Firefox 60 with new preference to disable FTP
Mozilla plans to release Firefox 60 with a new preference to disable support for the FTP protocol. The preference is disabled by default so that FTP sites can still be accessed in Firefox 60.
FTP, just like HTTP, is on its way out. Browser makers, site operators and hosting companies move to newer protocols that support encryption among other things to better protect user data against spying and manipulation.
The next step in the migration from HTTP to HTTPS is the flagging of HTTP sites as insecure in browsers. Google Chrome will do so in Chrome 68, and Mozilla plans to launch it in the Firefox private browsing mode when Firefox 60 is released.
FTPS, also known as FTP Secure, or FTP over SSL, is an extension to the FTP protocol.While most browsers support the FTP protocol, the same cannot be said for FTPS support.
Mozilla, for instance, never implemented the functionality officially in Firefox. In fact, the organization put the FTP protocol on life support more than 2 years ago when it began to resolve security issues exclusively.
Mozilla employe Patric McManus highlighted as much two years ago on Mozilla's official bug tracking site.
We are in a period where ftp is clearly deprecated and in general, making changes to the code is riskier than letting it ride unless there is a patch and reviewer available to make a good judgment about it. So I'm going to wontfix ftp bugs related to enhancements, interop errors, etc.. We will be better off putting our energy into including a different js based ftp stack.
We ran a story back in 2015 that Google and Mozilla might drop support for the FTP protocol in the future.
While Mozilla has not set a date for the removal of the protocol yet, it is a given that Firefox will stop supporting the protocol at one point in time.
The first step towards the goal is the introduction of a new Firefox preference to disable the FTP protocol in the browser. The preferenceÂ network.ftp.enabled is set to true which means that it has no effect on protocol support at this point in time. Firefox users and administrators who want to disable FTP can do so by setting it to false.
- Make sure you run Firefox 60 or newer.
- Load about:config?=network.ftp.enabled in the Firefox address bar.
- Double-click on the preference to set it to false. This disables the FTP protocol in Firefox.
You can reset the preference at any time by double-clicking on it or right-clicking on it and selecting "reset" in the context menu.
Firefox redirects any attempt to load a FTP resource to the default search engine if the FTP protocol is disabled.
I'm worried about sites that do get left behind once browser makers decide to block HTTP or FTP. Not all sites or servers will be migrated, abandoned sites may not for instance, and it is unclear to me whether there will still be options to access these resources in future versions of the browsers.
Granted, it will take years before Mozilla, Firefox or Microsoft pull the plug but as it stands now, that day will come.
Now You: What's your take on this? (via SÃ¶ren)