What is a temporary account?

Any time you publish an edit on Wikipedia or other sites hosted by the Wikimedia Foundation without logging into a registered account, a temporary account will be created for you. This account will automatically be given a username. A cookie will be set in your browser when the account is created. All subsequent edits by you will be attributed to the username assigned to this temporary account, even if your IP address changes. With a temporary account, your IP address can only be accessed by authorized staff and community members, as outlined in the updated Privacy policy.

How do temporary accounts work?

• Temporary account names follow the pattern: ~2025-12345-67 (a tilde, current year, an auto-generated number). Users cannot choose or change the names of their temporary accounts.
• 90 days after the creation date, the temporary account will automatically expire. It will become unusable and be unable to get talk page messages.
• Subsequent edits assign a new temporary account. The old one will be deactivated and you won't be able to keep it or log into it.
• It is impossible to log in to a temporary account. There are no passwords for temporary accounts.
• All edits made from the same device and browser will be attributed to the same temporary account, even if the IP address you're using changes (for example, if you edit at home and at a coffee shop). This is done through the placement of a browser cookie that remembers the temporary account you have been assigned.
• Temporary accounts are not like browsing history or open tabs. If you have a browser synchronized across devices, you will be assigned to different accounts on different devices. This is a consequence of how browsers work. If you are worried about this, you may want to create a registered account.
• Temporary accounts can be deactivated manually at any time by ending your session or clearing your browser cookies.

Notable aspects of temporary accounts

• Temporary accounts are different from registered accounts. They are short-lived and offer limited features. We don't collect any additional data for temporary accounts beyond what we collect for regular edits.^{[clarification needed]}
• Temporary accounts do not have access to all the features available for logged-in users. Some actions, such as uploading photos to Commons, are restricted to users with a registered account.
• Temporary accounts have their own user pages and user talk pages, but they will eventually delink from the person who made the page. You could redirect your temporary user page to your new account.
• Temporary accounts can receive notifications and see a banner about new messages on their user talk page.
• Temporary accounts can receive thanks from logged-in editors but can't send thanks.
• Temporary accounts can ping other users, and they can be pinged in return.

See also

• Help page for the temporary account holders (temporary users)
• The technical information page if your bot or tool needs to differentiate between temporary and permanent account types

Why are you working on temporary accounts at all?

Primarily, to improve the privacy of logged-out users. In addition, this change will allow us to build better anti-abuse tools.

Our wikis should be safer to edit by default for logged-out editors. Temporary accounts allow people to continue editing the wikis without creating an account, while avoiding publicly tying their edits to their IP address. We believe this is in the best interest of our logged-out editors, who make valuable contributions to the wikis and who may later create accounts and grow our community. Even though the wikis do warn logged-out editors that their IP address will be associated with their edit, many people may not understand what an IP address is, or that it could be used to connect them to other information about them in ways they might not expect.

Additionally, our moderation software and tools rely too heavily on network origin (IP addresses) to identify users and patterns of activity, especially as IP addresses themselves are becoming less stable as identifiers. Temporary accounts allow for more precise interactions with logged-out editors, including more precise blocks, and can help limit how often we unintentionally end up blocking good-faith users who use the same IP addresses as bad-faith users.

Why is a temporary account the right solution to the problem?

There are some hard requirements that led to the design of the temporary accounts. Some of them are of legal, and some are of technical nature:

See also:

• Technical details on Phabricator

Would disallowing or limiting anonymous editing be a good alternative?

Unlikely.

In the past, the Wikimedia Foundation has supported research into requiring registration for all editors editing Wikipedia articles. The results have been largely harmful. Over time, the Wikipedia in Persian saw large declines in the amount of constructive contributions of content. There is also a 2024 study of Portuguese Wikipedia which has blocked logged-out editing in the main namespace since October 2020. The results of this change were mixed. One of the stated goals of turning off logged-out editing was to reduce moderator burden and reverted edits, and there is evidence that it achieved this goal. On the other hand, there is evidence that this came at the cost of a significant reduction in non-reverted edits, weakening the growth of content in the Portuguese Wikipedia, and potentially leading to other negative long-term effects.

At this time, with the data we have, we cannot say that disabling logged-out editing on any project is a beneficial solution.

Where are temporary accounts deployed? When will these changes reach my wiki?

