[yafinder]

For something that you think is a de-facto standard, public suffix list seems kinda raw to me for now.

I checked it for two popular public suffixes that came to mind: 'livejournal.com' and 'substack.com'. Both weren't there.

Maybe I'm mistaken, it's not a bug and these suffixes shouldn't be included, but I can't think of the reason why.

[jeroenhd]

I don't know about LiveJournal, but I don't believe you can host any interactive content on substack (without hacking substack at least). You can't sign up and host a phishing site, for instance.

User-uploaded content (which does pose a risk) is all hosted on substackcdn.com.

The PSL is more for "anyone can host anything in a subdomain of any domain on this list" rather than "this domain contains user-generated content". If you're allowing people to host raw HTML and JS then the PSL is the right place to go, but if you're just offering a user post/comment section feature, you're probably better off getting an early alert if someone has managed to breach your security and hacked your system into hosting phishing.

[asddubs]

The public suffix list interferes with cookies. So on a service like livejournal, where you want users logged in across all subdomains, it's not an option