back to article RIP FTP? File Transfer Protocol switched off by default in Chrome 80

Chrome 80 emerged from Google this week with a few more nails to hammer into the coffin of the venerable File Transfer Protocol (FTP). While there has been somewhat of a kerfuffle around Chrome of late, the eagle-eyed will have noted that version 80, which debuted in the stable channel yesterday, has finally disabled the …

  1. chuckufarley Silver badge

    It's been way more than a decade...

    ...since I was last disappointed because I couldn't get a file via FTP. For than last "very many" years the closest I have come to using an FTP client is the rare use of ssh's sftp command and that is always to put something and never to get anything. So I don't think I would have even noticed if I hadn't read this article.

    1. Allan George Dyer Silver badge
      Mushroom

      Re: It's been way more than a decade...

      It's been almost that long since I was last horrified that a business was still running an FTP server, and wanted me to use it ("just upload your docs by ftp and we'll get it published" - me: resist temptation to check on their other projects).

      icon: it's the only way to be sure.

      1. Dan 55 Silver badge

        Re: It's been way more than a decade...

        Not really FTP's fault, they should have set up a user just for you.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's been way more than a decade...

          Or a general account with write only, no list, read, modify etc.

          1. Charlie Clark Silver badge

            Re: It's been way more than a decade...

            As has been standard for incoming for years…

            1. Allan George Dyer Silver badge

              Re: It's been way more than a decade...

              @Dan 55, AC, Charlie Clark - Yes, individual accounts or an anonymous upload account would have been a reasonable solution, back when ftp was relevant. The shared upload account with full read access switched my reaction from 'ftp, how quaint' to ** horror **. It's not the fault of the protocol, but it might be a warning of a lack of current technical skills.

      2. herman Silver badge

        Re: It's been way more than a decade...

        An FTP server can be very good for certain uses. If it is configured in a split mode for uploads to one directory and downloads from a different directory, then it is perfectly fine.

        In your example, if it only allows uploads, then it doesn't need any more access control, it 'Just Works' (TM) is zero maintenance and works with any computer with zero setup required.

        Some practical examples where anonymous FTP servers work perfectly are publishing houses and PCB manufacturers.

        1. Charlie Clark Silver badge

          Re: It's been way more than a decade...

          Exactly, just set up a project to do exactly this albeit with SFTP for the transport.

      3. boltar Silver badge

        Re: It's been way more than a decade...

        If you're horrified then you're clearly not aware that ftp clients are very useful for automation on the command line and ergo in a back end daemon process. Browsers? Not so much. And yes, you can substitute wget on HTTP sometimes , but not when javascript is involved , which it always bloody well is these days.

        1. This post has been deleted by its author

      4. Bruce Ordway

        Re: It's been way more than a decade...

        >>a business was still running an FTP server

        I also work with one company with FTP - where browser(s) routinely failed.

        My best transfers results have come via FileZilla.

        >> temptation to check on their other projects

        As far as I can tell, they've locked FTP folders pretty tight.

        It's to a point where I can't even see my own stuff, let alone others files.

        After transfers, I must email and ask for receipt confirmations.

        For a period, file corruption was common when transferring filet to them via FTP.

        Was actually faster to burn a CD and mail it.

        Never was able to identify the source of that problem - finally just "went away" one day.

        1. Charlie Clark Silver badge

          Re: It's been way more than a decade...

          Sounds like the company doesn't have a very good setup. FTP may be insecure but is otherwise a very reliable protocol with support for partial transmission and resumption, because at the time connections were generally flaky.

          That said, depending on the size of the data being transmitted, hard copies are still often faster.

        2. Robert Carnegie Silver badge

          Corruption?

          ftp has an "ascii" mode as well as "binary". Data is treated as text, and file line-breaks and end-of-file marks are swapped for the formatting codes of the destination file system. So, different on Apple, DOS/Windows, UNIX. Consulting Wikipedia, it appears that ASCII text is treated as converted to "8-bit ASCII" when sent, then converted again on the receiving system. "EBCDIC mode" and "local mode" are escribed sounding like equivalent to "binary" with no translation of data. Or is there an ASCII-EBCDIC conversion in there?

          So, yeah, that'll blip your zipfile.

    2. jake Silver badge

      Re: It's been way more than a decade...

      That's nice and all, but who made the gookids the arbiter of what protocol I am supposed to use? Some of us don't need, nor do we want, to be protected from ourselves.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's been way more than a decade...

        Indeed, when transferring media files to/from my old humax box, you had to use ftp; it was way too underpowered to cope with sftp/scp ... (well, unless you were really quite remarkably patient)

      2. joeW

        Re: It's been way more than a decade...

        I somehow doubt you're using Chrome for anything Jake, least of all as an FTP client ;)

        1. jake Silver badge

          Re: It's been way more than a decade...

          First they came for FTP in Chrome, and I did not speak out ...

          ... Because I was not using Chrome.

    3. Plest
      Happy

      Re: It's been way more than a decade...

      You've obviously not ever worked in finance industry lately!

      There are way too many price vendor agencies that only deal in FTP service to provide, what I will grant is public price info, but it's still quite shocking. I've converted more of our client processes from SFTP to FTP in the last 12 months though, no doubt a consequence of GDPR but it's still pretty bad out there.

  2. This post has been deleted by a moderator

    1. MiguelC Silver badge
      Facepalm

      Re: File Transfer Potocol

      A time where security was not on the minds of the people designing the Internet. Sometimes, change is good, you know?

      1. Brian Miller

        Re: File Transfer Potocol

        Clue: When logging in as user 'anonymous' and your email as your password, the security of the data is rather irrelevant.

        And when we wanted to do business securely, we used a physical thing called "cash". When we wanted to send confidential data, we encrypted it first, and/or sent it on a physical medium through registered mail.

