[hatthew]

My first-order heuristic is that legitimate websites tend to get one of the top TLDs (.com/.org, maybe .net/.io). In general, why should I trust domain_name.xyz over domain_name.com? There are obvious caveats, e.g. it doesn't matter as much for generic words like "gem" and for personal sites that I don't trust much in the first place. In this case, 3 seconds of critical thinking makes it clear that they have a plausible reason for choosing .coop. But given that much of this controversy is premised on toolchain trust, there's plenty of other domains that seem even more trustworthy to me at first glance, e.g. gem-lib.org, gemcoop.org, stuff like that.

Again, a domain name is pretty minor in the scope of this whole fiasco, and I wouldn't have bothered with bringing up this point, but on balance I agree with it.

[ajb]

Using .coop is actually a costly signal that you are, in fact and in law, a cooperative; and intend to stay one; since non-cooperatives are not allowed to occupy those domains. Dot Org, while it's used by a lot of well known organisations, is an open domain that anyone can register in.

Of course, it's also true that many people won't have the spare time to find that out.

[krainboltgreene]

> My first-order heuristic is that legitimate websites tend to get one of the top TLDs (.com/.org, maybe .net/.io)

This is so funny to hear after 18 years in the west coast silicon-valley lead tech industry. All of the app, io, tv, tech, guru, and now ai I've seen and only when it's "coop" does anyone complain.

[hatthew]

I'm pretty sure people have been complaining about weird TLDs for as long as I've been on the internet. .guru, .tech, and .app are all equally untrustworthy to me. I don't recall seeing any .tv websites other than twitch. .io and (only recently) .ai are used often enough that it's contextually plausible a legitimate company would use one of those TLDs as their first choice, but if someone linked to chatgpt.ai or chatgpt.io for example, I'd still assume it's a scam.

[ruurd]

<quote>legitimate websites tend to get one of the top TLDs</quote> yeah. Sorry. That is unsubstantiated and by no means a good measure of trustworthyness.

[hatthew]

Luckily I track my browsing and have some stats I can share from the last 3 years on my non-work PC! Here's a breakdown (by time spent on website):

    94.3%: Original 7 TLDs + .io (which is common enough these days that I consider it no less trustworthy than .com).
     2.0%: Shortlink TLDs (e.g. .co, .it) that I usually only see when they are clearly associated with one of the TLDs above. Most of the time spent looking at these sites are when I right click -> open image in new tab, e.g. i.redd.it.
     0.7%: ccTLDs used as intended (sites associated the country's government, or personal websites that I don't put much trust into regardless of TLD).
     0.6%: twitch.tv; well-known enough that I don't have to think about its TLD.
     0.4%: .club; from a board game site my friends made me use. I inherently distrust this site regardless of TLD.
     0.2%: .wiki and .gg sites that are from a wiki moving away from fandom.
     1.8%: Remainder. Mix of things like .app, .xyz, .fun, etc.

Spot-checking a few dozen of my top sites in the last 1.8% shows that most are small/personal sites that I would not place trust into in the first place. Several are also websites like that .club site; garbage that at best are designed to shove ads in my face, and at worst are trying to pose as something official when they are not.

I only found a few websites that are official/authoritative for a substantial community or organization, but don't have one of the top TLDs: twitch.tv, arduino.cc, nouns.wtf, expo.dev, osu.ppy.sh, trackmania.exchange, dev.to, teenage.engineering, minecraft.wiki, *.wiki.gg, stackoverflow.blog, nebula.tv, perplexity.ai, and a few mastodon servers are the only sites in this category that I spent more than 60 seconds on in the last 3 years. Excluding twitch.tv, they combined represent <0.1% of my total browsing.

Thank you for making me look into this, I now trust my heuristic even more!