Google's Chrome browser will start labelling insecure FTP sites

Ongoing effort to secure all web traffic by Google

Unencrypted FTP transfers will soon be labelled as insecure in Google Chrome, the search giant has announced.

According to a posting on the Chromium Google Groups forum, the move forms part of the firm's "ongoing effort to accurately communicate the transport security status of a given page".

Google employee and Chrome security team member Mike West said that Google would label resources delivered over the FTP protocol as "Not secure", beginning in Chrome 63 (sometime around December, 2017).

Advertisement - Article continues below

"We didn't include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade). Given that FTP's usage is hovering around 0.0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labelling it as such seems appropriate," he said.

He encouraged developers to follow the example of the linux kernel archives by migrating public-facing downloads (especially executables) from FTP to HTTPS.

FTP dates back to 1971 and does not encrypt data passing between clients and servers, this means that traffic can be read by anyone able to perform packet capture on the network. It can be secured with SSL/TLS (this is FTPS), but many browsers do not support this.

Advertisement
Advertisement - Article continues below

"Because FTP usage is so low, we've thrown around the idea of removing FTP support entirely over the years. In addition to not being a secure transport, it's also additional attack surface, and it currently runs in the browser process," said Chris Palmer, another member of the Chrome security team.

Advertisement - Article continues below

As such, it would appear that branding FTP transfers as insecure will not have an enormous affect on the use of FTP, however, for companies still using the rather ancient technique, the labeling could serve as a means to promote them to upgrade and update thier IT infastructure and processes. 

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Google Cloud and Orange team up on AI and cloud computing
cloud computing

Google Cloud and Orange team up on AI and cloud computing

28 Jul 2020
Google to build subsea data cable linking the UK, US and Spain
Network & Internet

Google to build subsea data cable linking the UK, US and Spain

28 Jul 2020
Big tech antitrust investigation report expected by early fall
Policy & legislation

Big tech antitrust investigation report expected by early fall

24 Jul 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020