenting connections between logged-in and temporary users, non-CheckUser-level evidence, like editing patterns may be documented publicly. Documenting publicly that a temporary account and a regular account are connected based on evidence restricted for CheckUsers would be against the policy, even if IP addresses wouldn't be documented.

If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?

No. The IP address should not be published.

With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available to assist with abuse prevention, we are protecting the privacy of that specific contributor better.