zapto.org in add.Risk from hostsfile.org

[naturalpb]

I run a personal site as a subdomain of zapto.org (ex: test.zapto.org). *.zapto.org are subdomains provided by No-Ip for Dynamic DNS.

I noticed that zapto.org and therefore all subdomains are being blocked by the Steven Black host blocklist. I understand that Dynamic DNS subdomains can be risky, but is the intention that they all be blocked? I know of other Dymanic DNS domans that are not blocked.

Some FQDN zapto.org hosts are blocked in the list specifically, and that seems to be the right balance (ayada.zapto.org, havijrat.zapto.org, mesopotemia222.zapto.org, etc).

Can zapto.org (and *.zapto.org) be removed from the add.Risk blocklist from hostsfile.org that's being applied to Steven Black's blocklist? I attempted to message the maintainer(s) of hostsfile.org directly, but haven't been successful and their blocklist was last updated almost three years ago now.

[FadeMind]

@StevenBlack can you please look it before I'll take any steps?

[StevenBlack]

Hi Tomasz @FadeMind its hard to judge because hosts files don't capture subdomains. I can't comment about what happens downstream in derivative applications.

[naturalpb]

I'll chime in and say that Ublock Origin on Firefox blocks my subdomain due to the zapto.org match when loading the Unified Hosts as a custom filter list. I originally reported this to NextDNS and they fixed their own blocklist and sent me your way.

[FadeMind]

@naturalpb This domain is listed in add.Risk for reason known only by maintainers of original hostsfile.org. Like you say. There is no feedback from them, so I really don't know if unlock whole zapto.org is really safe for others.

You can always exclude this domain in setup your customizing.

Self zapto.org redirect to service offer http://freeddns.noip.com/?d=zapto.org&u=emFwdG8ub3JnLw==

IMHO is SAFER blocking them against possibly risks and unlock if REALLY needed. NextDNS take responsibility for this whitelisting in service.

Regards

Tomasz

[naturalpb]

@FadeMind my concern isn't primarily for my own use, but for the 70+ users of my site. Many of them are technologists and use the same security and privacy tools that I do. I could move to another Dynamic DNS service that isn't currently in a blocklist, but that doesn't address the main issue.

Is blocking Dynamic DNS providers at the root-level intentional? As you stated, that's a question for hostsfile.org, which I have asked to no avail. Another concern would be that the maintainers haven't updated their blocklist in three years, making me think that it has been abandoned and should possibly be forked.

[FadeMind]

@naturalpb @StevenBlack

Reference https://oisd.nl/excludes.php?w=zapto.org

Regards