Google's Chrome browser will start labelling insecure FTP sites

Ongoing effort to secure all web traffic by Google

Unencrypted FTP transfers will soon be labelled as insecure in Google Chrome, the search giant has announced.

According to a posting on the Chromium Google Groups forum, the move forms part of the firm's "ongoing effort to accurately communicate the transport security status of a given page".

Google employee and Chrome security team member Mike West said that Google would label resources delivered over the FTP protocol as "Not secure", beginning in Chrome 63 (sometime around December, 2017).

"We didn't include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade). Given that FTP's usage is hovering around 0.0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labelling it as such seems appropriate," he said.

He encouraged developers to follow the example of the linux kernel archives by migrating public-facing downloads (especially executables) from FTP to HTTPS.

FTP dates back to 1971 and does not encrypt data passing between clients and servers, this means that traffic can be read by anyone able to perform packet capture on the network. It can be secured with SSL/TLS (this is FTPS), but many browsers do not support this.

"Because FTP usage is so low, we've thrown around the idea of removing FTP support entirely over the years. In addition to not being a secure transport, it's also additional attack surface, and it currently runs in the browser process," said Chris Palmer, another member of the Chrome security team.

As such, it would appear that branding FTP transfers as insecure will not have an enormous affect on the use of FTP, however, for companies still using the rather ancient technique, the labeling could serve as a means to promote them to upgrade and update thier IT infastructure and processes. 

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Google Cloud seeks to abandon its ‘Killed By Google’ reputation
Software

Google Cloud seeks to abandon its ‘Killed By Google’ reputation

27 Jul 2021
Google adds 600 places to Singapore digital skills bootcamp
Careers & training

Google adds 600 places to Singapore digital skills bootcamp

27 Jul 2021
Google Cloud customers can now select regions based on CO2 output
cloud computing

Google Cloud customers can now select regions based on CO2 output

13 Jul 2021
Google replaces Backup and Sync with Drive for Desktop
file servers

Google replaces Backup and Sync with Drive for Desktop

13 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021