I don't understand all the negativity around this. People complained when Firefox added Pocket, in part because they took a browser extension and made it a feature that was ostensibly unrelated to web browsing. Now they're taking an old feature that's definitely not related to web browsing and removing it, and people are still complaining?

Firefox can't be everything. It should focus on being a great browser and not a great browser and also great FTP client, or a great browser and also a great feed reader, or a great browser and also a great mail client. People using FTP can use a dedicated client, of which there are plenty on every platform, and people who don't use FTP (i.e. the vast, vast majority of web browser users) won't even notice.

A modern web browser is probably some of the most complex software humanity has invented yet, besides a full-scale OS. Taking a maintenance burden that's unrelated to the core browser product of a struggling NFP should be welcomed with a sigh of relief.

>If you are a Firefox user, you don’t have to do anything to benefit from this security advancement.

The epitome of corporate speak: "we're taking away a feature of this software. You're welcome."

I expect that kind of talk from Google; hearing it from Mozilla makes me a little sad.

Lots of places like US federal institutions or universities use FTP to this day to distribute their open datasetes.

Show me an example of actual FTP MITM hack in the wild.

Sure loading FTP resources from HTTP(S) context is not a good idea (as would be downloading executables over FTP), but did they actually make any effort to inform the public and owners of FTP servers? I do not think so, I haven't seen it.

Mozilla these days has very weird priorities. Their decisions should not feel so unilateral or "because Chrome does it". There should be more emphasis on widely understood infrastructure even at the cost of "soft" projects/campaigns [1] - these could be served by the EFF after all. I can't understand why shedding MDN was a good idea in their heads.

[1] Like this one: https://foundation.mozilla.org/pl/blog/mozilla-investigation...

Reminds me of Apple removing the headphone jack and being so proud of themselves for "being brave".

Just yesterday I found a link to FTP while researching something. Was pretty annoying to go get another FTP client up and running to get it.

Anyway, the movement away from unencrypted protocols to TLS-only is moving us closer to a fully censored internet. Sure, an unencrypted internet did not have any integrity guarantees, and thus was easy to censor (and worse) by totalitarian nation states.

However, a TLS-only internet is very easily censorable by our new global central planners (FAANG). This way, they'll have much more control than was available to the common MITMing nation state.

Let's look at this from the other end of the horse.

FTP is a horrible kludge that needs to be depreciated. SFTP is better. The number of ports needed, holes punched in firewalls, everything sent in plain-text, inability to traverse NAT without more kludge and hacky work-arounds. We only tolerate it because it was the only thing that worked.

There are better/newer methods that should be embraced.

We don't bemoan the death of Gopher, or Finger do we? Hell no. FTP does have it's uses, but I'd dare wager that every-single-instance could be upgraded to SFTP and the world would move on.

Legacy, ancient apps that haven't been touched in 40 years; will break. Let them.

It's unfortunate that this had to happen, but the landscape around FTP is increasingly unexamined and part of a dead era. The effort required to build in robust SFTP support as well as convert existing FTP users to it is non-trivial, and not within the charter of a modern web browser.

It's sad, but not surprising.

>> To date, many malware distribution campaigns launch their attacks by compromising FTP servers

Yes.. well, they can do the same by compromising servers that offer the payload via HTTP(S). At least when the payload is ftp, it stands out and you can catch it in your gateway/firewall devices.

With https you now need https inspection at the border in order to be able to do that. These MITM devices do tend to cause a lot of trouble.

psa: windows explorer.exe, macos finder, and gnome nautilus / kde dolphin all support connecting to an FTP server.

explorer: right click "my computer" -> map network drive. (or just ctrl+L and type an FTP url.)

finder: go -> connect to server

nautilus/dolphin: network -> connect to server (or just ctrl+L and type an FTP url.)

This is frustrating. FTP is really handy for distributing some files and there are lots of servers in place that now Firefox users can’t access.

One can argue that servers should upgrade, and that’s valid. But they don’t and they likely won’t do this just harms Firefox’s user base and is one more reason I no longer recommend Firefox. They just don’t seem user friendly as they once were.

I would expect Mozilla to advocate for more FTP as a cheap way of distributing files.

