[rbarooah]

Have you actually looked a twitter page that uses Twitpic? The text Chrome produces reads:

"Danger: Malware Ahead! Content from twitpic.com, a known malware distributor has been inserted into this page. Visiting this page now is very likely to infect your computer with malware.

Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion."

If this turns out to be a false positive, it certainly looks as though Google has committed a serious act of libel against a competitor by claiming that they are known to be malicious and involved in crime. Furthermore they prevented millions of customers from reaching another competitor (and partner of the first competitor) in order to deliver this message.

There's no mention of the possibility of there being a false positive, or how the conclusion was reached, or the general rate of false positives, or the fact that it's Google's opinion.

The fact that we assume it's an automated detection system doesn't absolve Google of responsibility for what they are communicating and the damage it can do to their competitors reputations.

If it does turn out to be a false positive, will Google contact all the people who saw that message to inform them that they were wrong?

I hope it's not a false positive.

[objclxt]

> "The text Chrome produces reads: [...]"

You actually get two slightly different warnings, depending upon whether the content is embedded or not. If you go to Twitpic directly you'll see "Google has blocked access to twitpic.com for now", a generally more gentle warning than the one you cite (which you'll see if you're viewing embedded content instead).

It's interesting there are two warnings, only one of which seems to be potentially libelous (if it was a false positive, which at this point is uncertain, especially if the content came in from an ad network).

[analog]

In the US libel requires a statement to have been made with malicious intent. Quite simply, this is in no way libel, nor should it be.

I'll take occasional minor shortlived inconveniences over security breaches anyday.

[rbarooah]

I doubt you'd consider it a "minor shortlived inconvenience" if Google informed millions of people that your business was a known distributor of malware.

Google can perfectly well block the malware without making such an accusatory statement. It's not a tradeoff, so I don't really know why you are defending them.

[analog]

What would you'd reckon the accuracy of the algorithms are? I'd have thought the numbers probably justify the language.

Security is a tradeoff, if you do business on the web, deal with it.

[rbarooah]

Clearly you haven't thought this through.

Security is sometimes a trade-off but in this case there is no trade-off involved. Google can just as easily block the malware without the potentially defamatory language.

The accuracy of the algorithm is utterly irrelevant.

[analog]

Rubbish. The trade-off in this case is that a more mealy-mouthed warning would lead to more people clicking through.

[rbarooah]

Nobody except you is suggesting a mealy-mouthed warning - that's a straw-man.

An accurate and informative statement like:

"Google's Scans detected malware <X>, which is known to do harm <Y> within the past <N> hours at <Z> percent of the pages operated by <COMPANY>. Google recommends that you do not click on this link until this warning is lifted. [Site owners click here for detailed information]"

...would be just as effective.

Scare tactics, especially those that might be laying blame incorrectly, simply breed ignorance, and ignorance is the enemy of security.