32
are domains containing 'zip' near the end a legitimate threat?
(piefed.social)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 Aug 2025
32 points (100.0% liked)
No Stupid Questions
43005 readers
473 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 2 years ago
MODERATORS
The ".zip" TLD isn't itself a security risk, but it should never have been created in the first place due to the overlap with .zip files.
Understanding the context of why the .zip TLD is a bad idea, you should be questioning the general competence of a web admin that would intentionally purchase and operate a .zip website. There are plenty of other cheap TLDs available that do not overlap with common file extensions. It's such an obvious and avoidable problem that you have to wonder what other obvious problems they are failing to avoid.
I do not disagree, though I'm curious on your take of .COM since that has always had the same issue.
Basically, .COM files are not commonly used and definitely not commonly shared on the Internet. The overlap between use cases for .COM files and .com TLDs is almost nothing.
In contrast, .ZIP files are very commonly shared on the Internet as a convenient way to transfer a group of files all at once, and there are a few different techniques for using .ZIP files maliciously. There is a lot more potential for conflicts between .ZIP files and the .zip TLD on the Internet.
The difference is they everybody knows about zip files, even my old mom. Not so much for com executables. That's why it can lead to phishing, etc.
Well put. Your explanation has me most confident I should avoid lemmy.zip communities for the time being--thx
lol there is nothing wrong with Lemmy.zip. It’s a legit Lemmy instance and the communities are safe.
The concern is that someone might try to make a website / URL appear to be a zip file you can download and open. But Lemmy.zip is not doing that.
Also you are on a different Lemmy instance, so you never interact with Lemmy.zip directly. Instead, behind the scenes, your instance exchanges data with Lemmy.zip, and all other instances it is federated with, regardless of whether you personally subscribe to any .zip communities or not.
If the concern is legit, wouldn't it be an ethical practice to not support services that use the problematic TLD?
Not everything needs an ethical practice.
Lemmy communities are run by volunteers who are often footing the bill themselves to run. Without these people Lemmy would not exist. One/some of these people decided to save themselves a few bucks a month and get a .zip domain. There's nothing wrong with lemmy.zip