Google Plans to Label FTP Sites as Unsafe
In a move aimed at enhancing internet security, Google has announced that it will release Chrome 63 in December 2017, marking File Transfer Protocol (FTP) sites as "Not Secure". This decision is based on FTP's inherent insecurity, as it does not encrypt data, making it susceptible to interception and tampering by attackers.
FTP, a protocol developed in the 1970s, has been a staple for file transfers for decades. However, its security properties are marginally worse than HTTP, as data transferred over FTP can be easily compromised. Google's security model aims to protect users from such risks by warning them when they visit sites that do not use secure protocols like HTTPS.
Recognising the importance of security, particularly for public-facing downloads, Google has been gradually discouraging the use of FTP. Instead, organisations are encouraged to use secure protocols and platforms that support encryption and secure authentication.
Among the recommended alternatives for public downloads are HTTPS, Secure FTP (SFTP) or FTPS, cloud storage services such as Google Drive, Dropbox, AWS S3, and specialized content delivery networks (CDNs). These options provide secure, scalable, and easy-to-manage solutions for distributing files publicly with HTTPS security. Using CDNs with HTTPS ensures fast, reliable, and secure downloads to users worldwide.
Google's push for security is not limited to FTP. Chrome now marks HTTP pages as "Not secure" if they have password or credit card fields. Furthermore, Google will reject Symantec's SSL certificates in Chrome 70, to be released on Oct. 23, 2018.
The preference for smartphones over personal computers and the popularity of Android smartphones as portable mini-computers further underscore the need for internet security. As more and more activities shift to mobile devices, it is crucial that these devices offer the same level of security as desktop computers.
The information for this article was provided by Weird Droid in a guest post. It is clear that Google is committed to making the internet a safer place, and this move to mark FTP sites as "Not Secure" is a significant step in that direction.
In light of Google's commitment to internet security, they are encouraging organizations to shift from traditional File Transfer Protocol (FTP) to secure protocols and platforms that offer encryption and secure authentication, such as Secure FTP (SFTP) or FTPS, cloud storage services, and content delivery networks (CDNs). This emphasis on secure protocols aligns with Google's broader technology initiatives, including data-and-cloud-computing solutions, aimed at safeguarding user data from potential threats.