        Grasshopper, when you can snaffle the data transferred by punch cards in the TEMPEST room, etc., etc.

        1. Anonymous Coward
          Anonymous Coward

          @Brian Miller - Re: File Transfer Potocol

          Usually if user is anonymous the email address is never checked so my favorite address na@no.net is still being accepted all over the place.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Brian Miller - File Transfer Potocol

            Or me@home.com, which did exist.

        2. rcxb Silver badge

          Re: File Transfer Potocol

          When logging in as user 'anonymous' and your email as your password, the security of the data is rather irrelevant.

          Not true AT ALL.

          A) You don't want someone to MITM the data, and inject malicious code in there.

          B) Many people don't want their ISP (and everybody else in-between) to see every file they're downloading. On some networks, this is used to prioritize/de-prioritize traffic as well.

          1. ibmalone Silver badge

            Re: File Transfer Potocol

            B. Is probably not really relevant, if you don't want your ISP to see your traffic then don't use FTP (also, if they're de-prioritizing FTP but not the alternatives then that seems like an own-goal). A is the more important concern, FTP is largely used for publicly available things now (driver updates, software packages, manuals) and you don't want malicious content added.

          2. Anonymous Coward
            Anonymous Coward

            Re: File Transfer Potocol

            Most software distributions (whether htttp(s) or ftp(s) use cryptographic checksums

      2. Anonymous Coward
        Anonymous Coward

        @MiguelC - Re: File Transfer Potocol

        For my own curiosity, could you please point us to 2 or 3 well known, highly publicized cases when someone armed with a sniffer intercepted traffic and managed to steal information ?

        Like many other protocols that are exchanging information in clear text, it's up to you as a professional to secure the information. Unless you're trying to warn us FTP is being now used by clueless monkeys.

        1. Claptrap314 Silver badge

          Re: @MiguelC - File Transfer Potocol

          The Internet has been used by clueless monkeys since the 70s.

          There. You've been warned.

          1. boltar Silver badge

            Not really

            The internet was used by people who knew what they were doing until AOL and Compuserve connected to it and the WWW/browser was invented back in the 90s. Before that you HAD to know what you were doing or you'd get nothing done because using command line FTP, gopher, telnet, usenet news, archie, WAIS etc was non trivial.

            1. Claptrap314 Silver badge

              Re: Not really

              As soon as the universities started letting grad students on, you had September madness.

              But before that, an analysis of APRANet traffic will confirm my earlier claim.

              1. jake Silver badge

                Re: Not really

                Having been there, and held the hands of the professors, grad students, students and a few hangers-on in the early days, I can confirm Claptrap314's comment as being correct. Clueless monkeys have been a part of TehIntraWebTubes experience since the year dot.

                Only stands to reason. It's a cross-section of Humanity, innit.

      3. GnuTzu Silver badge
        Meh

        Re: File Transfer Potocol

        It's a matter of choices. Running up an FTP server is easier than running up a web server. But, supporting FTP's combination of TCP and UDP in networks with certain kinds of security controls, such as firewalls, proxies, IDS/IPS, etc. things get just a bit messy. I'd rather run up an Apache server (and harden it appropriately) rather then put an FTP service on the Internet.

        FTPS and SFTP are both in their own way better that plain old FTP, and there are plenty of server options to make them tolerable, but they to have their drawbacks. From a support and security perspective, I'm happier with HTTP alone.

        1. Nate Amsden

          Re: File Transfer Potocol

          FTP is still often easier for uploading files(proper ftp client not web browser). Web is easy for downloading stuff but finding a good web application to support uploads, setting it up etc is probably more complicated than ftp. I have used owncloud for this purpose but as far as I know even now the community owncloud has no auditing abilities, so no way to see what user is uploading or downloading(and the web logs just show the urls not the username which is internal to owncloud). It was(probably still is) an option in their enterprise offering though.

          FTP is easier still for automated uploads or even automated downloads. I have loved tools like ncftpget, ncftpls, etc for those purposes. Managing uploads and downloads through web apps (javascript etc) via CLI scripts is well beyond my skill set.

          sftp works too usually though more complex than ftp. I setup automated sftp downloads for paypal reports sometime last year and it took quite a bit of effort(relative to ncftp tools), didn't help that paypal's sftp servers would reliably randomly fail(at least 25% of the time), and they didn't support key authentication(maybe they do now), so I had to have the script retry automatically 5 times if it failed.

          I setup as secure as I could sftp system for another organization to upload log files. Had to run a ssh service on a custom port with custom configs, combined with a bind mount to a remote file system to store the data to make it as secure as I could anyway(allows sftp only not a ssh shell). It works fine, but way more complex than regular ftp. At least they could use ssh keys to authenticate.

          I don't use chrome so this change doesn't really affect me, and my usage of ftp itself in general is low anyways.

          1. doublelayer Silver badge

            Re: File Transfer Potocol

            "FTP is easier still for automated uploads or even automated downloads. I have loved tools like ncftpget, ncftpls, etc for those purposes. Managing uploads and downloads through web apps (javascript etc) via CLI scripts is well beyond my skill set."

            Automated uploads maybe, but automated downloads over HTTP are easy. Curl or wget will do it just fine. Sure, there are sites out there that require certain other things to get access to the file such as captchas or negotiating several scripts, but those sites won't have run an FTP server anyway. If you mean bulk downloads, a basic HTTP spider is about eight lines of a scripting language and ones with varying feature sets are available from your package manager if you don't want to write the base.

            For uploads, curl can also make post requests and handle all the heavy lifting HTTP. requires, including HTTPS. Depending on the structure, the site you're using isn't guaranteed to make it very easy to do what you want, but if it's one you could have used FTP for, I'm guessing they've put some thought into it.

