Perhaps more concerning is being able to use this to launch a denial of service attack on a server that accepts zipped data. Gzipped requests are unusual with HTTP (no idea how widespread support for it is), but iirc SPDY is compressed by default.

Maybe not at the transport or protocol level, but it wouldn't be too hard to DoS an application server that handles compressed data, such as images.

Make a billion-pixel PNG image that compresses very well, upload several copies simultaneously to a LAMP server running on an average Linode, and watch it run out of memory while trying to create thumbnails with GD.

PHP usually has a pretty reasonable memory limit set, so it would puke on itself pretty quickly.

But I don't think you'd bring the site down.

Fair enough, but I've been on Linode's forums long enough to have seen dozens of people running 50 PHP processes with 128MB memory limit each, on a 1GB server shared with MySQL and a bunch of other crap. (It seems that 128MB is the new "reasonable memory limit" these days, since that's how much RAM it takes for PHP to handle photos from 8-to-12-megapixel cameras and smartphones.)

Also one can try to bomb virus scanners (on PC or on a mail server (using e-mail attachment)) or any other service which supports uploading+extracting zip files.

Do you have a link, by any chance?

Unfortunately I do not. This is where that project to store all your browsing history "in the cloud" (preferrably your own "cloud" would have been handy. So you never again miss something and go searching for it again, you know youve seen it -> search in your own history which contains the content right then as it was.