A big revelation about the deadly rudder design of Boeing 737s was that Boeing knew the rudder could move on its own, and twist the jet into a catastrophic dive, but failed to tell pilots this was a possibility. Once the phenomenon became public knowledge, pilots began to take steps to avoid the conditions under which uncommanded rudder movements were likely. And Boeing was forced to go to a safer rudder design.
The wave of cross-site scripting attacks that take advantage of search engine optimization exchanges between Google and high-traffic sites strikes me as similar. Knowledge is power, from the public’s view. But Knowledge can be a liability, from the corporate view.
Here are three views on Google’s dilemma:
Scott Cleland, Precursor Group: “Google not informing their users is the conflict of interest in their advertising business model. Google does not get paid by users. Google gets paid by advertisers and websites who do not want to sully their brands online by having Google identify which of its website clients and which advertising has been infected and are the source for these new rapidly spreading cyber-scams. Google also does not want to discourage searching in any way, because they get paid only when users search.”