[duskwuff]

Because that'd amount to the same result as removing FTP. The "installed base" of web-accessible FTPS and SFTP resources is essentially zero, and that's unlikely to change -- if a web site was previously using FTP, they're probably going to move those resources to HTTP/S, not to another protocol which has limited browser support.

[weare138]

> The "installed base" of web-accessible FTPS and SFTP resources is essentially zero

Well that's true of SFTP, browsers don't support that protocol but I think they should. But FTP is still ubiquitous on the internet and most browsers like FF already support FTPS. To me it would make more sense to deprecate FTP like HTTP and warn users when their logging in over an insecure protocol than just kill the feature all together, especially if one of the primary reasons is because "Google did it". FTPS uses the same URI as FTP (ftp://). FTPS is common now, most people don't even realize they're using it. There are those of us that still need to deal with FTP and being able to click on a link in the browser rather than use a separate FTP client is just convenient. Just make it an optional feature and disable it by default.

[duskwuff]

> Well that's true of SFTP, browsers don't support that protocol but I think they should.

They should not. SSH -- which is used as the transport for SFTP -- is a rather large and complex protocol. Implementing it in browsers would significantly increase their network attack surface, while providing few (if any) new capabilities. (What does SFTP provide to the browser that isn't possible with HTTPS?)

> FTPS is common now, most people don't even realize they're using it.

Can you give an example? There are no major web browsers which currently support FTPS -- it is not present in Chrome, Mozilla, nor Internet Explorer.