Decision Statement Overview: https://docs.google.com/document/d/1YWfvBBYYCdN2sEM3snfrPXEAUYdyg6BgQThXjMs09EY/edit
What is the problem or opportunity?
Currently, anonymous users who make edits to Wikimedia projects are able to do so without creating an account. The problem is that for those edits made, their public IP address is used in place of a username, thus exposing some PII with this given user.
For admins patrolling and protecting projects from vandalism have relied on tools that leverage the exposure of these IP addresses. So the challenge here is to provide privacy to anonymous users while empowering admins to continue to fend off vandalism.
Requirements
IP addresses are no longer viewable to public users
As an anonymous user making an edit, I want my IP address hidden from public, non-authorized users, so that my identity remains private.
IP Data Retention
Remove IP addresses from the database after 90 days.
Create a temporary account for anonymous users
As an anonymous user, I want a temporary account, so that I have privacy and my IP address isn’t available publicly
- Acceptance Criteria
- A unique temporary account is reserved. The account is not officially created until an edit is submitted by that anonymous user.
- The temporary account is associated with the user’s session
What does the future look like if this is achieved?
The privacy of users is protected with no PII being publicly exposed. We also want to continue to encourage contributors who have made anonymous edits.
The role of anti-vandalism is unimpacted by this change and can continue to identify and prevent bad actors from vandalizing projects.
What happens if we do nothing?
User privacy remains at risk for publicly exposing PII such as IP addresses.
Any additional background or context to provide?
IP addresses need to be purged after 90 days in accordance with data retention policy. Likewise, the masking or removing of IP addresses from public exposure are only those anonymous edits moving forward. This does not need to mask or remove the past IP addresses that have been made publicly available.
Why are you bringing this decision to the technical forum?
For contributors feel safe contributing to the movement which aligns to our objective
Our platform and our contributors will be better protected with improved movement management & curation tools (software and practices)