          2. NATTtrash Silver badge

            @Nate: File Transfer Potocol

            If you did like OwnCloud, but missed an "admin dash" to track up/ downloads, take a look at ProjectSend here or on GitHub here. From what I have played around with it, it might not have all the bells and whistles of OwnCloud (or NextCloud), but it focusses on up/ download and is nice and small. And it has an admin dash to track activity. Then again, this is something that has php as its engine, and as many have shown, this can be a consideration/ worry on the security side. As always, it depends on your use case.

          3. Joe Montana

            Re: File Transfer Potocol

            FTP doesn't support authentication via keys either...

            And SCP is probably easier to automate than SFTP:

            scp file user@host:/path/to/destination/file

            1. Jay 2

              Re: File Transfer Potocol

              The catch with scp is that unless you lock things down a bit server side it will allow people to ssh in too. Which isn't ideal. sftp on the other hand isn't going to let that happen. A little bit more work either side, but a lot more secure and tweakable.

        2. Anonymous Coward
          Anonymous Coward

          Re: File Transfer Potocol

          > FTPS and SFTP are both in their own way better that plain old FTP, and there are plenty of server options to make them tolerable, but they to have their drawbacks.

          One of the biggest drawbacks with FTPS is that encrypting the control channel prevents firewalls from eavesdropping on data port commands, which breaks dynamic ACL/NAT logic for those secondary connections.

          There are some ways around the issue, like telling the client to revert back to unencrypted control channels after authentication (see: CCC) or sticking with "passive" inbound data channels on a limited range of ports, but each comes with its own set of issues.

          I had the [mis]pleasure of supporting FTPS for a finance company, so the CCC method was not an option. Worse, we were load-balancing several FTPS servers, so I had to find another way to glue the control and data channels to the same back-end server. I found that source IP address persistence did a well enough job for most customers, but a few had to muck things up by using a load-balanced outbound proxy server pool on their end. We used a /24 persistence mask so proxies on the same class-C were seen as a single client, but a few had to be cute and spread their proxy servers across totally unrelated ranges, which broke persistence. We had to set up a non-balanced FTPS server just for them. Total PITA.

          1. Blane Bramble

            Re: File Transfer Potocol

            "One of the biggest drawbacks with FTPS is that encrypting the control channel prevents firewalls from eavesdropping on data port commands, which breaks dynamic ACL/NAT logic for those secondary connections."

            The usage of data port is one of the biggest flaws in FTP, why you would want to encourage the use is beyond me. The concept was used back when there was a serious limit on the number of socket connections to a specific port, often limited by the size of the bit mask for the select call. This is no longer a restriction. When a web server can handle thousands of connections over a single destination port, why does a file transfer protocol need to change ports on the fly, just use the well-known port like a sensible protocol.

            1. Joe Montana

              Re: File Transfer Potocol

              Use of NAT is also a big flaw that breaks more things than just FTP...

              Move to IPv6, give each FTP server it's own address, use IP the way it was designed - end to end addressing.

              The reason FTP uses separate data connections is so you can do FXP - open two control connections to two different FTP servers, send a STOR to one and a GET to the other and tell the two servers to talk directly to each other without the data having to be pulled down to your connection and then uploaded again. This was especially useful in the days of extremely slow connections, but is still useful today where you might have servers with multi gigabit connections to each other, but clients on asymmetric connections with poor upstream performance, clients on mobile connections, clients with small data caps etc.

        3. hmv Silver badge

          Re: File Transfer Potocol

          UDP? Since when did FTP start using UDP?

          And FTPS is FTP (with TLS). It's the same protocol with an extension to support encryption.

        4. John Brown (no body) Silver badge

          Re: File Transfer Potocol

          "I'm happier with HTTP alone."

          Is that any more secure than FTP?

      4. Flywheel Silver badge

        Re: File Transfer Potocol

        There was security at the time, but only because FTP was designed to move data between known, trusted servers run by the same DARPA(?) department (like a private wire). so your point's kinda valid :)

      5. hmv Silver badge

        Re: File Transfer Potocol

        FTP is reasonably secure providing you use TLS to encrypt the control channel (and the data channel(s)) and prohibit plain text control channels. It's inconvenient to process on firewalls without TLS inspection (the ephemeral ports used for data channels are negotiated over the control channel and if the firewall can't see those it can't open them on the fly).

      6. John Brown (no body) Silver badge

        Re: File Transfer Potocol

        Yes, that's true, but there are times when you are happy to use a post-card instead of a letter inside an envelope. Replacing old protocols can have other intended consequences. eg, sit down in front of almost any network connected computer and there are certain functions that you can perform out of the box. Try and remove "old" protocols because of $reason and you take away the certainty.

    2. gerdesj Silver badge
      Gimp

      Re: File Transfer Potocol

      ftp was originally designed with a separate data and control channel. You'd set up a connection on port 20 to describe what happens on port 21. Massively wasteful and just bollocks. Even worse is that a passive version had to be invented to deal with NAT. It can shuffle data fine but the session setup and so on is a bit naff. SMB and NFS can move data at a similar rate but have a few other niceties added on, like usability.

      cf. SIP ...

      1. Kevin McMurtrie Silver badge

        Re: File Transfer Potocol

        And you never know what will happen if you issue control channel commands while the data channel is in use - or what happens if one connection drops. It's a make-it-up-as-we-go protocol with lots of awful implementations spanning decades. I cringe when I see it used commercially.

      2. Joe Montana

        Re: File Transfer Potocol

        FTP worked just fine with the way IP was always designed, NAT is a horrible kludge that breaks things.

      3. Nate Amsden

        Re: File Transfer Potocol

        SMB and NFS certainly can't move data at a similar rate over the internet. SMB and NFS are made for local connections, and in general are more vulnerable than FTP.

        Don't get me wrong I love NFS(v3 only) for file sharing locally.

