10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.

Re:Filezilla = Adware

It is *not* free software

Yes, it is. On the main site I can download the source code and compile it, something I've had to do when the pre-built Linux binaries didn't work on older distros. The software license is GPL v2.

How the fuck is it NOT free software? If you're still referring to it as adware, I'm assuming it's because of the partnership with SourceForge which bundled adware in certain versions of the software (of which you could easily still download a clean version if you knew what you were doing). That program ended quite a while ago. Of course, you'd know this if you bothered to be more understanding and check if what you actually typed matched reality, but that's too much work. Hatred is easier.

Re: Do you have a point?

[Vlad_the_Inhaler]

Naming the developer is less of a deal here than you think - he has been notorious for years because of his stance on this matter. He has rejected patches from third parties trying to fix the deficiency, something which finally led to the fork a year or so ago. Oh, the person who forked the project had suffered a breach where the lack of this feature was a major contributing factor.

I don't use FileZilla and never have, but for me the whole sordid tale raises a question mark against projects of this kind: Any project of this nature is substantially ego driven, the programmer is donating time and energy to provide a service. The problem is when that ego leads him (99% are male) to leave unnecessary deficiencies in the "product"? I'm running an old linux distribution on a machine in my internal network because an important tool was updated around 18 months ago to remove support for something I use a lot. It is a personality clash between the owners of two projects. My old version works.
Look at the decisions Firefox has made recently, I consider some of them to be sabotage, vandalism.

Re: Do you have a point?

Someone thanked the developer for adding this feature (after filing a request for it 9 years ago), and he replies

"I'm glad you like a feature that doesn't even increase security."

I hope to never meet or interact with this person, as it is highly frustrating to even read about this interchange from my position of removal (not a filezilla user).

Link here: https://forum.filezilla-project.org/viewtopic.php?f=3&t=64&start=1005#p156191

Re: It's Open Source

[Joce640k]

Why would anybody still use it?

It turned into spyware years ago and WinSCP is 3000% better.