Firefox Follows Chrome and Blocks the Loading of Most FTP Resources

Mozilla says it will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages. From a report: By FTP subresources, we refer to files loaded via the FTP protocol inside img, script, or iframe tags that have a src="ftp://". FTP links placed inside normal angle bracket links or typed directly in the browser's address bar will continue to work. The reasoning is that FTP is an insecure protocol that doesn't support modern encryption techniques and will inherently break many other built-in browser security and privacy features, such as HSTS, CSP, XSA, or others. Furthermore, many malware distribution campaigns often rely on compromising FTP servers and redirecting or downloading malware on users' computers via FTP subresources. Mozilla engineers say FTP subresource blocking will ship with Firefox 61, currently scheduled for release on June 26.

Making money, tracking cookies.

[OrangeTide]

Google, Facebook, Amazon, Apple, Microsoft, and many others wish to end the hobbyist Internet.

FTP lacks cookies to track views. And FTP is hard for search engines to index with useful metadata for advertisers.

Re:Why FTP? Why not an HTTPS CMS site?

[CreamyG31337]

It's doesn't need to be easier or better -- it's just another attack surface that CAN be compromised, meaning that there are plenty of FTP servers out there which are misconfigured and can be used to serve malware. Due to the latency logging in and requesting a file via FTP, no webmaster should purposely configure a site to pull a page's resources from an FTP, so it makes sense to cut it off.
As for why it's easier or better, a badly configured FTP server is probably more likely to stay that way because the hackers hide the files and are only using disk space and bandwidth. Something like a CMS will tell you "please update me" every time you log in as admin to patch holes. Your FTP isn't going to tell you that you're a shitty admin.