    3. disgustedoftunbridgewells Silver badge

      Re: File Transfer Potocol

      It doesn't work as well as it did in the 1970's.

      In the 1970's the only method of transferring files ( what became known as active mode ) mostly doesn't work nowadays due to firewalls and NAT.

      Passive mode works pretty well still. Without encryption, of course.

      1. LDS Silver badge

        "Passive mode works pretty well still. Without encryption, of course."

        With encryption too. Many servers have now configuration options to let them work even when they are behind a NAT - i.e. you can set the FTP server external IP address so the server will send the correct IP to the client itself, and NAT doesn't have to mess with the data (so any such "feature" should be disabled), and they will let you to select a range of ports that need to be forwarded - which is better than a blank access to all ports (above 1024).

        For the matter, no server should work due to the firewall *until* the firewall is specifically configured to let traffic in...

    4. CrazyOldCatMan Silver badge

      Re: File Transfer Potocol

      If still works today as it did way back in the 1970's

      And is a hell of a lot more efficient than using http/https..

      (And, if you are worried by security - use ftps or sftp)

    5. phuzz Silver badge

      Re: File Transfer Potocol

      Chrome is a web browser, if you want a simple way of downloading files with it, use http(s).

      If you want to upload files use an actual (s)ftp client (or scp etc. etc.).

    6. bombastic bob Silver badge
      Meh

      Re: File Transfer Potocol

      there are a *LOT* of archive sites out there that use FTP... so if you're doing RESEARCH, and the information is "old" [but perfectly valid and useful], it's a fair bet that you'll need FTP at some point.

      Sorry, google, you lose on THIS one.

      "New" isn't necessarily "Better" after all

      1. John Brown (no body) Silver badge

        Re: File Transfer Potocol

        "there are a *LOT* of archive sites out there that use FTP... so if you're doing RESEARCH, and the information is "old" [but perfectly valid and useful], it's a fair bet that you'll need FTP at some point."

        Yes, this. It's not a good idea to remove the lowest common denominator. Common being the operative word here.

    7. Charlie Clark Silver badge

      Re: File Transfer Potocol

      I think the issue is whether the browser should support it. Most websites with an FTP listing have been able to show this as HTML for years and I've never wanted to upload to FTP in a browser.

      1. jake Silver badge

        Re: File Transfer Potocol

        "I've never wanted to upload to FTP in a browser."

        More times than I can count I've needed to transfer a file to a system with an existing FTP server from a system without a stand-alone FTP client, but with a browser. Sometimes you are stuck with the tools at hand and have to get the job done. People like the gookids emasculating tools just because they want to (they certainly don't have a logical reason to remove the capability!) is counter productive in the great scheme of things.

  3. steelpillow Silver badge

    Still in use, just

    Have to say I mostly only use FTP because I am too lazy to switch to SFTP. But a couple of websites I use still offer it as the only way to upload very large files. Let's hope this prods them into upgrading their secure upload.

  4. Karl Vegar

    No problem.

    For anything I'd like to collect from the wild web, I'd like something more secure then FTP myself.

    And for any more serious file transfer one could use FTP for, why use your browser, there are better clients around. (And they usually support SFTO, SCP in addition.)

    But I guess it will live on for a lot of local stuff.

    PXboot, Wyse config files and similar. And probably a load of IOT stuff that really should know better.

  5. IGnatius T Foobar ! Bronze badge

    Google's rationale...

    "...because nobody EXCEPT US should be allowed to snoop your traffic!"

  6. This post has been deleted by its author

    1. ibmalone Silver badge
      WTF?

      Wait, OneDrive lets you authenticate over FTP?

      1. ibmalone Silver badge

        Having now looked into it a bit, Filezilla Pro, WinSCP and others will talk to OneDrive, but it's likely they're not using FTP to do so. WinSCP is using WebDAV (you'd hope over https). What Filezilla is using doesn't seem to be listed anywhere, but as it's a Filezilla Pro feature and requires selecting "OneDrive" as the protocol I'll guess it's not FTP. This is quite useful to know if you want a bulk transfer method.

  7. Elledan Bronze badge
    Coat

    Guess I'm a fossil, then

    The rationale for removing features like FTP support is usually 'nobody uses it any more' and 'it's a security risk because it's not encrypted'. That seems to go hand-in-hand with wanting to disable HTTP support and switching everyone to HTTPS.

    In the olden days, when Netscape 4.7x was still relevant, and the thought of tabbed browsers not a spark in anyone's imagination yet, encrypted comms was something you used when you had sensitive data to hide, like your shopping data and creditcard details, or your online banking sessions. Now it seems everything has to be encrypted, including those cat pictures you just downloaded after a friend sent you some links via (encrypted) email. Because imagine if someone read those things.

    Your boss would be at your desk in the morning, foaming at the mouth as they slam a stack of incriminating photographic evidence of those cat pictures on your desk.

    Let's ignore for a moment the irony that in those olden days everyone told you to never use your real name online or give anyone any personal details about you. Now we have Facebook, Twitter, et al. and the rush to spill as much of our personal lives on those sites including every detail about our offspring (who haven't consented, obviously). And Facebook et al. will never suffer an embarrassing data breach or bug that makes all 'private' data 'public'. Obviously.

    What good is end-to-end encryption, Mr. Anderson, if both ends are leaky like a sieve?

    Guess I'll be over in the ol' Greyboards corner, using my 'legacy' browsers, like Pale Moon, with its quaint 'plugins' and 'FTP' support.

    Obviously my jacket is the one with the 'senior citizen' card in the pocket.

    1. Julz Silver badge

      Re: Guess I'm a fossil, then

      No, let's not ignore the the irony. What about it.

      Why do the same people who spaff all their personal details willy nilly across the interweb by using uncounted apps and antisocial media sites, get all holier than thou, about a perfectly fine protocol that does exactly what it says on the tin. No more, no less.

