Gongol.com Archives: May 2023
May 12, 2023
Google has proudly announced the opening of eight new top-level domains (the part of a website address that comes last, like ".com" or ".gov"). Among them are ".zip" and ".mov", which are already well-established filename extensions (as in, ".doc" or ".txt"), for compressed files and for movies, respectively. ■ Making .zip and .mov into top-level domains is an extremely bad idea. And someone at Google should have known better and put a stop to it. Files that absolutely, positively should not be opened are going to get clicked as a result of this decision. Good cybersecurity practice says never to open a file ending in ".zip" without clear knowledge of its contents ahead of time. The same goes for most other files, including ".mov". ■ That advice is important to follow. People are often the easiest way to hack into networks. But how will cybersecurity practitioners be able to convincingly advise the people they're trying to protect not to click on things that say ".zip" if there are websites with exactly that extension in their names? That's really the only purpose of a domain name -- to be clicked! ■ Trust is vital, and so are the guardrails around trusted interactions. Top-level domains that share their letters with filename extensions only invite people with bad intentions to take advantage of their fellow human beings. And they will, certainly without delay. Blurring the lines between "things you should never click without extreme care" and "things you are being asked to click because that's exactly what they're for" is a terrible decision on the part of people who should know better. ■ If you want to hold on to an advanced civilization, you can't let unforced errors like this go through, whether you're Google or any other trustworthy institution in the world. There's no urgent need for new top-level domains -- we could have stuck with nothing but ".com" forever, and it would have been enough. People would have adapted around that arbitrary limitation. That we created many more -- including geography-based extensions like ".ly" for Libya that now find second lives as clever domain-name workarounds -- has only ever been a matter of increased convenience. ■ Everyone who likes living in a functioning society has a part to play in protecting themselves and others. Most of the time, that takes place by following the expert advice of others. But sometimes, it requires applying one's own expertise in order to put the brakes on bad ideas that could put others at undue risk. ■ Someone -- anyone -- at Google should have known enough to call this out as a bad idea. Nobody is going to die if they don't get to name their domain "mylovelywebsite.zip". But eroding good cybersecurity hygiene practices in a time when almost everything is connected? That really could get someone hurt. Don't be evil.