Image: Mozilla

The latest version of Firefox, Firefox 90, has dropped support for the long-standing File Transfer Protocol (FTP). Mozilla confirmed its decision to drop FTP from Firefox in a blog post published last week, noting that FTP is a significant security risk due to its tradition for transferring data in cleartext. This allows attackers to steal, spoof, and modify any data transmitted via the aging protocol. FTP has actually been disabled by default since Firefox 88, but Mozilla is now removing it altogether.

Image: Mozilla

Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox’s HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.

Source: Mozilla

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation

7 Comments

  1. [QUOTE=”Grimlakin, post: 38304, member: 215″]
    Wait what about sftp?
    [/QUOTE]
    I don’t think it ever supported it.

  2. As for removing support for things, this is outrageous. I’m sick and tired of these self righteous developers thinking their users are utterly useless fools. I don’t need you to protect me, capiche? I’ll decide what’s dangerous and what is not. What do you expect anyway? That people will not download a file from an FTP that they need because you dropped support? NO, they’ll just look for another software, that might even be actually dangerous, who knows what kinds of dodgy ftp clients are out there.

  3. Lordy I haven’t used FTP in like 20 years… they might as well not support dial up BBS’s…

  4. [QUOTE=”Burticus, post: 38428, member: 297″]
    Lordy I haven’t used FTP in like 20 years… they might as well not support dial up BBS’s…
    [/QUOTE]
    Very rarely I’ll run into something where FTP is the only option, but only very rarely, and I never thought to use my web browser for access… I just use a FTP client. For my own use, yeah, SSH / SFTP has long since replaced FTP (and even that is archaic by most modern standards I am sure)

    I suppose – I get that browsers want their browser to be the only thing you need. But I really just need it to.. browse the web. Any protocol beyond HTTP/HTTPS is superfluous.

    I didn’t really care that Firefox/et al supported FTP to begin with, and I don’t really care that they are removing support for it.

  5. We regularly use FTP to send data to clients and contractors that can’t be emailed. And some of these are not exactly tech savvy, so we can’t realistically expect them to install and use an FTP client.

    What benefit would anyone have in intercepting an unencrypted FTP download of files that are of no practical use to anyone but the intended recipient?

  6. [QUOTE=”MadMummy76, post: 38452, member: 1298″]
    We regularly use FTP to send data to clients and contractors that can’t be emailed. And some of these are not exactly tech savvy, so we can’t realistically expect them to install and use an FTP client.

    What benefit would anyone have in intercepting an unencrypted FTP download of files that are of no practical use to anyone but the intended recipient?
    [/QUOTE]

    Well I can see Firefox not wanting to accept any liability for someone who does decide to send something sensitive and is shocked when it gets hacked, or something sends something where they don’t realize it does contain sensitive information.

    Of course there is no benefit to hacking noise. But the problem is you can’t limit it to just transmitting non-sensitive data – the protocol has no way of knowing if the data is important or not. I absolutely don’t blame Mozilla for wanting to drop support for non-encrypted or insecure protocols. There is no shortage of other programs that will continue to allow you to use those if you really need them.

    There are also tons of other options for sending large files apart from just FTP too… I mean, if you still want to send clients a link and not use a cloud service like Dropbox or Onedrive, why not just host the file on a HTTPS server – it’s not any harder than hosting it on an FTP server is and you can still use browser links.

Leave a comment