      I'll join you in the corner making informed choices about data and how it is handled.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why do the same people who spaff all their personal details willy nilly

        I think it's the fear of death.

        ...

        no, really, they desperately try to stay relevant, disruptive, innovative, at the cutting edge of yet another pointless "breakthrough". It shuts out this unpleasant thought that, at some point, and usually rather sooner than later, all this daily, hourly, momentary obsessive news checking and status updating, bustling and energizing and busying - stops.

        btw, despite slight disapproval at such childlike bahaviour, I get all that very well, I was like that. Once ;)

    2. This post has been deleted by its author

    3. The obvious

      Re: Guess I'm a fossil, then

      Google’s rationale is “can we virtually wipe every implementation off the planet?” or “can we harvest loads of juicy data to make a profit?”

      If both of those are “no” then in the bin it goes. If they manage the first, and the second is still “no” *then* they bin it...

    4. Squared
      Big Brother

      Re: Guess I'm a fossil, then

      I think you misunderstand the point of encrypted communications on today's Internet.

      The reason we went from "encrypt sensitive info" to "encrypt everything" is primarily because (most) encryption also provides authentication.

      The average user's threat model has changed from hackers pointing an antenna at their bedroom window to governmental surveillance & censorship, leaky and unsecure network endpoints at the nearest coffeeshop, and the occasional proxy rewriting news articles on the fly.

  8. Duncan Macdonald Silver badge

    If FTP is disliked what about TFTP ??

    Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting.

    A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.

    1. Sandtitz Silver badge
      Meh

      Re: If FTP is disliked what about TFTP ??

      "Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting."

      What's TFTP got to do with Chrome or other web browsers?

      A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.

      While my web browser FTP usage is pretty low these days, I don't understand what Google gains here by removing the minuscule FTP code portion from the Chromium tree. FTP is a stable, well understood simple protocol. The code probably is quite free of errors and likely requires very little housekeeping between versions.

      Can I live without FTP on a browser? Probably.

      1. John Brown (no body) Silver badge

        Re: If FTP is disliked what about TFTP ??

        "While my web browser FTP usage is pretty low these days,"

        Like you, a number of people have said that. I was thinking the same. Then a thought struck me. If I click a download link, I rarely look and check HOW the file is being downloaded. For all I know, a sizeable chunk of my downloads might be FTP links. The browser doesn't pop up a windows stating that, nor does the file download windows appear different. Maybe I'll check a bit more carefully in future.

    2. Martin Gregorie Silver badge

      Re: If FTP is disliked what about TFTP ??

      No need to bother with HTTP/S and other such if you're moving on from FTP because many of the better FTP clients also support SFTP - that's an SSH variant so is encrypted - as well as FTP.

      If you're lucky, your favourite FTP client is one of them - in my case that's gFTP and it handles SFTP just fine, though it calls it SSH2. Same goes for FileZilla.

      1. ibmalone Silver badge

        Re: If FTP is disliked what about TFTP ??

        What I've always been slightly uneasy about with SFTP is it requires giving users a shell account, despite the initials it's quite a different beast to FTP.

        1. bombastic bob Silver badge
          Meh

          Re: If FTP is disliked what about TFTP ??

          correct - an anonymous FTP site that ONLY allows downloads is reasonably secure. SFTP, on the other hand, gives you access to the shell, and if you don't set it up properly you can basically expose a shell to anyone who uses it... might as well include ';ssh' 'scp' and 'rsync' with your server offerings, and if you can manage to lock THOSE down in a reliable and trustworthy manner, thumbs-up to you.

          But for an archival data site - anonymous read-only ftp works JUST fine!

          ["they" got rid of gopher in a similar manner - "they" forget that not ALL of us are windows-using content consumers]

    3. Sgt_Oddball Silver badge

      Re: If FTP is disliked what about TFTP ??

      Ugh.... Had to use it for the first time to get some Cisco access points updated with new firmware.

      Admittedly it was a pretty painless process but completely unsecured. Thankfully it was via a console cable so I doubt anyone else would get away with buggering around with it since that requires standing on tables with proprietary rj45 to rs-232 to usb cables plugged into the AP and a terminal machine.. Usually muttering dark thoughts after it fails for the 5th time.

    4. Daniel von Asmuth
      Coat

      Re: If FTP is disliked what about TFTP ??

      TFTP is rare on the Internets.

      It's time for Google to disable those failed protocols HTTP and HTTPS.

  9. Grogan

    Google started making noise about this some time ago, and it was then that I dropped all Chrome(ium) based browsers and went back to Mozilla Firefox.

    There are still FTP download links out there. Some driver downloads for Windows still use FTP at the back and, and there are plenty of times I click to download a tarball from ftp servers.

    FTP is a good protocol for downloading. For one example... it inserts control markers in the stream for reliably resuming transfers. Firefox has limited support for resuming http(s) transfers, if the download fails. If it stalls and you cancel, it's game over. Chrome? Not at all.

    Google doesn't get to control my Internet.

  10. Dave 32
    Coat

    Archie

    Won't someone think of archie?

    Oh, well, I suppose the gopher is dead, along with jughead and veronica. :-(

    Dave

    P.S. I'll get my coat. It's the one with the gray beard hairs on it.

    1. jake Silver badge

      Re: Archie

      Gopher & Veronica are alive and well. See gopher://gopher.floodgap.com/1/v2 [0]. You might need a browser that doesn't stifle your choice of protocols ... may I suggest Mosaic?

      Also, my Great Aunt is not quite done publishing her life's story in Gopher. When I started teaching her, it seemed like the easiest option for what she was trying to do. That was 27 years ago, when Auntie was a sprightly 77ish.

      [0] Sorry. ElReg, in it's infinite wisdom, won't let me make that a link.

