Monday, 26 November 2018

Google Wants to Remove FTP From Chrome. Would You Even Care?

Google has wanted to remove FTP from Chrome for years, and Chrome developers are taking a new step towards that goal. After all, FTP is an old, unencrypted protocol. We should have stopped using it years ago.

As Lawrence Abrams over at Bleeping Computer points out, an upcoming change means Chrome will soon download resources like images and PDF files from FTP (File Transfer Protocol) sites rather than displaying them in Chrome itself. However, Chrome will still display a list of each FTP folder’s contents in the browser.

This is all part of Google’s long-term goal to eventually get rid of FTP support. Mozilla has the same goal. FTP support is an old protocol. Like HTTP, it’s unencrypted. With the Internet moving towards encrypted HTTPS, we should also be moving away from FTP. The lack of encryption means people could snoop on FTP traffic or perform a man-in-the-middle attack to modify files sent over FTP.

Personally, I’d hate to see FTP support removed immediately. So many PC manufacturers host driver installers and firmware updates on FTP sites. Removing FTP support from Chrome means I’d have to use a separate FTP client to download them, and that would be annoying.

Of course, PC manufacturers shouldn’t be doing this. FTP doesn’t just have a bad user interface—it’s not secure. Hosting executable files on an unencrypted FTP connection means they could be modified in transit with a man-in-the-middle attack. That means malware in critical system files. By slowly minimizing FTP support in the browser, Google wants to encourage websites like these to ditch FTP so we won’t need it.

In 2014, a Chrome developer said 0.1% to 0.2% of Chrome users accessed an FTP site every week. That may be very few Chrome users, but it’s a lot of people. Google says there are over one billion Chrome users, which means that’s between one and two million people. That’s why Google hasn’t pulled the trigger yet. But it’s only a matter of time.

RELATED: Why Does Google Chrome Say Websites Are “Not Secure”?



from How-To Geek https://ift.tt/2ScvXof

No comments:

Post a Comment