Basically title, curious as I know this had been brought up a while ago but never really followed up on the topic

  • BehindTheBarrier@programming.dev
    link
    fedilink
    English
    arrow-up
    17
    ·
    2 months ago

    They are just more likely to be scam like, particularly since they can be assumed to be a file at a glance.

    Even more deviously, crafty urls like this further hides what you are actually doing, like this:

    https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip

    Hover it with your cursor, watch what that actually links too, no markup cheating involved. Anything before the @ is just user information. Imagine clicking that and thinking you downlodaed a tagged build, only to get a malware?

    It’s not the end of the world, but as a developer it makes great sense to just auto-block it to avoid an incident. The above URL is from this article, which says it’s not as big of huge problem too:

    https://www.theregister.com/2023/05/17/google_zip_mov_domains/

    But it’s kind of a death by a thousand cuts to me, because it’s another thing with another set of consideration accross the internet ecosystem that one will have to deal with.