  11. rcxb Silver badge

    I used FTP just yesterday. com.mbapp.ftpserver.apk (WiFi File Transfer for Android)

    How would YOU transfer half a gig of data to an (Android) Fire TV stick? Put it on a web server then try to type in a URL via on-screen keyboard and remote control in a rather limited web browser? Nope.

    There is SimpleSSHD (which includes "rsync), but the encryption overhead on Android (Arm CPU) devices sure slows transfers down.

    com.mbapp.ftpserver isn't riddled with ads, doesn't have file-size limitations, and doesn't require a modern web browser on either end. Just run the app on one end, and copy the files via the command-line FTP client on the other.

    1. doublelayer Silver badge

      That's a perfectly fine method of file transfer, but you have various other options that don't require uploading or long URLs. Here are a few:

      1. On a machine, put up a simple webserver pointed at a directory in which the file is placed. Type the IP address only, and click the link on the directory listing page.

      2. Use an SSH client to SCP the file over.

      3. Access a local network share if you run one.

      4. Use a Bluetooth file transfer system (in many cases, bandwidth is surprisingly good).

      5. Use a cable if supported. It would work well on Android phones or media servers I've used before, but I don't know if you have that option with the Android TV device.

      Basically, any of these should be equally fine because you trust the network and both devices. Therefore, go with whatever's easiest at the time. It's only when you are operating over a network where interception or modification of the data is a worry.

  12. LDS Silver badge

    "FTP doesn't encrypt its traffic"

    Nor HTTP, SMTP, IMAP, POP.... but all of them, including FTP - can run inside a TLS connection.

    I routinely use FTP over TLS to let download/upload stuff from my remote servers. Often, it's better than giving an SSH user to some people - with FTP they are more "sandboxed". And it's more practical than WebDAV, and the footprint and attack surface of a FTP server is usually smaller.

    Still, no need to use FTP from a browser but when forced to.

  13. rcxb Silver badge

    Active and Passive

    The low-level details of FTP are ridiculously complex. It opens a control channel on port 21, simple enough. But then when you want to transfer a file the server side makes a request to port 20 on the client... Which modern firewalls (or NAT) don't allow. So PASV mode was invented, which lets the client make a second connection to the server, but on a RANDOM PORT, so that makes it a nightmare to reasonably firewall the FTP server systems. Most firewalls get around this by running an FTP proxy right on the firewall, because there's just no other way... No other protocol in use today is so crazy and convoluted. The old rsh/rlogin/rcp commands/protocols are a good candidate, though, but almost extinct, where FTP keeps going.

    It's a shame nobody ever put together a command-line file transfer client for HTTP transfers. HTTP has got more error/status codes than FTP, supports uploads and downloads, authenticated and anonymous connections, etc. HTTP/1.0 was a perfectly simple protocol, too. Would love to have command-line file transfers over HTTP, without crufty old FTP design decisions.

    1. Dwarf Silver badge

      Re: Active and Passive

      I take it you haven't heard about wget and curl then ?

      1. rcxb Silver badge

        Re: Active and Passive

        Do either of those have "dir" "mget" and "mput" commands?

    2. disgustedoftunbridgewells Silver badge

      Re: Active and Passive

      "it's a shame nobody ever put together a command-line file transfer client for HTTP transfers"

      I assume you don't mean wget/fetch/curl, so what do you mean by that?

    3. bombastic bob Silver badge
      Linux

      Re: Active and Passive

      yeah, the NAT stuff was worked out like 2 decades ago via netfilter, and similarly in other OSs. it's not that hard, really, to alter TCP frames and their related ACK packets. Check out the ftp protocol NAT handler for netfilter some time. Really NOT that complicated, ya know? [unless some DWEEB rips the utility functions out of netfilter, because it's "old fashioned", which would probably send Linus into an explosive meltdown]

      And, as we all know, a YUGE number of NAT routers are running Linux, and NAT'ting with netfilter.

  14. J.G.Harston Silver badge

    Who on earth uses a *BROWSER* for file access to a server? That's the very point of FTP. *FILE* transfer.

    1. GruntyMcPugh Silver badge

      @J.G.Hartson

      Eh? You for example, have a web site to advertise your cool offering, be it software, images, music, whatever, then, being a kind and gracious soul, you give these away for free,.... so, you put an ftp:// link to said merch in your html, so peeps can just click on it and get the goodies. Do you expect folks to have to follow instructions, like open a CMD window (oh, wait, what if they are on a Mac or Linux, you need more complex instructions) then tell them the ftp address, and folder, and GET command?

      Hmm, or they just click.

    2. Dan 55 Silver badge

      The idea was that URIs were just that, universal, and browsers understood URIs themselves or opened another another client passing all the parameters given in the URI so everything just worked.

      Now they're just a HTTPS client (and HTTP, but maybe that'll be next on the chopping block).

  15. Denarius Silver badge

    and in the office

    so often FTP is the only way files can be moved to the abomination (no flames please) of a mainframe where it is too hard for the admins to map a linux instance filesystem into a dataset so one can use scp/rsync/sftp. Zos probably does have a native ssh client now, but for decades, legacy systems which hang around long after Use By Date has passed, have to be integrated into the ruins of Open Systems. FTP meets that need. Aside from all that, it is faster for big files with lower overheads, That still matters given how little budget is given to maintaining hardware these days..

    1. jake Silver badge

      Re: and in the office

      One of my mainframes runs Linux.

  16. a_yank_lurker Silver badge

    Usage

    I haven't used FTP for several years at least knowingly. But if I need to use it there is Filezilla.

  17. Chairman of the Bored Silver badge

    Whippersnappers!

    UUCP. That was a real man's file transfer protocol. Store-and-forward message passing over dialup connections. Plus email and netnews in one go! Try that with this newfangled ftp stuff!

