Hi Yahya, Thank you so much for your feedback and for highlighting this critical point. You are absolutely right, and I completely agree that transparency regarding data access and the trust model is essential, especially for our colleagues handling NDA-restricted or highly sensitive information.
Because WikiLounge is hosted on WMCS and administrators have access to the underlying server logs and configurations, it is definitely not meant to be a secure enclave for advanced workflows. To ensure everyone is fully aware of this before they even request an account, I have added a highly visible *Security Notice for Advanced Rights Holders* directly to the top of the Public Portal dashboard. It explicitly warns users that the tool is not a secure enclave, that server/WMCS admins have access to the data, and advises those handling Stewards, CheckUser, Oversight, or NDA-restricted data to avoid using it for sensitive workflows. Furthermore, to maximize transparency and accountability, we have implemented an *Auditor* role within the administrative dashboard. This read-only role allows for complete visibility into the system's operations. Auditors can see: - *Live TheLounge Server Logs* (the last 500 lines) from the Maintenance tab. - *Dashboard Action Logs* (tracking both admin operations and self-service Public Portal requests) from the Audit tab. - *Terminal Command Logs* via the dedicated 'Logs' tab. You and other Stewards, as well as CheckUsers, Oversighters, Ombuds, U4C members, System Administrators, and WMF Staff, are highly welcome to request this Auditor role for full transparency and verification. Please let me know if you feel the wording of the public notice needs to be expanded or if there is anywhere else you think we should display it. I really appreciate your guidance and oversight in helping us keep the community safe! Regards, User:ZI Jony On Sun, Jun 14, 2026 at 12:43 PM Muhammad Yahya <[email protected]> wrote: > Thank you for setting this up and for the detailed announcement. > > I would like to add a privacy note for users who hold CheckUser, > Oversight, Steward, or other advanced permission roles. > > Because the operators of this WikiLounge instance do not have the same > level of access or confidentiality obligations as CheckUsers and > Oversighters, users with CU/OS-level access should carefully consider > whether this service is appropriate for their work. > > As with any TheLounge installation, server administrators may have access > to data stored or processed by the service, including: > > * Private messages and channel messages. > * The list of IRC networks and servers connected by users. > * Authentication credentials provided to the service (including > Libera.Chat passwords). > * Files and images uploaded through the web interface. > > Users handling non-public information should therefore evaluate the trust > model before using the service. > > For those who require a persistent IRC bouncer for CU/OS-related work, you > may wish to contact Steward AmandaNP, who operates a separate TheLounge > instance on a personal server that is used by several Stewards and > CheckUsers. > > Thank you again for providing this service to the Wikimedia community. > > Yahya > Wikimedia steward > > On Sun, 14 Jun 2026, 4:38 am Md. Zillur Rahman via Wikimedia-l, < > [email protected]> wrote: > >> Hi everyone, >> >> I am excited to announce the launch of *WikiLounge*, a new, always-on >> IRC web client and bouncer built specifically for the Wikimedia community >> and hosted securely on Wikimedia Cloud Services (WMCS). >> >> For many Wikimedians, IRC remains a vital platform for real-time >> collaboration, seeking help, and monitoring projects. However, traditional >> IRC drops your connection when you close your browser or go offline, >> causing you to miss out on conversations while you are away. >> >> WikiLounge solves this by acting as a persistent bouncer. It keeps your >> IRC presence active 24/7 on Libera.Chat network. When you log back in >> via your web browser or mobile device, you can read all the channel history >> and private messages you missed. >> >> We have just completed a major upgrade and deployed a new *Unified Web >> Dashboard* to make joining and managing your account as easy as possible. >> >> *Key Features:* >> >> - *Always-On Connection:* Catch up on missed messages when you return. >> - *Mobile-Friendly:* A clean, responsive web interface powered by >> open-source software (The Lounge). >> - *Automated Self-Service:* Securely log in using your Meta-Wiki >> account via OAuth to request access, change your server password, or >> declare a "Wikibreak" to pause inactivity limits. >> >> *How to join:* To protect server resources and prevent abuse, WikiLounge >> requires users to have at least 500 global edits across Wikimedia projects. >> >> If you meet the requirements and would like an account, you can read the >> full documentation and apply directly through the new automated portal: >> >> - *Documentation:* https://meta.wikimedia.org/wiki/IRC/WikiLounge >> - *Public Portal:* https://wikilounge.wmcloud.org/ >> >> If you have any questions, feel free to reach out to me, drop a task in >> Phabricator under the *WikiLounge* project, or join us in our newly >> created IRC channel *#wikimedia-lounge.* >> >> >> Regards, >> User:ZI Jony >> _______________________________________________ >> Wikimedia-l mailing list -- [email protected], guidelines >> at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and >> https://meta.wikimedia.org/wiki/Wikimedia-l >> Public archives at >> https://lists.wikimedia.org/hyperkitty/list/[email protected]/message/M6ZUSVOHTX5PE2PT2TGBWTV3E36KWUMK/ >> To unsubscribe send an email to [email protected] > >
_______________________________________________ Wikimedia-l mailing list -- [email protected], guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l Public archives at https://lists.wikimedia.org/hyperkitty/list/[email protected]/message/4UEF2LYEUOBK3KTSH2KG23RI7EEG2ZTQ/ To unsubscribe send an email to [email protected]
