[SimonPStevens]

Not sure it matters that much.

Most non-technical people I know wouldn't have a clue what a .zip was. Windows has hidden file extensions by default now for decades. And having a phishing link in an email that says something.zip but links to somethingelse.com is a basic scammer 101 level technique. Why would it matter if the .zip was a real part of the URL or not.

Don't get me wrong, I dislike all of the generic TLDs, and the registration process behind them. But of all the points to argue on them, this seems like the weakest and least relevant.

[ricktdotorg]

> Most non-technical people I know wouldn't have a clue what a .zip was

perhaps i am getting mussed up by the definition of "non-technical people" but i've worked directly with many, many non-technical people over many years who definitely knew what a zip file was and what it was for. they might not all have necessarily known how to _create_ a zip file, and sure i had to coach/train a few here and there who legitimately didn't have a clue, but i think if you're talking about anyone who has used a computer for a large-ish piece of their work (whether it is "technical" work or not) in the last 10 years or so, the chance of them having more than no clue about what a zip file is, is higher than you think it is.

i can think of multiple instances each of accountants, graphics/media/designer folks, scriptwriters, admin/executive assistants, chauffeurs, playwrights, stagehands, light/rope riggers, costume designers/tailors, HR folks, security guards, painters, writers etc who have had to deal with .zips.

would a 20-years-exp industrial lathe engineer/specialist know what to do with a zip? maybe? maybe not? depends if they like to mess around with computers after hours or does their company distribute work orders via email? if so, maybe they've dealt with a zip.

if a "non-technical person" is someone who doesn't use a computer very much, then yeah, i'm with you. i personally wouldn't consider a junior graphic designer to be "technical" but i'd bet you all the money in my wallet that 95/100 of junior graphic designers know what to do with a .zip file.

BTW everything else you said, i 100% agree.

[trhr]

> would a 20-years-exp industrial lathe engineer/specialist know what to do with a zip?

Are you kidding? That guy has to convert his files to binary, put them on a USB drive, carry them to SunOS server, plug them in, and type something in a command line to send the binary over Serial to his CNC machine.

Industrial equipment isn't EOL at 30 years, it's "lightly used." You'd be floored at how much "ancient" tech knowledge is required to operate it.

[meshaneian]

And this is why https://www.floppydisk.com/ is still doing well.

[doubleg72]

Not to mention rs-232

[voytec]

RS232 has adjustable frequency whereas USB can't be configured this way, making it useless for GPS devices used for time synchronization and such.

[kevinmchugh]

My gut is that anybody who has used a smart phone more than a traditional desktop OS is less likely to know what a zip is

[Eldt]

It's a shame to see our beautiful gardens all walled up

[Arrath]

It's not so much (or just) walled gardens, its the hiding of the more fundamental layers of the system from the user.

A user doesn't navigate through the file system to a folder where they've saved a bunch of notes in discrete text files of some format or another, they start up a notekeeping app and use its interface to open their notes. Where are these notes saved? That is either hard to find in the bowels of the settings of the app, or entirely hidden and they're saved in a database accessible only to that specific app.

[cratermoon]

> saved in a database accessible only to that specific app

Or worse, on some disk “in the cloud" rented by the app maker, subject to subscription fees and the stability of the company.

[fennecfoxy]

It's more convenience actually. The same path that took us away from interacting with our computers purely via a terminal connected to a mainframe.

The cycle of grumpy old men will go on, gen Z will fondly remember the tech of their day and think that later gens are lazy/too trusting for letting AGI manage their lives.

[Dylan16807]

Maybe. A phone will cause more hassle if they do get a zip file, so they might be more likely to remember that.

[cm2187]

Those are the most dangerous. They will happily open a file suffixed .zip.exe when windows hides the extension and it shows as .zip.

[wildrhythms]

I genuinely believe this one change in the name of 'aesthetics' (or whatever justification was created for this) has caused real, material hurt for people.

[Lammy]

Indeed https://en.wikipedia.org/wiki/ILOVEYOU

[themagician]

Junior graphic designer is most definitely a tech person… they are literally working on a computer every day all day long. I think sometimes people lose sight of just how much of a bubble they are in.

Those who are old enough to remember when files had extensions might know. Those who work with a file system daily know. In both cases we are talking about extreme minorities now.

