The only current form of moderator action / command / activity logging is for bans, and only for bans that are still active. A moderator can avoid showing up in the list by using long timeouts (up to 14 days) or unbanning a user before the list is checked. And that’s not even accounting for other actions a moderator can perform, such as sub mode, slow mode, and r9k mode.
Because of this, a single rogue moderator, or stolen password or oauth key, can hijack an entire channel and there’s nothing that can be done about it. Or in cases where the leak is less obvious (the credentials only being used for personal reasons, or being used to target specific users), it’s impossible to identify the source of the leak and fix it.
I assume that all chat messages are already being logged internally, and that these logs include invisible messages as well (such as moderator actions), so it would be great if there was an API endpoint to reach them. Similarly to the VoD API endpoint, it could show the last 20 or 50 or 100 actions logged (ideally with their ISO 8601 timestamp), with the ability to request an offset.
This could be expanded to include similar messages for the other actions. I hardly think that moderators should be concerned about public scrutiny (they’re already “Nazis”) and it wouldn’t have any of the downsides of API calls.
I’m toying with the idea of an extension that afflicted channels could enforce for their moderators. It would monitor the sending sockets for chat commands and broadcast this to other authenticated moderators within the same channel. Anyone not using it can be considered rouge. I’m not pursuing it, mainly because this would be so much better as an official feature.
Moderator and duration tags would be a really useful adjunct too; it’s a good point you bring up. Ideally, the duration would be visible to the user being timed out, and both duration and moderator would be visible to other moderators. A distinction between timeout and ban is really needed too.
Considering that chat is one of the hallmarks of Twitch, it would be really great to see some new development in the area, as not much seems to have changed on the front end in the past year.
My biggest point is though, that in the case of lost or stolen moderator credentials, there’s no solution but to contact staff and ask for assistance, and hope that they’re able to put the pieces together after the fact.
EDIT: To clarify, I mean in a case where you don’t know whose credentials were stolen, just that they have been. Though rogue moderators are still an important case point, since it’s the same deal.
I personally think the front end is fine as is, with 3rd party extensions like BTTV available for the power user.
The problem with selecting who gets to see the information is that it would have to be through direct messaging (like whispers) and would mean a greater overhaul than the suggested few-lines-of-code-fix. This in turn means longer development time.
Should stolen accounts really be the concern of moderators, though? How could they possibly verify such a claim without having information like verified email and login location? This should rightly remain at the hands of admins and staff, in my opinion.