This article is more than 1 year old
RIP FTP? File Transfer Protocol switched off by default in Chrome 80
You can turn it back on, but why?
Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP).
While there has been somewhat of a kerfuffle around Chrome of late, the eagle-eyed will have noted that version 80, which debuted in the stable channel yesterday, has finally disabled the implementation by default.
You can still switch it back on via an option or command line flag (such as
--enable-ftp) but, to be honest, why would you? Google noted that usage in the browser was so low (yes, The Chocolate Factory is watching, always watching) that there wasn't much point in improving support.
While the likes of FileZilla can replace what is being sliced from Chrome, the time has surely come to follow the 2017 example of the Debian gang and shut down those old servers once and for all.
It has been a death by a thousand cuts for FTP in Chrome. Version 72 snipped off fetching document sub-resources over the protocol. A bug in 74 dropped support for accessing FTP URLs over HTTP proxies and went down so well that version 76 removed proxy support for FTP entirely.
FTP will lumber on in the browser, zombie-like, for a few more months. Version 81 will switch it off for all Chrome installations (not just non-Enterprise ones) and Version 82 should remove the thing once and for all.
The File Transfer Protocol has its roots in the happier, hippier times of 1971, when astronauts were still bounding about on the Moon. Over the years, it gained support for TCP/IP, IPv6 and, crucially, some security extensions.
Security is the key thing here. For example, FTP doesn't encrypt its traffic and anyone armed with a packet sniffer can read the content of transmissions. Solutions such as FTP over Secure Shell connections can help, but ultimately FTP itself is a protocol from a simpler and more trusting time.
Google's move may spur the last holdouts to type
QUIT, particularly with the culling of the code in the Enterprise version of the browser. The likes of FTPS, SFTP and HTTPS will shunt data around in a far more secure fashion. ®