• Temporary accounts are already available on the following wikis:
  • Czech Wikiversity, Persian Wiktionary, Danish Wikipedia, Igbo Wikipedia, Italian Wikiquote, Japanese Wikiquote, Norwegian Bokmål Wikipedia, Romanian Wikipedia, Serbian Wikipedia, Serbo-Croatian Wikipedia, Swahili Wikipedia, Cantonese Wikipedia
  • Czech Wikipedia, Korean Wikipedia, Turkish Wikipedia
• We will introduce temporary accounts on larger wikis in June 2025. It may include some top-10 wikis, but not English Wikipedia.
• Finally, later in 2025, we will deploy temporary accounts on all remaining wikis in one carefully coordinated step.

IP addresses appear in the history of many pages. Will those past uses be modified?

No.

Historical IP addresses that were published on wiki before the switch to temporary accounts will not be modified. The Wikimedia Foundation Legal department has approved this decision.

What specific legal requirements, regulations or risks are you worried about? Is the Foundation facing legal action? What would happen if we didn't introduce temporary accounts?

We shouldn't provide all the information. We shouldn't publish some details, and we shouldn't disclose why. If we publicly discussed what arguments we can make, or what risks are most likely to result in litigation, we could help someone harm the wikis and the communities.

This answer is based on attorney advice we are choosing to follow.

Can this change be rolled out differently by location?

No.

We protect the privacy of all users to the same standard. This will change across the Wikimedia projects.

If we tell someone their IP address will be published, isn't that enough?

No.

Many people have been confused to see their IP address published. Additionally, even when someone does see the notice, the Foundation has to properly handle their personal data. Publishing the IP addresses of non-logged-in editors falls short of current privacy best practices. Also, it creates risks, including risks to those users.

How will the project affect CC license attribution?

It will not affect it.

The 3.0 license for text on the Wikimedia projects already states that attribution should include "the name of the Original Author (or pseudonym, if applicable)" (see the license at section 4c). Use of the temporary account names will function equally well as a pseudonym. IP addresses already may vary or be assigned to different people over time, so their use to identify unregistered editors is no different in this respect from the use of temporary account names. Both satisfy the license pseudonym requirement. In addition, our Terms of use section 7 specify that as part of contributing to Wikipedia, editors agree that links to articles (which include article history) are a sufficient method of attribution.

Where can I test it?

• All beta cluster wikis except en-rtl Wikipedia
• test.wikipedia.org
• test2.wikipedia.org

Keep in mind that these are testing wikis. Software there may not work as expected.

In addition, users with advanced permissions may test different features on Patch Demo available on T369637.

How long does a temporary account last?

A temporary account will work for as long as the cookie exists. The cookie is currently set to expire three months after the first edit.

The following are the most common scenarios in which a temporary account will be irretrievably lost:

• The user clears the cookies on the browser.
• The user deletes the profile on their browser that they used when the temporary account was created.
• The user used an incognito (private browsing) window, and closed the window.
• The cookie expired.

If a temporary account is lost, then a new temporary account, with a new username, will be automatically generated the next time the user publishes an edit. If a user would like a permanent account, they can create a free registered account at any time.

Are the temporary usernames unique across different wikis?

Yes.

If you see User:~2024-1234567 at multiple SUL-connected wikis, you can be confident that this is the same account.

What if temporary accounts are only enabled on some wikis?

Some wikis have temporary accounts enabled (pilots) and others do not.

Wikis that have temporary accounts enabled display unregistered editors as temporary accounts. On non-temp-accounts wikis they still show up as IP addresses. When the temporary user switches between these wikis they will show up as a temporary account in one wiki and as an IP address in another.

Who is able to see the IP address of temporary accounts?

Stewards, CheckUsers, global sysops, admins, and other community members who meet qualifying thresholds and are granted the right by their community admins, as well as certain staff at the Wikimedia Foundation.

There are privacy risks associated with IP addresses. This is why they will be visible only to people who need to have that information for effective investigation or prevention of different policy violations.

See also:

• Access to temporary account IP addresses legal policy

I have a qualified account. How can I see the IP addresses?

Please follow your community's guidelines to request this right from admins and/or bureaucrats and/or stewards (as defined by your community). Once you have been granted this right you may go to the page Special:Preferences, find the section Temporary account IP reveal, check the checkbox, and hit Save. Please read the note:

Before enabling this setting, you must read and agree to the "Access to Temporary Account IP Addresses Policy". In particular:

• You must meet the eligibility criteria described in the Policy;
• You must not access, use or disclose information about temporary account IP addresses except if it is reasonably necessary for the investigation of or enforcement against vandalism, abuse, spam, harassment, disruptive behavior, and other violations of Wikimedia Foundation or community policies. If you do share the information with others, you must be sensitive about where and how you do that, and you should remove the information when it is no longer reasonably necessary for others to see it.

If you have read and agree to the Policy, you may enable the preference by checking the checkbox. Other users with access to temporary account IPs can view the status of this preference.

