I've used FTP for static sites for decades by this point. Credentials have never been leaked, transfers have never been interfered with.

How would you know if the transfers were interfered with? Do you take checksums of the files you upload and then check that the files apparently uploaded are the same?

Also, how do you know that there isn't someone performing a MITM (man in the middle) attack? FTP has no mechanism that I know of to verify that you're connecting to the server that you think you are.

It may well be that you're not a sizeable target and that no-one is interested in hacking your site, but that's just luck and not an endorsement of unencrypted FTP.

How would you know that your neighbours aren't secretly spying together on you and interfering with your life in ways you don't notice?

We have to put a limit to paranoia. If things work correctly for decades and there are no signs of foul play after endless real world usage, it's safe to say nobody is hacking our FTP.

It's different if you're a bank or the KGB or the CIA.

> It may well be that you're not a sizeable target and that no-one is interested in hacking your site, but that's just luck and not an endorsement of unencrypted FTP.

Do you drive an armored car?

Needing an armored car or protection from neighbours is specifically to guard against proximity based exploits and those are very unlikely threats to most people. FTP interception can be easily performed from anywhere in the world with a little bit of DNS poisoning and then perform a MITM attack (or even just alter the data in transit from a malicious wifi hotspot).

It costs approximately zero to use encryption and protect against the FTP exploits, so why continue to use FTP? There's literally no advantage and several possible disadvantages. Just relying on not being hacked before seems a foolish stance to me.

If it's so easily done, then most FTP websites would be hacked every week. But hundreds of millions of people have FTP websites and never get hacked in decades.

I challenge you to select any FTP website of your choosing and make a tiny change to prove that you've hacked it and let me know here.

Do you drive a doorless car?

A frame-less one?

Yes, and it only has two wheels.

Don't complain when you get run over.

I don't even know if I'm talking about your servers or your bike at this point, ha

There's little reason to expect to be run over when you're on a bike, jut like there's little reason to expect your website to be hacked because you use FTP. If you're a normal person.

We have to be proportional when we do risk assessment. Just because it's part of modern programmer faith to be against FTP, doesn't mean it's sensible. Most hackers are just repeating what others have told them, and a lie becomes common sense.

If FTP is considered unsafe, then riding any non-armored vehicle should also be unacceptable.

It is, if your threat model includes texting general populace in large trucks.

ISPs very frequently do not give a shit about the law. There are so many instances of major ISPs intercepting and modifying traffic, injecting ads, redirecting people to gambling websites, etc. It's not some freak incident involving the NSA targeting you, it happens all the time. All it takes is one bribe.

And what happens if your ISP is compromised without their knowledge? What happens when it's a consumer device such as a router? Don't forget that nearly every TP-Link router has an active malware infection.

It's not just one ISP that you have to trust, it's every single intermediate piece of equipment.

Intercepting traffic is a trivial & common form of compromise, and the problem multiplies by how many different parties you are handing your data to. It is wildly irresponsible to not attempt to protect against this.

Nuance is needed here.

"You <-> ISP <-> Bank webpage" is an entirely different security threat model than "You <-> Server you rent from an ISP".

Also, unsanctioned wiretapping is an entirely different criminal offense than stealing leaked credentials.

You can't make blanket statements like that without understanding ISP peering agreements and how data is stored and where.

Let's not pretend like slapping cryptography over L3 is the entirety of being secure. Often (most of the time?) cryptography doesn't even matter much for security.

P.S. Security (prevent stealing sensitive data) and verification (making sure nothing extra is added during transfer) are different problems.

> "You <-> ISP <-> Bank webpage" is an entirely different security threat model than "You <-> Server you rent from an ISP".

...In what world do people rent servers from consumer ISPs? This used to exist in the 1990s, but is nonexistent now.

If this still exists, it's email-only and has already been outsourced elsewhere. No consumer ISP currently in existence is running these sorts of services on their own hardware.

> Also, unsanctioned wiretapping is an entirely different criminal offense than stealing leaked credentials.

I want to be very clear: There are countries that effectively do not have laws that would ever be adequately enforced on ISPs, either because of corruption, a lack of resources in the courts systems, or both. The use of bribery to compel ISPs into intercepting and recording internet traffic is already rampant at scale. You can't rely on the law to protect you when the internet goes across borders.

> Let's not pretend like slapping cryptography over L3 is the entirety of being secure. Often (most of the time?) cryptography doesn't even matter much for security.

Not sure what your point is. Yes, transport security is not the solution to every problem. But it is by far the lowest hanging fruit, the threat modelling is incredibly clear and obvious. There is a reason transport encryption has become universal across every use case imaginable - it's the literal first step to not getting completely pwned before you've even done anything.

> P.S. Security (prevent stealing sensitive data) and verification (making sure nothing extra is added during transfer) are different problems.

And? On the transport level, they have the same solution: TLS. Confidentiality and integrity work hand-in-hand. It's very rare you will need one without the other.

Unencrypted FTP does not give you either of these, and in fact by being limited to password authentication, it helps turn every passive data collection attack into a persistent remote control attack.

> It's completely unacceptable to continue using unencrypted protocols over the public internet.

That is nonsense. The reality is that most data simply is not sensitive, and there is no valid reason to encrypt it. I wouldn't use insecure FTP because credentials, but there's no good reason to encrypt your blog or something.

Didn't we already go through this 10 years ago and then Firesheep got created and thoroughly debunked it?

firesheep was built to demonstrate how Easy HTTP session hijacking was (was a Firefox extension)

on HN https://news.ycombinator.com/item?id=1827928

You're missing the opposite issue - people might not care about your data, but you might well care if their data (e.g. porn sites) was uploaded to your blog.

It's not so much about the data, but protecting your credentials for the server.

I, for one, would like to see an ISP dedicated enough and tecnically able to inject ads in my FTP stream. :)

Agree but also wonder if ISPs bother with this anymore, now that almost all websites are https.

This is the usual horseshit people say about this topic when they don't understand it. It's not just about encryption, but authentication (tamper-resistance). Your blog might not contain sensitive information, but if the entire website is intercepted and becomes malware, you're in trouble.

The bad news with FTP in particular is that only one request has to be intercepted and recorded to have persistent compromise, because the credentials are just a username and password transmitted in clear.