A group of Turkish pranksters enlisted the help of their fellow message board users to mount a large scale linguistic assault on Facebook, resulting in red faces all round.
A post on the Inci Sözlük discussion forum describes the plan for abusing the Facebook translate application for the amusement of the discussion board members and it seems, the attack was a complete success.
A selection of 56 words and phrases that are commonly used across the Facebook platform, words and phrases such as “Like” or “Your message could not be sent because the user is offline” had their Turkish translations, erm… “improved” The attackers abused the official Facebook Translate interface, a crowdsourcing method for improving the linguistic accuracy of the site. Discussion forum members then went on to provide enough votes to push these translations into use for anyone viewing Facebook in Turkish resulting in some very red faces. The terms of course were offensive and insulting, some may have found them amusing, not I of course!
The word “Like” for example was substituted for another word that rhymes with Luck but begins with an F. The familiar notification in Facebook chat “Your message could not be sent because the user is offline” became “Your message could not be sent because of your tiny penis”
Facebook rolled back the unwanted translations during the day and the Facebook Translate application is offline for many languages, although it is not clear if this is related.
It is interesting to note the fully automated nature of this crowdsourced method, it certainly seems as though the replacement translations did not go past any human eyes before going live. Perhaps there were possibilities here for criminals to take advantage of by substituting obfuscated URLs for the popular words. Perhaps it is fortunate that the hole has been exposed through a prank in the first instance and not something more nefarious.
Any online service, whether it’s transaltion or reputation services, which solicits user generated content would be well advised to quality check that content before going live with it.