Will I need to sign any non-disclosure agreement?

No.

There is the access to nonpublic personal data policy (ANPDP). It is a legal policy from the Wikimedia Foundation about how checkusers and people with certain other roles must protect non-public personal data that they obtain in the course of their duties. Volunteer admins and patrollers do not need to sign it. However, you will need to opt-in to access to IP addresses through Special:Preferences at your local wiki.

How will editors apply for this new user right?

This is automatically assigned to users who have permissions related to anti-abuse tasks, as defined in the policy. The only step they need to take is to opt-in when it becomes available at their wiki.

Other users need to apply for the right, and administrators or stewards can grant these rights. Read the policy to learn more.

For "other users" (as they are categorized in the policy), is it possible to bundle this right with an existing group, like patrollers?

No, at least not currently. This is what we announced in May 2025:

• Separation of the new right (checkuser-temporary-account) out to a new group (Temporary account IP viewers), as opposed to technically attaching it to any existing group (like patroller). We have decided to do this for a few reasons:
  • Having access to IP addresses carries risk. This right is similar to checkuser. IP addresses are considered personally identifiable information (a kind of personal data). Outside actors who want to access IP addresses will now need to interact with users who have this right. Users with this right should be aware of this, and alert to the possibility of suspicious access requests.
  • Good practices for privacy protection. Giving access to users who are trusted but do not need access to carry on their work is not in line with good practices for processing personal data.
  • Removal of right. Access to IPs will be logged (example). If any misuse of this right is detected, it can be taken away separately from any other permissions the user may hold. It would be difficult and sometimes also unreasonable to remove the rights unrelated to access to IP addresses.
  • You may grant the new right to all users belonging to a certain existing group individually. These users must meet the criteria for Temporary account IP viewers, though.
  • For clarity – all this does not affect administrators, bureaucrats, checkusers, stewards, and other groups mentioned in the global policy.

We have also documented this decision in Limits to configuration changes.

My community wants to set higher requirements. How do we do that?

Each wiki can set its own process with standards higher than the minimum. Make sure that consensus of your community does not contradict the global policy, and instead, adds requirements of your choice to the global ones.

The Wikimedia Foundation is not requiring a process equivalent to becoming an admin in the largest communities. Communities may choose to handle these requests via their existing processes, or to set up new pages. For example, the English Wikipedia may choose to take requests at w:en:Wikipedia:Requests for permissions, and the German-language Wikipedia may choose to handle requests at w:de:Wikipedia:Administratoren/Anfragen, and the Ukrainian Wikipedia may choose to handle requests at w:uk:Вікіпедія:Заявки на права патрульного. Very small communities often take similar requests on their village pump.

When will the user right become available? When can we start assigning it?

The user right has already been added to the MediaWiki software. Communities can start giving the right at any time.

The minimum requirements for non-admins are too high

This may occasionally be true, such as when a wiki is newly created. In such cases, contact the stewards.

I'm an admin, but I don't want this user right

You won't be able to see any of this information unless you click to accept the agreement.

I believe that someone is misusing this information

Please report privacy-related concerns to the ombuds commission. To ensure accountability, logs are kept of tool usage and of which users have access to the tool.

Other concerns about potential misuse may be brought to a steward by placing a request on m:Steward requests/Permissions#Removal of access. Stewards are authorized to block a user’s access to IP addresses if they determine that misuse occurred. This will prevent access even if the user would be automatically eligible or has been granted access through a community process.

If someone is blocked, are they able to use this right?

If a user is blocked sitewide, the software won't let them reveal IP addresses. If they have a partial block, they are able to use this right.

Some communities currently have public pages for documenting the activities of some bad actors, including their IP addresses (e.g., Long-term abuse). Will this documentation still be permitted?

Yes.

The communities should treat the IPs of logged in users and temporary account holders the same on the Long-term abuse list. They may list the IP addresses when necessary, but they should refer to the abusers by their temporary account usernames.

See also:

• Access to temporary account IP addresses

Can we publicly document the IP addresses used by suspected (but not confirmed) bad actors who are using temporary accounts?

In general, no, but sometimes yes, temporarily.

When possible, patrollers with access to IP addresses should document the temporary account name(s) instead of the IP addresses. The exception is when the IP addresses are necessary for the purpose of protecting the wiki from abusive actions. Necessity should be determined on a case-by-case basis. If a disclosure later becomes unnecessary, then the IP address should be promptly removed.

For example, if a suspected vandal is exonerated during an investigation, then the report showing the user's IP address can be removed through oversight. That way, the IP address is only revealed while it is needed, and then is suppressed later, after it has been shown to not be needed any longer. See the related policy for more information.

