FileZilla: Making Old School Protocol Cool Again

Tue, 2022-08-16 11:00

Have you ever had to send large files over the internet and been worried about who can access them? This is an increasingly valid concern in today’s world, where your movement on the internet is highly surveilled. When you transfer a file to another computer or online server without security measures in place, the information of that file can be accessed by your internet service provider, the company hosting the online server, your internet browser, and even other people connecting to the internet using the same Wi-Fi router as you. For activists, journalists, and anyone sharing sensitive, personal or confidential information over the internet, transferring files using unsecured methods can put us at risk of having that information exposed.

Thankfully, there are ways to eliminate this infringement of privacy. One of these is by transferring files using File Transfer Protocol Secure (FTPS) or SSH File Transfer Protocol (SFTP). These ensure that any file you send travels via a secure, private connection between your computer and the computer or server receiving it. To transfer a file using FTPS or SFTP, you need a supporting client – a piece of software you can download that acts as the communication channel between your computer and another computer. One such piece of software has been developed by FileZilla, who offers a free solution for anyone wanting to transfer large files securely over the internet. Their client is also open source, meaning that the code used to develop the software is available for anyone with coding experience to access, study and change it – similar to sharing a good recipe with people who enjoy cooking and inviting them to make contributions. This transparency strengthens the software’s security.

Team ethos

With support from the Open Technology Fund (OTF), FileZilla recently made some important enhancements to the tools they offer. Before we get into the details, you may be interested to know a bit about the ethics that have underpinned the work of FileZilla since its inception. FileZilla started about 21 years ago, and was born like many other open-source projects, as a student assignment at a secondary school. The FileZilla server was developed with anonymity built into its design, and FileZilla’s obsession with respecting the anonymity of end users has continued to this day. Their tools are downloaded by millions of people a year, and not even the developers themselves have a means of knowing who those people are, or what people do with the tools they download. Similarly, the FileZilla website is free of surveillance tools such as scripts and cookies. They know how many visitors arrive at their website, but have no way of knowing that one of those visitors may be you. They are able to establish that a download was made by someone in South Africa, but cannot discern where that person is located or what the IP address of their computer is.

Secondly, the FileZilla client offers privacy to those using their tools and website. Every time we click on anything on the internet, we leave a footprint, and our browsing and search history becomes a trail. Many companies today have online trackers that follow your trail in order to accumulate information about you. That information is used by those companies to send you targeted advertising. This deep infringement of privacy by the online advertising industry stands in such confrontation with FileZilla’s ethos of ensuring users’ privacy that the team drafted a manifesto on Ethical Ads. The manifesto outlines how FileZilla respects users’ confidentiality: they do not track your behaviour, nor sell your data to other companies. While they do have advertisements on their website, they are posted exactly as advertisements would be posted in a newspaper. Nobody knows that you are reading the advertisements, or that you decided to call or connect to the advertised website. The advertisement has simply been attached to the webpage, without any underlying tracking.

Lastly, the FileZilla client is entirely free to download and use. “Our mission hasn’t changed in over 20 years: design, develop, maintain and enhance free tools to securely transfer files with ease and reliability,” said Tim Kosse, FileZilla Lead Developer. This decision was a political one taken by FileZilla, to always preserve the freedom of their tools, and of their users. “We aren’t the typical commercial open-source venture that starts doing things for free, and over time, closes this and that to make money” said Roberto Galoppini, FileZilla Director of Strategy. “While you might not see FileZilla listed at the NYSE [New York Stock Exchange] any time soon, the freedom of our tools will never be questioned.”

Latest advancements

FileZilla is committed to their role in liberating technology, by making it accessible, open and also secure. Over the past year, FileZilla has utilised support from OTF to undertake two activities that enhanced and ensured the security of their tools. The first was integrating FileZilla Server with Let’s Encrypt, a free, automated, and open source certificate authority that ensures secure communication between the two end-points sending or receiving a file via FileZilla. Let’s Encrypt works by challenging an end-point server, such as your computer, to prove that it is who it claims to be before communicating a file’s information. The process is similar to being asked to show your identity document before receiving a confidential parcel being delivered to your door.

Secondly, FileZilla ran a penetration test, a service offered by OTF’s Red Team Lab. A team of independent researchers attempted to force access to the FileZilla server to see if they could gain control. These researchers were highly skilled, and the testing was extensive. The team conducting the test only found very minor security vulnerabilities that FileZilla were able to fix immediately. As a result of this process, anyone wanting to use the FileZilla software can trust that it has been cross-scrutinised by a third party and found to be secure.

Why use FileZilla to transfer files?

FTP makes it possible for files to be moved between two or more computers, but it has lost popularity over the years and is considered by many to be a thing of the past. Today, most people can move large files easily using proprietary platforms, such as iCloud, DropBox, OneDrive and Google Drive. These online servers are created, managed and controlled by a single company. While they are convenient to use, the big tech entities that control them have an interest in denying you anonymity and privacy. This is because having access to the files you transfer, knowing who you are, and being able to track your online movements, enable them to continuously tailor their services and client experience towards generating more profit. As far as security goes, their platforms are flawed by design.

Moreover, big tech companies need the permission of national governments for users in different countries to have access to their services, and have frequently been found guilty of complying with government requests for information about specific users or files. The internet connections and cloud servers we use when transferring files are therefore easily accessible and exploitable. Some servers even require you to relinquish the corporate rights of your files in their terms and conditions before you can make use of their services. If you work in an industry that requires the secure transfer of sensitive files, or if you simply have personal photographs or videos you want to keep confidential, using proprietary platforms to share or store them can put your information at risk of being exposed.

FileZilla offers an alternative that is secure and private. Their tools are developed by a team that is deeply invested in protecting users’ confidentiality, and liberating technology is central to their work and decision-making. As a result of FileZilla’s work with OTF, you can now set up your FileZilla Server to run a Let’s Encrypt certificate with minimal effort as an additional layer of security. The FileZilla server has also been tested extensively by an independent auditing team and found to be secure. The FileZilla tools are compatible with Linux, Windows or Mac operating systems, increasing their accessibility and usability.

Using FileZilla to share files grants you the knowledge that your files and information are protected in the process. At the same time, projects like FileZilla remind us that there exists a global community of technologists, activists, coders, bloggers, journalists, software developers, and mindful internet users making internet freedom a lived reality and daily practice. Supporting, experimenting with and using free and open source tools, such as the FileZilla client and server, enables us to disinvest from the capitalist pursuit of corporate control of technology and unchecked surveillance of our data. Rather, we can step into alignment with an alternative, parallel narrative being created by a community of resistance that is grounded in principles of cooperation, solidarity, commons and openness.

For more information about FileZilla, to download their tools, or to contact the developers, visit their tracker-free, privacy-respecting website.