[iamdamian]

To avoid a No True Scotsman impasse, who exactly are we talking about that doesn’t know what a zip file is? Someone who doesn’t use a laptop for their day job?

[joseda-hg]

Someone like my mom, she knows Spreadsheets as green files, and other than the color and that they open Excel, for her they're the same as any other file (Windows default hiding extensions doesn't help either)

Recently, she asked me to put a set of documents into a folder (She meant a compressed file) because some page required it

I have always found it fascinating, considering she has worked with Office products for the last ~20 years

[RajT88]

It's wild to me some of the things I never knew, even though I've been using Windows or DOS for probably 35 years.

For example, I recently learned you can't name a file CON. Try it. Somehow over all those decades, I've never tried to do this until Tom Scott made a video about it:

https://www.youtube.com/watch?v=bC6tngl0PTI

[majormajor]

I'd wager that you're going to have low familiarity at best among people under 30[0] where computer use is ancillary to job at best, so all sorts of "technician" type jobs[1] plus warehouse work, transportation, and other public-facing roles like retail, police, fire...

I would make a weaker claim than "doesn't know what it is", there are probably a lot of people there who at one point have seen "files.zip" in gmail and then downloaded it and double clicked it to expand it or such, but I don't think any of them are going to be confused by URLs with .zip domains.

I'm actually curious about the intended distribution of this website - it's header is "If you clicked on this domain by mistake" but... I clicked on it very intentionally from an HN link, so didn't expect a file attachment at all; not sure what the scenario is where something could look like a file but actually be a link? E.g. if it's on a malicious website you could easily trick users with "Download stuff.zip" link text that actually points to "bobsmalware.com" or whatever, which works just as well for anyone loosely familiar with .zip files but not sophisticated enough to not trust the text vs the actual link pointer. Just like the original comment from `SimonPStevens says.

[0] grew up on mobile, not on desktop/laptop

[1] medical, physical therapy, landscaping, painting, mechanical, etc

[micromacrofoot]

Yes, there are still huge numbers of people who don't own a computer other than their smart phone.

[ssss11]

I think they mean people who are not good with computers - a subset of non-technical person.

Think of your 80 year old granny, or the guy down the road who’s never owned a computer.

Maybe you don’t have many in your circle but they are everywhere.

[mywittyname]

I don't necessary agree with this argument. Normal people call some files by their extension pretty often -- pdfs, jpegs, gifs, zips, mp3s, etc.

While an OS may hide extensions, not everything does. Notably, gmail shows the file extension for attachments.

[xboxnolifes]

People call things by their common social usage and program association. If all mp3 files types got replaced with a random new standard like "fmp" overnight, id bet my life that most people would continue calling them mp3s for years.

See: people calling any animated image a gif, even though many are apng or webp

[kerkeslager]

Why are people so confident in making generalizations about users?

I've seen my aging father change settings on a new computer to turn on showing file extensions on Windows, because he and a lot of older users were on the cutting edge of computing back when knowing the file extension was useful for choosing how to open it.

Sure, I'm acutely aware that there are stupid users out there; I've worked I.T. But there is also a whole spectrum of computer users with varying levels of computer proficiency out there, who us "computer people" don't see because they're not the ones who necessarily need help or cause problems. You can't necessarily extrapolate a visible minority of incompetent computer users to make statements about the entire population.

I don't necessarily have an opinion on whether that's enough justification to get rid of the .zip TLD. I'm just tired of the anti-user sentiment I'm hearing here.

[trhr]

> I've seen my aging father change settings on a new computer to turn on showing file extensions on Windows

Man, you're lucky. My aging father doesn't know how to change the inputs on his TV. And he doesn't understand why "our Internet is down" implies "the TV will not work" when the TV is clearly working, because it's telling him that it "can't connect."

[iudqnolq]

Technical people are the same. See for example SSL.

[jeremyjh]

Yeah. It is embarrassing to learn this when a PCI auditor says, "wait you don't actually still use SSL do you?"

[xboxnolifes]

Yup. My generalization wasn't about non-technical users. I'm also including my friends (and myself!), some of which who are software engineers, in the category who call animated images gifs.

