
Mozilla will remove FTP support in Firefox - resoluti0n
https://www.ghacks.net/2020/03/19/mozilla-will-remove-ftp-support-in-the-firefox-web-browser/
======
zzo38computer
I think FTP isn't a very good protocol anyways. HTTP and Gopher are better.
(HTTP does support most of the features, including authentication, uploads,
etc. The thing HTTP doesn't have is proper directory listings; I wrote a
document suggesting how this could be done, calling it "httpdirlist"
specification; it is a new MIME type, and then each record is a list of
records (formatted like a list of HTTP headers) separated by blank lines.)

~~~
Exmoor
I'm sorry, Gopher?

Has anything outside of some incredibly archaic library system even used
Gopher in the last 20 years? To me its one of those protocols that I only
remember because I hope to use it to answer some trivia question someday.
Right up there with Archie and Veronica.

~~~
zzo38computer
Yes; Gopher is still in use, although not much. You could probably find a few
Gopher servers still in use (I have found a few). I have my own Gopher server,
too.

------
kingpiss
I wasn't aware that was even a feature in Firefox.

fun fact, Windows has a built in FTP client in Explorer. Just enter an FTP
address into the address bar and then right click to login.

------
liquidify
I'm curious as to how many people use FTP in the browser?

~~~
arkitaip
I would genuinely be surprised if even 5% of users used FTP in the last year.
But damn do I wish they kept the feature in; Firefox should distinguish itself
as the tech worker's browser, sorta like a forensics live CD that has every
imaginable tool you need for deep work.

~~~
jmercouris
The tech workers browser is Next: [https://github.com/atlas-
engineer/next](https://github.com/atlas-engineer/next)

source: biased developer :-)

------
RandyRanderson
I can see many _tech_ ppl switching over to a chromium browser because they
_might_ possibly use ftp in the future and just want to install one browser.
It's those ppl that install (or even know about) FF, generally.

Other than a part time dev and some testing, it's hard to see the costs of
supporting ftp.

It's a string of decision-making like this that has made FF drop off the list
of "supported" browsers in many organizations and may lead to a 2 engine
Internet. This is bad for everyone, IMO.

Mozilla board: Look at your browser share: you need to replace the management
team immediately - we need FF.

~~~
untog
Chrome is also deprecating FTP so I don’t think that’ll happen.

Plus Mozilla isn’t an organisation the size of Google. They have to prioritise
what they’re going to support and it makes total sense to ditch FTP support.
I’m a professional web developer and I’d never choose which browser I use
based on whether it supports FTP. I barely ever use it, and when I do I just
use FileZilla or something similar that makes much more sense for FTP.

~~~
RandyRanderson
Re: chrome right but this would give ppl at least one reason to use FF.

Mozilla just does a browser (at least they should only do one) so 500MM USD
/year or whatever their budget is should suffice, right? [0]

I would be careful with FZ:

[https://www.reddit.com/r/technology/comments/8pdubg/filezill...](https://www.reddit.com/r/technology/comments/8pdubg/filezilla_contains_malware_in_latest_version/)

[0]
[https://www.computerworld.com/article/3322912/mozillas-2017-...](https://www.computerworld.com/article/3322912/mozillas-2017-expenses-
grew-twice-the-rate-of-revenue.html)

~~~
JohnTHaller
This was an old version of FileZilla from 2016 from a relatively short-lived
experiment when a previous incarnation of SourceForge was helping open source
projects 'monetize'. There was no malware and no infection. It was an online
downloader with bundleware.

FileZilla is solid software and every version has been clean. I know because I
scan every release in dozens of antivirus engines via VirusTotal as part of
packaging FileZilla Portable for PortableApps.com.

------
yingw787
Are there security issues with FTP, or do people just not use it enough
because HTTP supplants it? I haven't used FTP in a while to download files.

~~~
okraszo
For sure it is unencrypted, so it is vulnerable to man-in-the-middle attacks.

~~~
weare138
I'm sure the majority of people that still use FTP aren't relying on a browser
for access but people still use it. Why not just deprecate standard FTP and
only support FTPS and SFTP?

