💾 Archived View for envs.net › ~kodzuken › blogs › dotzip.gmi captured on 2023-05-24 at 18:28:45. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Congratulations Google, you just broke the internet! (again)

About a week ago, Google decided to add 8 more domains to the now massive amount of domains around the world - these domains being .dad, .foo, .prof, .phd, .nexus, .zip and .mov.

Most of these domains haven't been noticed because for the most part no one cares about the "foo was here" joke domain you just bought, but .zip and .mov have - and not for any good reason, as cybersecurity researchers as well as tech enthusiasts with common sense have noticed the potential for these domains to be exploited for malicious acts.

While some of the more likely to be used for explotation .zip domains such as setup.zip and steaminstaller.zip have thankfully been taken by white hat actors who want to prevent people from having their computers harmed by possible attackers or redirected to Rickrolls, there has already been at least one case of the .zip domain being used maliciously.

The .zip and .mov domains have also managed to successfully undo decades of anti-phising measures and annoy internet users in general by making small typing errors and even [at] markers on certain links link you to a .zip/.mov domain as opposed to the file you actually want to download. As said before, that domain could be malware and even if .zip forces you to use HSTS anyone could just generate a Let's Encrypt certificate and do all other sorts of technological tricks to seem legit when they're not.

So, as a conclusion to this text: Don't support .zip.

For the love of your sanity and the internet's safety, do not buy any .zip domains, and if you do, tell people about the dangers and inconveniences this domain has already caused and will keep causing.

B-But what about COMPANY.COM? Weren't there issues when 3M bought that domain??

Yes, they were. But COMPANY.COM was a single file used by Microsoft in their operating systems, not a whole-ass top-level domain that anyone could register a domain name on.

What about .pl, .sh and .rs? Aren't these used as file-names as well?

The domains .pl, .sh and .rs started as country-code level domains for Poland, Saint Helena and Serbia, but are also used in domain hacks related to the Perl, Bash and Rust programming languages (and outright embraced for this purpose in Rust's case).

.zip and .mov, meanwhile, are deliberately named after the filetypes, and are also much more commonly used as vectors for attack than Perl or Bash scripts or Rust programs are.

TL;DR: Do not support .zip.

Long Story: Do not buy any .zip domains, and if you do, tell people about the dangers and inconveniences this domain has already caused and will keep causing.

Do not support Google while you're at it because they're evil and this is just their latest move on the game of who can make the internet even worse than it is now.

..

.mov can stay though, because the only people that use .mov files are Apple ecosystem users and fuck Apple.