When lemmy.zip was announced, a few people were concerned about the .zip, as it could create security issues. Has it been the case so far? Has anyone ever been blocked by a work firewall due to .zip?

⁨33⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨months⁩ ago⁩ by ⁨Blaze@lemmy.zip⁩ to ⁨home@lemmy.zip⁩

Basically title, curious as I know this had been brought up a while ago but never really followed up on the topic

source

Comments

Sort:hotnew top

BehindTheBarrier@programming.dev ⁨3⁩ ⁨months⁩ ago
I know my job banned .zip domains as soon as they leared of it. It’s an IT firm so they don’t really care to take any chances, and would rather just make exceptions if needed.

source
- 0x0@lemmy.dbzer0.com ⁨3⁩ ⁨months⁩ ago
  I don’t get what’s more concerning about the .zip TLD than any other one.
  
  source
  - BehindTheBarrier@programming.dev ⁨3⁩ ⁨months⁩ ago
    They are just more likely to be scam like, particularly since they can be assumed to be a file at a glance.
    
    Even more deviously, crafty urls like this further hides what you are actually doing, like this:
    
    github.com∕kubernetes∕kubernetes∕archive∕refs∕tag…
    
    Hover it with your cursor, watch what that actually links too, no markup cheating involved. Anything before the @ is just user information. Imagine clicking that and thinking you downlodaed a tagged build, only to get a malware?
    
    It’s not the end of the world, but as a developer it makes great sense to just auto-block it to avoid an incident. The above URL is from this article, which says it’s not as big of huge problem too:
    
    www.theregister.com/…/google_zip_mov_domains/
    
    But it’s kind of a death by a thousand cuts to me, because it’s another thing with another set of consideration accross the internet ecosystem that one will have to deal with.
    
    source
  - perviouslyiner@lemmy.world ⁨3⁩ ⁨months⁩ ago
    Software that creates hyperlinks whenever it finds text that might be a URL, combined with ubiquitous use of .zip extension for compressed files.
    
    source
  - ceiphas@lemmy.world ⁨3⁩ ⁨months⁩ ago
    ZIP Files are a constant source of exploits and Malware.
    
    source
    -> View More Comments
tamlyn@lemmy.zip ⁨3⁩ ⁨months⁩ ago
i would guess for the lemmy.zip people, if something annoying happens, we would consider to switch instances. But i haven’t heared something. Even if my workplace blocks lemmy.zip, would matter much for me. But it’s not even the case.

source
- Blaze@lemmy.zip ⁨3⁩ ⁨months⁩ ago
  That’s good. I’m asking mostly because I’m considering opening alternatives to Lemmy.world communities here, but I would like to avoid having people telling me that the domain name is an issue for them
  
  source
Draconic_NEO@lemmy.dbzer0.com ⁨2⁩ ⁨months⁩ ago
ISP or router seems to block .zip domains. I can only get access opening Tor, a VPN, or connecting from my phone on cellular or hotspot. I tried setting up custom DNS and even DoH but it didn’t work. Since federation is a thing I can still access from other instances but the images are all blanked or errored. Unless I’m on an instance that caches the icons and Post images.

I think my workplace does block them because I remember recommending to them that they do because of their abuse potential (financialstatement.zip), I don’t know if they still do though, I just know I recommended it and they said it was a good idea.

source
- Blaze@feddit.org ⁨2⁩ ⁨months⁩ ago
  Hey,
  
  Thank you for jumping here!
  
  source
  - Draconic_NEO@lemmy.dbzer0.com ⁨2⁩ ⁨months⁩ ago
    Anytime. Even though it’s an old post I’m sure I was able to provide something useful here.
    
    source