~~~
duskwuff
Because that'd amount to the same result as removing FTP. The "installed base"
of web-accessible FTPS and SFTP resources is essentially zero, and that's
unlikely to change -- if a web site was previously using FTP, they're probably
going to move those resources to HTTP/S, not to another protocol which has
limited browser support.

~~~
weare138
> The "installed base" of web-accessible FTPS and SFTP resources is
> essentially zero

Well that's true of SFTP, browsers don't support that protocol but I think
they should. But FTP is still ubiquitous on the internet and most browsers
like FF already support FTPS. To me it would make more sense to deprecate FTP
like HTTP and warn users when their logging in over an insecure protocol than
just kill the feature all together, especially if one of the primary reasons
is because "Google did it". FTPS uses the same URI as FTP (ftp://). FTPS is
common now, most people don't even realize they're using it. There are those
of us that still need to deal with FTP and being able to click on a link in
the browser rather than use a separate FTP client is just convenient. Just
make it an optional feature and disable it by default.

~~~
duskwuff
> Well that's true of SFTP, browsers don't support that protocol but I think
> they should.

They should not. SSH -- which is used as the transport for SFTP -- is a rather
large and complex protocol. Implementing it in browsers would significantly
increase their network attack surface, while providing few (if any) new
capabilities. (What does SFTP provide to the browser that isn't possible with
HTTPS?)

> FTPS is common now, most people don't even realize they're using it.

Can you give an example? There are no major web browsers which currently
support FTPS -- it is not present in Chrome, Mozilla, nor Internet Explorer.

------
seemslegit
NOOOOOOOOOOOOOO... yeah ok.

------
rolph
there are still FTP clients, and servers around.

there is even an FTP indexer:

[https://www.securitynewspaper.com/2018/12/10/list-of-all-
ope...](https://www.securitynewspaper.com/2018/12/10/list-of-all-open-ftp-
servers-in-the-world/)

[https://www.searchftps.net/](https://www.searchftps.net/)

------
bifrost
Oh wow, thats really lame. I actually use that pretty regularly....

~~~
Someone1234
Just map the URI to a real FTP client using the operating system.

------
getpolarized
I love discussions about browsers on Hacker News! They're amazing. Half the
people ranting how some insanely complicated technical decision is going to
ruin the world, the other half yelling at them that this is necessary, others
ranting about how the vendor is evil for some reason, etc. Just lovely!

~~~
Arubis
You're going to love [http://n-gate.com/](http://n-gate.com/).

~~~
arkitaip
I can't believe they have a dysfunctional captcha (doesn't display a captcha
at all). That's hilarious considering how critical n-gate is about useless
tech.

~~~
saagarjha
I would lean towards it being a joke.

~~~
arkitaip
I think you are right?? The writeups are still accessible thru the nav menu.

------
throw7
Insecure? Bullshit. They should remove http then. I'd respect them if they
just said they're lazy and don't want to support the ftp protocol.

~~~
Someone1234
> They should remove http then.

They're working on it. It has and will continue to be deprecated with ever
increasing security warnings.

But the reason why FTP got pulled and HTTP hasn't is simply usage. The FTP
client in browsers is terrible, and anyone using FTP professionally is using a
better client (e.g. multiple connection modes, resume downloads, concurrent
streams, etc) or has already migrated to FTPS or SFTP.

FTP just adds attack surface and maintenance cost.

~~~
wolco
You probably don't realize many links you click are ftp links that will now be
broken for you.

~~~
Someone1234
I'd realize immediately since those links would be broken. I have had:

network.ftp.enabled: false

set since it was introduced in Firefox 60 (over a year ago). I've had a total
of one link broken in that time.

------
coribuci
One more reason not to use firefox. Firefox became the younger brother of
Chrome. Why they can't be independent and think for themselves ?

~~~
preinheimer
So what are you suggesting?

~~~
codr7
Flagging a problem doesn't mean you're required to provide a solution.

Mozilla has been cutting useful features from Firefox at an increasing rate,
and there are no real alternatives out there.

The whole point of having multiple implementations is that they are different,
and Firefox is quickly turning into Chrome with a new logo just like Internet
Explorer.