[kaycey2022]

Not true. 4chan’s gif board is pretty famous for the… uh funny webms.

[Swizec]

> If all mp3 files types got replaced with a random

See also: “Why does the Save icon look like that?” Most computer users these days have never in their life seen a floppy drive, but they still recognize it as the save icon.

[manojlds]

Which would then be the case for Zip too.

[xboxnolifes]

Yes, but my point is is has nothing to do with the extension. It could be a zip, rar, tar.gz, whatever. If they could all be opened in a default windows zip program, most people would call them all zip files.

[grishka]

By the way, Windows hiding file extensions by default must've contributed to people getting scammed more than anything. The classic technique of getting someone to download and open what looks like a benign file but is actually an .exe with that file type's icon would've not worked nearly as well if file extensions were shown by default.

[fsckboy]

computer people are used to rigid syntax rules because unambiguity, and they are willing to accept "line noise" syntax because they hate ambiguity even more.

as you point out, a .exe hiding behind a .zip is a problem caused by hiding extensions. and if we still lived in the 16bit DOS/Windows world, btw, MICROSOFT.COM would be a super problematic thing to click "especially-whether" the "extension" is shown or not (in 16 bit MSDOS, .COM is just as much a .EXE as .EXE is)

I'm just writing to extend your thought to the hiding of http:// and also www.

That's what introduces these problems, not a .ZIP tld, and I suspect/know it's the same people with this same type of thinking (whackamole problem solving) who think hiding http:// is a good idea (thereby causing the problem) and then suggest to fix any problems with more regulatory agencies to control what TLDs get created, what words we're allowed to use where, etc. (thereby causing new problems)

I'm not saying computer people "know better" and therefore invent systems that are tolerable to normies, I'm just saying I can't stand when normies are in charge of things that matter to me.

[int_19h]

The whole .COM/.EXE thing is not limited to 16-bit DOS and Windows. For a very long time now, Windows simply treats both extensions as the equivalent of chmod +x, but the way the binary is loaded does not depend on the specific extension. That is, if a .COM file has a 64-bit PE header, it will happily execute on Win11.

Indeed, a bunch of system binaries are themselves like that for historical reasons - CHCP.COM, FORMAT.COM, MORE.COM etc - because they originally had such names long ago in DOS, and someone somewhere might have a batch file that includes the extension.

[CodeHz]

Btw, you can even run a executable file which has been renamed to any extension (.txt or .whatever) in command line. (See PATHEXT env) It just recognized by the explorer (and shellexecute api’ third parameter). So that’s mean all files have “executable” permission by default.

[JohnFen]

> they originally had such names long ago in DOS

And DOS got them from CP/M before it.

[ChainOfFools]

but it would have had to be named MICROSOF.COM

[blackoil]

You'll get access codes for Building 7.

[ChainOfFools]

the one with the VIP lounge, right?

[8organicbits]

I haven't used Windows in a while, but doesn't the OS track "mark of the web" and alert users when they try to run something they downloaded? Not to say that most users won't click continue, but that feels like the bigger, more visible warning than a file extension.

[greiskul]

Users have been trained on Windows to click OK, automatically, without reading, on any pop-up that appears.

[lightfield1002]

Not just on Windows. Modern web pages are full of cookie banners, sign-up-for-newsletter banners and please-sign-in-with-facebook banners. It's become a sport to ignore what's in popups and quickly find the right place to click to get rid of them (an OK button, a little "x" in the upper right corner, ...)

Which is a bit ironic since there was a time where browsers would routinely open popups in new windows, upon which it was immediately misused by ads, upon which browsers implemented counter measures. We're just in the next iteration of this.

[ericlaw]

There is no visible "OK" button on a SmartScreen reputation warning.

[geysersam]

The way Windows handles these things almost makes you think they want to handicap their users to make the transition to something else more difficult.

A responsible OS should help educate and empower their users. Windows just want them to stay where they are, use Office and only install programs from their official store.

[gkoberger]

What if someone legitimate writes "download assets.zip", and GMail (aka Google, aka the owner of the .zip tld) starts converting it to a URL like they do with .com?

It's worse than phishing, because it could be a legitimate email from someone you trust.

(Overall, I mostly agree that the issues are ultimately somewhat minimal... but this is a situation where there's absolutely no upside and only downside.)

