Page MenuHomePhabricator
Create Task
Maniphest T303085

Consider disabling Yandex as a translation provider for cxserver's machine translation functionality
Closed, ResolvedPublicSecurity
Actions

Description

Given recent world events, and certain recent news, we should evaluate whether Yandex can still be considered a reliable and safe provider of translation content for cxserver's mt functionality. Some initial questions:

  1. Is there any way for us to monitor the current quality of Yandex-provided translations for cxserver?
  2. What would a disablement plan look like and how quickly could it be employed?

Details

Risk Rating
Low
Author Affiliation
WMF Technology

Related Objects

Event Timeline

sbassett created this task.Mar 4 2022, 9:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 4 2022, 9:49 PM
sbassett added a project: CX-cxserver.Mar 4 2022, 9:50 PM
sbassett added subscribers: JBennett, Dr03ramos, Arrbee and 2 others.
sbassett renamed this task from Consider disabling Yandex as a provider for cxserver to Consider disabling Yandex as a translation provider for cxserver's machine translation functionality.Mar 4 2022, 9:54 PM
sbassett changed Risk Rating from N/A to High.
sbassett edited subscribers, added: dr0ptp4kt; removed: Dr03ramos.
Arrbee claimed this task.Mar 6 2022, 2:05 PM
Arrbee added subscribers: KartikMistry, Pginer-WMF.
sbassett moved this task from Incoming to Watching on the Security-Team board.Mar 7 2022, 4:36 PM
sbassett added a project: SecTeam-Processed.
Pginer-WMF added a comment.Mar 28 2022, 10:44 AM

We got this report from a user about some mistranslations from Yandex that seem to be vandalism. For example, when translating the name of the director "Gunnar Vikene" from Norwegian to French, the resulting translation from Yandex is "Jean-Luc Mélenchon", a French politician. This issue is visible using the Yandex translate website.

This kind of issue is expected to be easy to notice by the translators as they work on the translation. So it is still unclear to me whether it is better to have an unreliable translation to fix or no translation at all in these cases.

I don't know if Yandex has a way for people to contribute/correct translations (similar to what Google Translate has) that could have been used to vandalize their system, and how much informing them could help fix or prevent this going further.

sbassett added a comment.Mar 28 2022, 7:40 PM

Hey @Pginer-WMF - thanks for looking into this. I think, if we're not seeing anything that looks like a sustained, coordinated campaign to provide erroneous or malicious translation content from Yandex, then this task, as written, can likely be declined. Of course we do want to maintain some awareness in regards to this potential attack vector, likely for as long as the current geopolitical events transpire.

dr0ptp4kt unsubscribed.Jul 28 2023, 2:42 PM
Aklapper removed Arrbee as the assignee of this task.May 16 2024, 5:02 PM

@Arrbee: Removing task assignee as this open task has been assigned for more than two years - see the email sent to all task assignees on 2024-04-15.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome! :)
If this task has been resolved in the meantime, or should not be worked on by anybody ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

sbassett added a comment.May 16 2024, 6:13 PM

Unfortunately, this still appears to be a potentially relevant issue: https://www.yahoo.com/tech/russian-consortium-announces-terms-5-112456481.html

Stryn subscribed.Jul 4 2024, 8:18 AM
ssingh added a subscriber: Slaporte.Jul 24 2024, 12:15 AM
Nikerabbit moved this task from Backlog to Other teams on the CX-cxserver board.Nov 14 2024, 8:48 AM
Nikerabbit edited projects, added CXServer; removed CX-cxserver.May 22 2025, 2:48 PM
KartikMistry added a comment.Oct 16 2025, 7:59 AM

It seems that Yandex is no longer accessible. See: T407345

santhosh added a comment.Oct 23 2025, 4:32 AM

Yandex was removed from cxserver

Ticket: T407345: cxserver: Yandex MT service failure
Patch : https://gerrit.wikimedia.org/r/c/mediawiki/services/cxserver/+/1198040

Nikerabbit closed this task as Resolved.Oct 23 2025, 12:59 PM
Nikerabbit claimed this task.
sbassett moved this task from Watching to Our Part Is Done on the Security-Team board.Oct 23 2025, 3:34 PM

Does anyone care if we make this particular task public?

Arrbee added a comment.Oct 24 2025, 6:32 AM
In T303085#11303463, @sbassett wrote:

Does anyone care if we make this particular task public?

The other task which was used to remove the MT is public. Considering the original description of this ticket refers to world events, and political events, I would defer to you how other similarly drafted tickets may have been treated in the past to avoid any unnecessary fallouts later.

sbassett triaged this task as Low priority.Oct 24 2025, 3:50 PM
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed the edit policy from "Custom Policy" to "All Users".
sbassett changed Risk Rating from High to Low.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits