Nobody except you is suggesting a mealy-mouthed warning - that's a straw-man.
An accurate and informative statement like:
"Google's Scans detected malware <X>, which is known to do harm <Y> within the past <N> hours at <Z> percent of the pages operated by <COMPANY>. Google recommends that you do not click on this link until this warning is lifted. [Site owners click here for detailed information]"
...would be just as effective.
Scare tactics, especially those that might be laying blame incorrectly, simply breed ignorance, and ignorance is the enemy of security.
it might be better if the message said something like "The site appears to be infected with malware.This warning will be remain in place until the malware has been removed."
That's what you suggested, seems pretty mealy-mouthed to me.
Presumably you don't judge my second suggestion 'mealy mouthed' otherwise you'd have quoted that instead.
So even by your judgement of what is 'mealy mouthed', an effective and accurate warning is clearly possible. You might not have liked the wording of my first suggestion but that doesn't change the argument.
There is no valid trade-off that requires Google to use accusatory wording in order to protect people from malware. It would clearly be an improvement if their messages were more accurate.
There obviously is a trade-off between the strength of the language and the number of people who will click through.
The messages are accurate, Twitpic was unfortunately a distributor of malware. Here's a copy and paste of the current detailed report.
What happened when Google visited this site?
Of the 12910 pages we tested on the site over the past 90 days, 31 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-01, and the last time suspicious content was found on this site was on 2012-12-30.
Malicious software includes 13 trojan(s), 4 exploit(s). Successful infection resulted in an average of 8 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including mpchester.info/, malatyuhr.com/, iloveeu.info/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 2upmedia.com/, adexcite.com/.
This site was hosted on 3 network(s) including AS36351 (SOFTLAYER), AS15169 (Google Internet Backbone), AS31815 (MEDIATEMPLE).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, twitpic.com appeared to function as an intermediary for the infection of 1 site(s) including ow.ly/.
There obviously is a trade-off between the strength of the language and the number of people who will click through.
Maybe, but I'm not arguing about the 'strength' of the language. I'm arguing about the accuracy of it.
The messages are accurate, Twitpic was unfortunately a distributor of malware. Here's a copy and paste of the current detailed report.
Actually, this report proves my point. Twitpic is implicated because ad networks they embed have distributed malware.
This is a perfectly good reason for warning people, but it is not justification for calling Twitpic "A known distributor of malware" - a statement which portrays Twitpic as an intentional agent in this.
If I called you "A known distributor of falsehoods", and my evidence was that you made a few mistakes on a math test, and mistyped the a URL in one of your postings, I imagine most people would consider that a misrepresentation, because the phrase "A known distributor" implies agency and intent.
Another analogy would be if a grocery store carried a batch of improperly pasteurized milk from that people got food poisoning from.
Calling the grocery store "A known poisoner" would be an obvious misrepresentation.
In just the same way, Twitpic is not "a known distributor" of malware.
I'm not sure why you're placing the business interests of Twitpic over the safety of users, but I disagree with your attitude.
You are simply misrepresenting my position. You keep making a false dichotomy, as though the users safety and accurate messaging are in conflict with one another. This is not true.
It is perfectly possible for Google to strongly state their opinion about the dangers of clicking through without misrepresenting twitpic.
I think that the communications of those in a position of power should be critiqued, and I think that misleading people 'for their own protection' is almost never justified and certainly shouldn't be casually accepted as a necessary tradeoff.
I disagree with your attitude too, but I guess at least we know where we stand.
An accurate and informative statement like:
"Google's Scans detected malware <X>, which is known to do harm <Y> within the past <N> hours at <Z> percent of the pages operated by <COMPANY>. Google recommends that you do not click on this link until this warning is lifted. [Site owners click here for detailed information]"
...would be just as effective.
Scare tactics, especially those that might be laying blame incorrectly, simply breed ignorance, and ignorance is the enemy of security.