In March of this year, Mozilla followed in the steps of Google and announced the upcoming end to support for the ftp protocol in its browser. That is a very good thing!
The ftp URI is the mechanism for browsers to use FTP (the File Transfer Protocol) to send and receive data from servers supporting that protocol. FTP first appeared in TCP/IP environments in 1980, but was developed in 1971 and used NCP, the TCP/IP predecessor. The protocol is not considered secure in any way, sending data, usernames, and passwords in the clear.
To understand why the had insecure protocols such as FTP in its early days, we need to look a bit at history. In the early 1980s – and more so in the 1970s – computers and networks were very slow compared those of today. Other than large computers and military hardware, encrypting most data was fundamentally impractical. In addition, what we now know as the Internet was still controlled by the US Department of Defence. In those early days, unencrypted data transfer was impractical and not a huge risk. Today encrypting data (e.g. with TLS using https) is the standard.
There are five common more secure methods of uploading and downloading files over the internet or another TCP/IP network.
I use scp when I manage web sites. Sometimes I store data on Amazon S3. I use other sites to share data depending on with whom I share them. I sometimes use those services to share files with myself, allowing access to the data from different devices.
In Learning Tree’s Cyber SecurIty introduction, Course 468 participants use hands-on activities to experience the issues with FTP and see how other tools are more secure.