    Admittedly most people only experienced the joy of using these tools through uudecoding pictures of, er, kitties they downloaded from Usenet using rn in the late 80's

    I'm getting seriously old.

    1. Uncle Slacky Silver badge

      Re: Whippersnappers!

      UUCP! Pah! We used to dream of UUCP! Try remote system admin and sending uuencoded binaries via CU...

      1. Chairman of the Bored Silver badge

        Re: Whippersnappers!

        @Slacky - remote automated management over cu? That's badass CLI work. Try that with a browser! Me? All I could get cu to do was keep a dialup line connected despite a flaky PBX.

        Involved cursing and lots of rtfm, but I'm a stronger man for it.

      2. Anne-Lise Pasch

        Re: Whippersnappers!

        CU? bah. ITP PAD!

        1. jake Silver badge

          Re: Whippersnappers!

          It's not CU, it's cu. CaSe matters ... regardless, I always preferred tip for scriptability reasons (I forget why exactly) ... at least until minicom came along.

    2. jake Silver badge

      Re: Whippersnappers!

      UUCP is still in use in the back-ends for large email and USENET operations. I'll leave it as an exercise for the reader as to why.

    3. GruntyMcPugh Silver badge

      Re: Whippersnappers!

      @Chairman of the Bored

      Ah, UUCP! before we 'Internet' access, I worked at a Polytechnic, and we had JANET so I had access to the HENSA software archive,... we could interactively browse for stuff, but then had to schedule a UUCP transfer to get the .zip. Then I had to go to the PC I wanted it on, and ftp it down from the VAX.

      Then I could explore the glorious craziness of the Mandelbrot set with 'Fractal Explorer'.

      1. Chairman of the Bored Silver badge

        Re: Whippersnappers!

        My uni had some sort of multiple personality disorder going on: IBM mainframe + VAX + Sun. UUENCODE was my friend, along with the conv options in dd. I miss the VAX but at the time would not have minded if a small incendiary bomb took out the IBM

  18. Anonymous Coward
    Anonymous Coward

    FTP - I've heard of it

    That's a file transfer protocol that doesn't used uniquely identifiable tracking cookies - I wonder why Google wants to kill it ?

    1. Cynic_999 Silver badge

      Re: FTP - I've heard of it

      Also doesn't support pop-up ads

  19. RB_

    anon@penet.fi

    anon@penet.fi is all I need to say. A fond memory!

    Back in the day (early 90's) you must remember that grabbing files that may have been > 1 MB in size was a complete ass-pain, and with the bandwidth of a 14.4K modem you appreciated the efficacy of ftp over other emerging 'net protocols like http. The right tool for the job was critical back then. Ok things have moved on but there were good reasons for ftp.

    I can understand (google) getting rid of it from Chrome, just not the reasoning. It would be better to say that they can no longer realistically support something that, frankly, a developer under the age of 40 will not wish to touch even if you paid them well. Why would you ?

    1. jake Silver badge

      Re: anon@penet.fi

      That was anon.penet.fi ...

    2. Dan 55 Silver badge

      Re: anon@penet.fi

      It's a far cry from ftpmail gateways, jumpers for goalposts, isn't it? Mmmmm. Marvellous.

    3. JimC

      Re: anon@penet.fi

      Ah yes, the system that first brought the realisation to me that anonymity on the internet was going to be 1% legitimate and 99% abuse. And that the people running such things would have their heads so far up their metaphorical posteriors that they wouldn't give a flying **** about the abuse. And so it has turned out...

      1. Anonymous Coward
        Anonymous Coward

        Re: anon@penet.fi

        Ah! But there were some gems in that 1pct of non-crap anon.penet.fi users. In the early nineties there were a number of Usenet groups where survivors of abuse would congregate, discuss, support each other. Anon.penet.fi provided truly precious anonymity for people still in very vulnerable situations. I'm truly thankful.

        Then the spammers ruined everything. Pigs always eat the roses.

    4. bombastic bob Silver badge
      Flame

      Re: anon@penet.fi

      "an ARROGANT developer under the age of 40"

      fixed it for ya!

      <rant>

      There are PLENTY of the arrogant developers under 40 out there. They do things like changing the UI into something THEY *FEEL* (not think, not customer want) is "better", THEN cram it down everyone's throat and call it "modern". And don't forget the constant 'feature creep' in otherwise useful applications until they becomes unmanageable bloatware, etc.. And, like with FTP in Chrome, they REMOVE features they don't use (or understand) because they *FEEL* they should. Nevermind what CUSTOMERS (i.e. end-users) want! Or, NEED...

      </rant>

  20. herman Silver badge

    FTP is still important to Windows users

    Anonymous FTP is still one of the two network file protocols that Windows can handle by default.

  21. sum_of_squares

    Such a fuss..

    There's no need for FTP when there's SFTP.

    That said, there's no need to abandon FTP and not keep it for backwards compatibility reasons.

    1. bombastic bob Silver badge
      Meh

      Re: Such a fuss..

      "There's no need for FTP when there's SFTP."

      _WRONG_. SFTP doesn't work anonymously. The SFTP login allows shell access (more or less) as well as access to the ENTIRE file system, not just a pre-defined tree. It would be MUCH MORE difficult to secure and lock down SFTP than it would to simply allow "no uploads" anonymous FTP to access a specific tree and NOT the entire file system!

      If you upload, yes: sftp gives a LOT of control and security to the person uploading. It also gives him access to the ENTIRE machine's file system. That's not a very good thing, really....

      For uploads I like handling them as 'POST' transactions. There are a few scripts out there (Perl CGI or php, your choice) that let you set up a server to accept file posts. Then a human would have to review the files and do something with them, unless you WANT scammers to upload their crap to your anonymous FTP and then reference it via an alias within an ad or spammed e-mail - not to mention MALWARE and worse things.