[RajT88]

Lots of mail clients and messaging apps detect domains and helpfully turn them into clickable links. None of the ones I use for work are doing this for .mov or .zip (yet), but I'm sure something will at some point and it will become a target for phishing.

> Windows has hidden file extensions by default now for decades.

Thankfully this is easy to turn off. I hate it, and it makes me mad for a few seconds each time I get a new machine/OS install.

[JohnFen]

I dunno. I think most non-technical people know that .zip indicates a zipfile, and know what a zipfile is.

> Windows has hidden file extensions by default now for decades.

It amazes me that they won't stop doing this. The security problems around it are enormous, not to mention that it causes a lot of confusion that isn't easily resolved by non-technical people.

[moritzwarhier]

Normal people don't know about TLDs and what that term means.

So the question is: is there another convincing reason for allowing this TLD on an internet level?

And what would you think about a .pdf or .docx TLD?

[moffkalast]

The question is why are these things even limited to a fixed predefined set and not allowed to be arbitrary of some max string length, given that the rest of the domain name already is.

Or why even require a fixed extension given that it's a recursive system anyway.

[rezonant]

There's a number of complications with a wide open gTLD system.

1. Local DNS resolution. Bare (non-gTLD) DNS names are common in business networks, and although the expansion of the existing gTLD set complicates that, opening it wide can have unintended resolution impacts for these networks.

2. Browsers enforce security boundaries based on the origin of a site, and doing this is complex due to things like .co.uk. A naive implementation would grant all .co.uk domains into a single origin. The problem comes into play when looking at local DNS names. Without a known gTLD on the end of the DNS name, the browser assumes the root of the origin is the hostname itself. That is, given a locally resolvable http://bar and a locally resolvable http://foo.bar, both sites can communicate without restriction with respect to the Same Origin Policy. If we were to make gTLDs arbitrary, we'd have to break that behavior which could break a lot of intranet applications.

[moritzwarhier]

"Just enter 'Max-Miller-2023-05-13.your-receipt.pdf' into your browser's address bar and you'll see the receipt :)"

[moffkalast]

i suspect most people would fall for that even if it was a .com

[ipaddr]

Zip files are probably the one extension a normie would understand at least anyone who has worked in an office.

[duckqlz]

I absolutely agree. If it were a ‘.html’ extension that opened a self extracting zip we would have an issue but I struggle to see the danger with this. If someone, technical or not, is already accepting the risk of opening a ‘.zip’ file from an unknown source the attack vector doesn’t grow by opening a webpage unexpectedly. Furthermore I can rename a malware.exe to malware.zip and send it out by email and the implications are obvious. Maybe the .zip TLD will dissuade technical users from accessing the domain but I hardly see it as a new danger that could be described as “evil” or “malicious” on googles part. I could be wrong and would love to hear a clever person think of a feasible attack but imo this does not warrant any panic.

[lightfield1002]

> Most non-technical people I know wouldn't have a clue what a .zip was.

Most non-technical people in the 40+ age range that I know are well aware what .zip was and still is.

Please don't consider your circle of peers in their 20s as a representative sample of society.

[ranger_danger]

Except you just did the same thing.

[Ekaros]

Young people might not. But I do believe most older people who used desktop OS. Know that zip is a file that contains well other files. Which is mostly sufficient level of knowledge.

And hopefully they are told that they might be risky.

[notfed]

The harm I see is that many chat applications will do inline previews of websites, even when simply pasting the domain name.

Though, I think the solution here is for apps to stop doing that.

[reqrbHVPetKGE57]

That's assuming apps and libraries even start doing that for .zip (which is unlikely), and is not in any way unique to .zip.

[notfed]

I can confirm (as the owner of a domain which is a common filename), your comment is overly charitable (and it is indeed not unique to .zip).

[jollyllama]

There's a sweet spot of knowing just enough to be dangerous, in this case. If you know what a .zip and can be convinced you need it but are not aware of the TLD.

[asddubs]

i'm not super convinced by the argument, the only thing I could think of would be a youtube comment talking about an actual zip file automatically turning that mention into a link. youtube specifically seems very eager with its auto-linking. though realistically, that's more of a youtube problem than a .zip tld problem