Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.
Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.
Right, ok, so the problem with having a debate on this subject is that there’s no reason for this risk to exist at all. There’s no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.
If you’re weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.
Also, “nothing bad has happened yet” is not a valid argument and is a terrible basis for making risk decisions.
I see your perspective, but is there any similar instance that is not Lemmy.zip?
From another post
Lemmy.world is too big
sh.itjust.works names contains "shit", which can deter users
lemmy.ca is Canadian-centric
feddit.org, is German-centric, but technically English speaking too
dbzer0 is topic focused
programming.dev is topic-centric
blahaj is queer-focused
discuss.tchncs.de has a difficult name
lemmy.sdf.org does not defederate anyone
beehaw defederates LW and SJW
infosec.pub is topic-centric
aussie.zone is country-centric
midwest.social is region-centric
https://dnsrf.org/blog/the--zip-tld---ripe-for-abuse--but-so-far-so-good-/index.html
Not sure if that tone is the best for a healthy debate.
Right, ok, so the problem with having a debate on this subject is that there’s no reason for this risk to exist at all. There’s no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.
If you’re weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.
Also, “nothing bad has happened yet” is not a valid argument and is a terrible basis for making risk decisions.
I see your perspective, but is there any similar instance that is not Lemmy.zip?
From another post
https://lemmy.dbzer0.com/post/37336391?scrollToComments=true
https://lemmyverse.net/?order=active_month
‘This bridge is literally held together with duct tape, but it hasn’t killed anyone yet!’
I’m with you, unecessary risk. Thank you for the explanations.