      So - ftp is FINE for anonymous download ONLY. For anything else, take the time to set up sftp or use some OTHER method (like file POST via http).

      1. Grogan

        Re: Such a fuss..

        Yep, it's a user login. It's basically a subsystem launched by sshd. If you give users a shell that allows them access to the whole machine (no jailing of any kind, relying solely on filesystem permissions), they will have the same access with SFTP that they do with a SSH shell. It's really not for public downloading.

        I've seen (stupid) clients that restrict access to files you own when making use of SSH2/SFTP protocols but if you can log in with that, you have shell access anyway.

        Also, it's not at all like FTP. More connection overhead and no control markers in stream for resuming transfers. It's not a replacement for FTP. I use the standard sftp client (I like it... takes wildcards and uses most shell conventions) to transfer files to/from servers but if anything happens you're starting over with that 8 Gb tar archive backup etc.

  22. Spanners Silver badge
    Childcatcher

    Tried FTP in a browser - didn't like it.

    It was fiddly and awkward so I went back to using it from the command prompt.

    For the last few years, I haven't even needed to do that as it has quietly faded into obscurity...

    I suspect that the children here (IT workers under 30) wouldn't have a clue!

  23. Muscleguy Silver badge

    Listen up youngsters

    Gather round kiddies and Uncle Muscleguy shall tell of life before the Web. It wasn't all just email (ListServe) or Usenet*. There was, at least on the Mac, FETCH an FTP browser. People would put stuff in FTP repositories. Picture files for prettifying your folders or icons, clip art and of course Free and Shareware games. I got a lot of games that way including the Exile series whcih became Avernum by SpiderWeb Software. I think I got my first desktop version of Angband by Fetch as well. The Mac version of course had an eager dog as the icon and telling it go Fetch would cause it to run. It was a simpler, more pixellated time.

    No Bobby the Planck length wasn't longer.

  24. Luiz Abdala Bronze badge
    Gimp

    GetRight STILL has a full FTP client.

    I have GetRight since the dial-up era.

    It has a full FTP client, where you can fill the e-mail and password you want, it recreates a folder structure for you to peruse, and you see the FTP command-lines wheezing by as you click on stuff you want to upload and download.

    Plus, as the original intent, it can download the same file from 4 or more places (or 4 chunks from the same throttled server), checks CRC on the file, and you still COULD send the file straight to an antivirus tool as you downloaded.

    And of course, batch jobs, downloading lots of files using few ports....

    Meanwhile, all FTP servers I see these days have a HTML mirror page reproducing the FTP structure... so... these worked on a NETSCAPE NAVIGATOR.

    But Chrome wants to force you to use Google Drive, so no.... [snip].

    I'm pretty sure you don't need Chrome to do FTP, plenty good clients out there...?

  25. STOP_FORTH Silver badge
    Trollface

    Use Firefox!

    I used to use Fireftp, don't know if it is still a thing. Perhaps one of you could find out and write a curt/dismissive reply?

    1. tiggity Silver badge

      Re: Use Firefox!

      That was one of many addins that was nobbled in newer firefox when it killed old style addins

      .. and fireftp cannot be rewritten in new addin model as needs low level stuff that is unavailable.

      So, use Filezilla or some other file transfer tool (or use a very old version of firefox)

  26. Allan@#$_&-+()

    I just upgraded to Chrome 80 on Linux and FTP still works without doing anything special at all.

  27. JDX Gold badge

    I like FTP

    But I am used to using a dedicated client for it. Just the other day people were complaining that modern browsers are distracted from BROWSING with WASM et al. Surely the browser was never really intended as a FTP client either? I mean it's handy but generally browser implementations are really lame.

    Right tool for the job.

  28. Mike 16 Silver badge

    What next?

    Are they going to drop support for BITNET?

    How will I move my virtual card decks to my friend's virtual card reader?

  29. dboyes

    Maybe these toads need to get beyond the Unix/Windows would and deal with the real world

    The Google folks don't get out much, do they? If you have to deal with non-Unix systems, ssh and sftp are not widely available, and it's not a trivial coding exercise. FTP has been mandated as part of the TCP client suite since the 1970s, and can be relied on to be present everywhere (you may not run it, but you can bet the business do).

    For Mike, NJE over TCP isn't that hard to implement. It works just fine, supports encryption, and is completely documented. Unlike ssh/scp/sftp. If you have to look at the source code of another implementation, it's not ready to be a proper Internet standard.

  30. gormful

    Not again.

    Heck, I'm still trying to get over the demise of Kermit.

    1. jake Silver badge

      Re: Not again.

      I used kermit just last week when dialing into a system with a dead Internet connection. It still worked just fine (and I fixed the Internet connection without having to drive all the way to Merced). It would appear that the reports of kermit's death have been greatly exaggerated.

  31. gnarlymarley

    You can still switch it back on via an option or command line flag (such as --enable-ftp) but, to be honest, why would you?

    The answer is simple.anonymous FTP where people can download without a username or password is where I would care about plain FTP. Now, I can use HTTP instead to do the same thing. There have been some strides to get SSL working with compression, but until it gets good enough, FTP will suffice. Now if you ask further, any file that someone uploads to me that should not be public, has been using SFTP for a few decades now. The main reason why I prefer the plain over the secure is proxy servers can cache the files. Under secure, I do not believe anything should be cached.

  32. ScissorHands
    Devil

    Time to go to ftp.opera.com and download the whole kit-and-kaboodle, since pretty soon you'll need Opera Presto to get to it...

  33. andyL71
  34. David Crowe

    I was working on a shared hosting system and tried to set up SFTP. I was told that they blocked it entirely on their system, because it gave users ssh access, which meant that it was much more than just being able to transfer more securely. So, for a lot of uses, FTP is still the only game in town.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020