This makes a little sad, but only a little. I honestly do not remember when I last accessed an FTP server from a browser.

I do use FTP every now and then, but I do so from the command line or file manager like mc (or far manager when I am on Windows). Even there, it has been declining steadily, though, because ssh/sftp works pretty well as a drop-in replacement, unless one of the endpoints is so low-end the encryption becomes a throughput bottleneck. But it's been many years since I've had that problem.

I think this is a bad idea - many URLs are encoded as ftp still, e.g. when downloading tarballs, zips and such - does this mean clicking on an FTP URL now will require launching an external ftp app instead of downloading the file? I'm ok if FTP browsing is suspended through the browser, but abandoning FTP altogether in the browser is a bad idea. It's an old protocol and still very useful, albeit not in its unencrypted state maybe, but it does do a good job of what it's supposed to - namely, transfer files.

Mozilla is the last organization keeping us from the complete takeover of the web by Google/Webkit and they seem to be held to an impossibly high standard by users. There's no FTP support in Chrome, there's terrible support for Adblock, there's telemetry, etc, but somehow Mozilla has to be 100% perfect.

This is why we can't have nice things and why the internet is going to become Chrome-first.

I expect this to have very little impact on anything.

FTP might be dying in other sectors, but at least in biomed research, I would use FTP anyday when the alternative protocol needs a client app and a bunch of configurations. It's also handy when sharing data.

Browser support is important here because those files are often not explored from command line etc, but rather the FTP links are placed on individual pages as a quick download. At least for me, it's much more convinient to click and wget, than reading a page then switch window to query from API/client...

I am a head of team of 20+ brilliant software engineers, who doing great things on a daily basis. When I being asked "What kind of code do the best of your team are writing?", here's a canned response: "The best engineers are deleting code, not writing it".

For software project with size and age of Firefox, deleting obsolete or redundant code is universally good. It is hard but necessary task. I am okay with completely stop using FTP for that cause. Or eventually fire up Chrome FWIW.

I remember way back in the day with ftp.cdrom.com [1] this was an important browser feature. Nowadays this is totally pointless and mind-boggling that anyone still uses FTP at all (SFTP should be used now). And more-so http is resilient for resumable file downloads with range header requests. Also people can develop an extension.

1 https://en.wikipedia.org/wiki/Walnut_Creek_CDROM

Didnt Chrome remove ftp first. Is Firefox just following suit. Need to check.

Mozilla's explanation/justification here for removing ftp is quite flimsy. It presumes there could never, ever be any possible situation in which a user wants to use a browser for ftp. Whether now or in the future. It just does not add up. There are no specific references to ftp-based exploits, or other examples of how ftp is harmful. Who uses ftp for transfers of unencrypted files containing sensitive data over the open internet. ftp can be useful for stuff that is not sensitive and for transfers over the local network between devices (no internet connection required).

It makes sense to remove ftp if the web is just for advertising and sales. Why would any "consumer" need ftp.

Fortunately the text-only browser I use is probably not going to remove ftp. But any decline in ftp use that results from the decisions of these advertising-dependent organisations is concerning.

I’d be interested if anyone here uses this feature, and if so what the use case is?

This decision seems like a no-brainer, but I’ve found I’m always surprised how much use legacy features like this can have.

A friend asked me to help him to setup a FTP server for his b2b product a few weeks ago: Client just wanted that lolz.

Luckily I could convince him to use ProFTPD with sftp http://proftpd.org/docs/contrib/mod_sftp.html . This is very neat as the service runs on their own ssh-alike port.

I know there is lots of negativity about this - but I'm glad Mozilla has taken a principled stand. FTP is dangerous. Kill it with fire.

Firefox 90 has terrible usability with the new "Photon" interface. Has no one read The Design of Everyday Things? I just don't understand what they're trying to do - they need to keep and increase their userbase, not push away the few users they have left.

I'm fine with this. Now if Chrome and Firefox would just add native RSS reading...

With the way Mozilla’s management has been going, they might as well stop HTTP support as well :^)

https beat up usenet and now ftp.

Mozilla leadership really wants to kill Firefox.

FTP is dead. ycombinator killed it. Thanks, dropbox.

the sheer lack of awareness here sometimes, I swear.