Firefox Drops FTP Support Due to Security Concerns

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
12,268
Points
113
firefox-logo-purple-1024x576.jpg
Image: Mozilla



The latest version of Firefox, Firefox 90, has dropped support for the long-standing File Transfer Protocol (FTP). Mozilla confirmed its decision to drop FTP from Firefox in a blog post published last week, noting that FTP is a significant security risk due to its tradition for transferring data in cleartext. This allows attackers to steal, spoof, and modify any data transmitted via the aging protocol. FTP has actually been disabled by default since Firefox 88, but Mozilla is now removing it altogether.



Image: Mozilla



Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS...
Click to expand...

Continue reading...


 
As for removing support for things, this is outrageous. I'm sick and tired of these self righteous developers thinking their users are utterly useless fools. I don't need you to protect me, capiche? I'll decide what's dangerous and what is not. What do you expect anyway? That people will not download a file from an FTP that they need because you dropped support? NO, they'll just look for another software, that might even be actually dangerous, who knows what kinds of dodgy ftp clients are out there.
 
Lordy I haven't used FTP in like 20 years... they might as well not support dial up BBS's...
 
Burticus said:
Lordy I haven't used FTP in like 20 years... they might as well not support dial up BBS's...
Click to expand...
Very rarely I'll run into something where FTP is the only option, but only very rarely, and I never thought to use my web browser for access... I just use a FTP client. For my own use, yeah, SSH / SFTP has long since replaced FTP (and even that is archaic by most modern standards I am sure)

I suppose - I get that browsers want their browser to be the only thing you need. But I really just need it to.. browse the web. Any protocol beyond HTTP/HTTPS is superfluous.

I didn't really care that Firefox/et al supported FTP to begin with, and I don't really care that they are removing support for it.
 
We regularly use FTP to send data to clients and contractors that can't be emailed. And some of these are not exactly tech savvy, so we can't realistically expect them to install and use an FTP client.

What benefit would anyone have in intercepting an unencrypted FTP download of files that are of no practical use to anyone but the intended recipient?
 
MadMummy76 said:
We regularly use FTP to send data to clients and contractors that can't be emailed. And some of these are not exactly tech savvy, so we can't realistically expect them to install and use an FTP client.

What benefit would anyone have in intercepting an unencrypted FTP download of files that are of no practical use to anyone but the intended recipient?
Click to expand...

Well I can see Firefox not wanting to accept any liability for someone who does decide to send something sensitive and is shocked when it gets hacked, or something sends something where they don't realize it does contain sensitive information.

Of course there is no benefit to hacking noise. But the problem is you can't limit it to just transmitting non-sensitive data - the protocol has no way of knowing if the data is important or not. I absolutely don't blame Mozilla for wanting to drop support for non-encrypted or insecure protocols. There is no shortage of other programs that will continue to allow you to use those if you really need them.

There are also tons of other options for sending large files apart from just FTP too... I mean, if you still want to send clients a link and not use a cloud service like Dropbox or Onedrive, why not just host the file on a HTTPS server - it's not any harder than hosting it on an FTP server is and you can still use browser links.
 
You must log in or register to reply here.
Become a Patron!
Back
Top