
Chrome to Deprecate FTP Support - d3sandoval
https://www.chromestatus.com/feature/6246151319715840
======
jackfraser
Lame. Is there any real reason to do this? Does the code take a lot of
maintenance, aimed as it is against a protocol from 1971? Is there a reason to
cut people off from easy interoperability with links on the older parts of the
web, many of which surprisingly do still work?

FTP sucks, sure, we get it. No reason to use it now. Still, Google seems to
have a mission of deprecating the old Web, from their search results that push
that kind of content down, to their browser deprecations of FTP and Flash and
Java applets. How is one supposed to even see the old parts of the web
anymore?

~~~
londons_explore
The code is old, and hard to secure. It lives in the browser rather than a
subprocess, so is unsandboxed.

The FTP protocol itself isn't a nice binary protocol - it was designed for
humans to type by hand, so has a lot of flexibility, leading to a lot of
corner cases in the code.

There is also the fact that the flexibility of FTP allows the browser to
attack other devices on the local network. For example, I could navigate an
iframe to FTP://evil_payload@127.0.0.1:3389, allowing me to send a possible
exploit to your your machine, bypassing firewalls.

Considering how few people use it, and the risks it still poses to everyone, I
can see why they want to get rid of it.

~~~
coribuci
There is also the fact that the "modern browser" is no longer a browser but a
program which runs remote code with local privileges and sometimes with
elevated privileges. The main reason they want to deprecate ftp is the same
reason they used for other protocols: it is much easier to control 1 protocol
(https) instead of 10 (http, ftp, rss, ntp etc.). Especially when they decide
which certificate is trusted in their browser (which browser (engine) happens
to be the only one used by the majority).

------
PauloManrique
This will just break a lot of old sites still linking to FTP resources. Not a
bright idea.