When it comes to documenting connections between logged-in and temporary users, non-CheckUser-level evidence, like editing patterns may be documented publicly. Documenting publicly that a temporary account and a regular account are connected based on evidence restricted for CheckUsers would be against the policy, even if IP addresses wouldn't be documented.

If other information about non-logged-in contributors is revealed (such as location, or ISP), then it doesn't matter if the IP address is also published, right?

No. The IP address should not be published.

With temporary accounts, the public information will be not linked to an individual person or device. For example, it will be a city-level location, or a note that an edit was made by someone at a particular university. While this is still information about the user, it's less specific and individual than an IP address. So even though we are making some information available in order to assist with abuse prevention, we are protecting the privacy of that specific contributor better.

Where can I test how my advanced permissions work with temporary accounts?

Users with advanced permissions may test different features on Patch Demo available on T369637.

What if a temporary account holder needs to be blocked?

Temporary accounts' IPs will be stored for a period of 90 days. Their IP addresses can still be blocked, just like at present. Temporary accounts can also be independently blocked, including global blocks and autoblocks.

Can't an abuser just clear cookies?

Yes, they can. Temporary accounts are not intended to solve any anti-abuse problems.

We know the problem of abusers making edits through a pool of changing IPs while masking browser agent data. This cannot be solved through temporary accounts. This is not a design goal for this project either. Otherwise, we would need to use trusted tokens, disabling anonymous edits, or fingerprinting, all of which are very involved, complicated measures that have significant community and technical considerations.

We will adapt tools to ensure that trusted functionaries can safely and efficiently navigate the bidirectional mappings between temporary accounts within the last 90 days and IPs. However, abuse from a user that clears cookies may become difficult or impossible to detect and mitigate for users without advanced permissions, or if some of the edits involved are more than 90 days old.

Will temporary accounts be covered by the autoblock mechanism?

Autoblocks stop vandals and other high-risk users from continuing to disrupt the projects by immediately creating a new account. Autoblocks for temporary accounts are the same as autoblocks for registered users. (IP addresses are not available to the public.)

More information is available in phab:T332231. Temporary accounts can also be blocked via global autoblocks.

Is there a limitation for creating many temporary accounts from the same IP address?

Yes.

There is a limitation preventing from creating too many accounts from the same IP address too quickly. The current threshold for regular accounts is six per IP address per day ($wgAccountCreationThrottle).

In addition to that, there is a similar limitation for temporary accounts, which is also six per IP address per day ($wgTempAccountCreationThrottle). This threshold can be changed quickly if necessary.

We have investigated the ideal thresholds of the limit (T357771). We will check nuanced responses to tripping thresholds, including CAPTCHAs, temporary blocks, calls to create an account, etc.

During the entire rollout, we will analyze rate limit trips (T357763). To learn more, see T357776.

Do I need to reveal each IP separately?

No, if you have high-level rights named in the policy like administrator, bureaucrat, CheckUser, etc.

If you have these rights and need quick access to different IP addresses at the same time, you can enable Autoreveal in the Tools menu. Then, for a limited time, you will be able to see the IP addresses of all temporary accounts visible in the logs. You will be able to extend the duration of Autoreveal.

The current configuration of temporary accounts will make retro-patrolling impossible

Currently, the 90-day period after which IP address of a temporary account becomes inaccessible seems reasonably long. We have consulted with the Stewards on this. If you can demonstrate need for a longer period, contact us.

In any case, the 90-day limit doesn't apply to behavioral evidence or patterns of editing – these will continue to be visible. The number itself may be changed, and we will be paying attention to your thoughts and evidence of more difficult investigation. It is important to note that for instances of proven long-term abuse behaviors, we can publicly document the IP address for patrolling needs.

What are the functional differences between using a Special:Checkuser on a temporary account, and revealing the IP address?

The IP reveal feature can show you the IP address used for a particular edit by a particular temporary account, the last IP address used by a temporary account, all the IP addresses used by a temporary account, or all the temporary accounts edits on a given IP address or IP address range.

Why are there so many temporary accounts with zero edits?

This is because of AbuseFilter at work.

Temporary accounts are not created at the moment of a successful edit save, but at the moment of any save attempt. AbuseFilter prevents some edits from being saved. These attempts need to be logged, and in the log, each attempt needs to be assigned to a performer. This is why an account needs to be created.

What does 'Legacy IP edits' mean, visible in Special:Contributions and related pages?

This refers to edits by anonymous users before temporary accounts were enabled, whose IP addresses are visible in their usernames.