IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google's Chrome browser will start labelling insecure FTP sites

Ongoing effort to secure all web traffic by Google

Unencrypted FTP transfers will soon be labelled as insecure in Google Chrome, the search giant has announced.

According to a posting on the Chromium Google Groups forum, the move forms part of the firm's "ongoing effort to accurately communicate the transport security status of a given page".

Google employee and Chrome security team member Mike West said that Google would label resources delivered over the FTP protocol as "Not secure", beginning in Chrome 63 (sometime around December, 2017).

"We didn't include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade). Given that FTP's usage is hovering around 0.0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labelling it as such seems appropriate," he said.

He encouraged developers to follow the example of the linux kernel archives by migrating public-facing downloads (especially executables) from FTP to HTTPS.

FTP dates back to 1971 and does not encrypt data passing between clients and servers, this means that traffic can be read by anyone able to perform packet capture on the network. It can be secured with SSL/TLS (this is FTPS), but many browsers do not support this.

"Because FTP usage is so low, we've thrown around the idea of removing FTP support entirely over the years. In addition to not being a secure transport, it's also additional attack surface, and it currently runs in the browser process," said Chris Palmer, another member of the Chrome security team.

As such, it would appear that branding FTP transfers as insecure will not have an enormous affect on the use of FTP, however, for companies still using the rather ancient technique, the labeling could serve as a means to promote them to upgrade and update thier IT infastructure and processes. 

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

30 Nov 2022
Android vs iOS: Which mobile OS is right for you?
Mobile

Android vs iOS: Which mobile OS is right for you?

30 Nov 2022
Google Cloud Platform now automatically detects highly common ransomware dropper
Cloud

Google Cloud Platform now automatically detects highly common ransomware dropper

21 Nov 2022
Google agrees record $391.5m settlement in US digital tracking case
privacy

Google agrees record $391.5m settlement in US digital tracking case

15 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022