... and you "do your best to avoid being a target", they've won.

Really? Then burn a Koran on national TV right now...

Oh wait... then the extremist muslims have won. Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book.

Judging from the rest of your comment, you probably didn't mean this, but this makes it look like, from your viewpoint, the only alternative to "doing your best to not be a target" is "doing your best to be a target."

It is all about how you say things and where you say them. Take any dumb position you like and it won't automatically get a response from the trolls.

To some extent you're right. If you're rambling over in the corner and nobody notices you, you're good. But if you have something useful to say and a forum where you can get noticed, you will definitely be noticed by people who don't like what you say, and if they happen to be trolls, they will troll you.

Jesus Christ, did you read what you just wrote?

Why, yes, yes, I did.

Google Search exists to help people find what they're looking for,

There's your problem, right there. Google exists to make money. They do this by doing a good enough job to make most people use them first for search. If you think that google exists to make your job as a website administrator easier, then you've got a huge sense of misplaced entitlement.

and you're saying it's our job to tell Google how to help people find our site?

There seems to be a bit of projection going on here -- you're getting on my case for not reading what I wrote, then turning around and claiming I wrote things that I didn't.

But even though I never wrote that, if it's your job to help your customers find your site, and a lot of your customers are miffed (and complaining, and defecting and/or wasting your time) because they can't find you through google, then (assuming 2+2 still equals 4) yes, of course, it behooves you to spend a bit of time to understand google's crawler well enough to make sure that google dumps your customers on the page you'd like to see them on.

For example, if it were my site, the very first thing I would do is check to make sure that I didn't have a misconfigured robots.txt anywhere in the search path. Then I would figure out what, if anything, google is actually serving from that site (using the site: option in the search), and then I would google (yes, the devil!) for SEO techniques for my exact situation. Finally, if I figured out that google really did have difficulty reconciling two different email web pages for the same domain, then I would probably chalk it up to competence, rather than incompetence -- on a web host, figuring out the primary webmail portal and always directing to that could probably cut down on a lot of phishing attacks -- and then either unify the webmail portals, or put a link from one to the other, or separate the domains, or anything else that was required to prove to google that my second webportal wasn't just a phishing site.

But since you're entitled to google doing all your shit for you even though you're not paying them to babysit your customers, you probably can't be bothered to do any of that stuff.

If people want to find our web mail portal they can come to the website we print on their damn bill, or they can call and ask us how to get to it.

That's a perfectly lovely attitude, and I wish you and your company all the success in life you both deserve.

Interviewing disgruntled people will certainly tell you why they think they are disgruntled, but most of the I know manage to be disgruntled no matter what.

What if it hadn't been the same company? What if it was a phishing site?

Google's actually pretty darn good about warning about phishing. Which means that the usual warning you get from them is extremely helpful, especially in comparison to the complete lack of warning you would ever get from typing raw URLs into the browser.

All these people who thought they had reached the right destination

Why should google cater to companies that are so technically backward that they can't figure out how to unify their email portals?

If I were one of your company's customers, I would rightfully be blaming you, not google, for your inability to make google understand how I should get to my email.

Maybe but Google is no more at fault for that than the phone companies are for texting while driving.

This is damning with faint praise.

Phone texting is the direct descendant of phone conversations.

Do you realize how much hard technical work went into making cell-tower handoff work seamlessly at highway speeds? Do you think the phone companies did that merely to capture revenue from the conversations the passengers were having?

Real bug, hypothetical exploit, of course.

I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.

Who cares? It was real, not hypothetical.

"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.

Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.

Never remotely said that

Who never remotely said that? The original post I was responding to was from macs4all -- are you him? His argument was essentially that your data is safer with Apple, ostensibly because of their privacy policy, and that their business model is the perfect one because everybody is tired of being data-mined, so Apple is who you should trust your data with.

That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.

And a couple of months later, it happened again -- Apple patched 26 bugs, each of which could allow remote code execution, and half of those had been reported to them by google.

Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.

But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.

Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.

My point is a bunch of anecdotes don't make an argument

Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.

Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.

More to the point, google actually tries to apply this consistently as much as possible, which only nets them grief because of their universal privacy policy.

Apple's privacy policy may be "better" than google's in some theoretical fashion, but if more user data is leaked via iOS apps than Android apps, how is that better in the real world for a typical phone user?

You can easily google for it on lots of other sites, but you knew that right? We may never know if it was exploited, but it was certainly extremely easy to exploit, so it doesn't fall anywhere near the realm of a "hypothetical" bug.

As far as google serving up ads with malware, (a) that didn't go on for 18 months, and (b) while I don't condone javascript in ads (or ever have this enabled), this is actually, generally, a lot safer than it used to be. This particular malware, which made the news precisely because it is rare for google to serve malware, requires either an ancient flash install or an unpatched XP/IE installation, in order to infect a system.

Trying to serve others' javascript safely is a much more complex problem than implementing SSL correctly, and that this attack for ancient systems went on for half-a-month, while Apple's exploit for all current iOS systems was available for 18 months, may not be making the point you think it is.

cherry picking is not a good argument

No, much better to make blanket assertions that Apple handles data better because that isn't its business (which is the original assertion that I was responding to).

Those examples were just that -- examples. Did you bother to read the link I gave about how apps from the same companies leak more user data on Apple than on Android?

Citation, please.

Well, you can read all the headline news about how all the malware is on Android because Apple keeps it off of iWhatever, or you can try to figure out which system is better for the stuff you're actually going to use:

http://www.sciencedaily.com/releases/2013/10/131011092523.htm

You can read the false equivalence narrative about how both Apple and google suffered data breaches recently, or you could use your brain and realize that you have seen evidence that it's pretty easy to get "private" stuff out of Apple's cloud, but there's not much evidence of getting it out of google's cloud:

http://www.v3.co.uk/v3-uk/news/2364799/google-confirms-five-million-customer-data-dump-but-denies-breach

You can read about how Apple is going to revolutionize payments, or you can read some of the user stories here about how people have been using google for payments for a long time with no problems, and you might think about how, even a few months ago, Apple had a major https problem:

http://www.theblaze.com/stories/2014/02/24/apples-security-breach-should-scare-you-more-than-targets-did/

And finally, you can ooh and aah about how iOS is now encrypting everything in a way that only the user can decrypt it "unlike [Apple's] competitors" and google is playing catchup, or you can dig deeper and find out that this has been an option on Android for three years, and all google has to do to match Apple is turn it on by default. (They probably had it off by default simply so Apple wouldn't be beating them in storage benchmarks.)

So you actually approve of a Business Model based on Tracking (and Selling) your every online move?

Now I have to ask you for a citation. Google targets ads to you, but AFAIK, unlike, say, Facebook, they don't actually sell your data directly to others. That's because, believe it or not, it is precious to them. Whether or not I approve the business model is immaterial, but I reject the premise that Apple is capable of handling data better because their business isn't based on handling data. Seriously, doesn't that sound like a stupid claim?

...and people think Apple aficionados are delusional???

That's only because enough of them are that it's a thing.

I wouldn't have a problem with that.

But that seems unlikely. The system is out of control, and the societal costs of bad patents are both huge and unfairly distributed.

Since lots of great software was written before it was patentable, there is no reason to believe that patents are necessary to help create good software.

Since lots of great open source software is still being written now, there is still no reason to believe this.

So we have a system that provably isn't needed, and that provably causes great harm in some cases. The best fix for such a situation is a wooden stake to the heart.

It's their lifeblood.

Self-selecting, too.

Dudes and gals who get their panties in a bunch about corporations "controlling" open source will steer clear, while people passionate about open source and looking for an employer might take a closer look.

From what I read, several national, well-respected print and web publications have reached out to the original sheriff for clarification, and he has said squat.

If we misunderstand what he's saying, it's his own damn fault.

How the heck does it matter if Apple works with elcomsoft or not? If reverse-engineering a protocol is all it takes to jeapordize user's data, it's security-by-obscurity in the best case.