Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

archive.mozilla.org VS ftp.mozilla.org

Firefox_Beginner
Firefox_Beginner
more options

A while back i asked how to avoid the unique identifier / download token that every firefox installation now has when downloading from https://www.mozilla.org/eu/firefox/all/#product-desktop-release As a response you told me to use either of these: What's the difference between archive.mozilla.org and ftp.mozilla.org?

Both sites look exactly the same from what i can tell. Also you warned me that downloading from these sites can be insecure because the sites might be vulnerable to "hackers" or might have been "infiltrated" by third partys. What's better getting a unique identifier or downloading from the archive and accepting potential risk? None of this would be necessary if mozilla didn't push a unique identifier.

When downloading from the archive the sha512 and sha256 always match the installer, doesn't mean anything if the site itself has been compromised i guess? Then again why would it be compromised? Seriously? I could download the fire installer from the official site and from the archive and compare if both sha512 and sha256 match each other, if so i guess no compromise and no token, right?

A while back i asked how to avoid the unique identifier / download token that every firefox installation now has when downloading from https://www.mozilla.org/eu/firefox/all/#product-desktop-release As a response you told me to use either of these: What's the difference between archive.mozilla.org and ftp.mozilla.org? Both sites look exactly the same from what i can tell. Also you warned me that downloading from these sites can be insecure because the sites might be vulnerable to "hackers" or might have been "infiltrated" by third partys. What's better getting a unique identifier or downloading from the archive and accepting potential risk? None of this would be necessary if mozilla didn't push a unique identifier. When downloading from the archive the sha512 and sha256 always match the installer, doesn't mean anything if the site itself has been compromised i guess? Then again why would it be compromised? Seriously? I could download the fire installer from the official site and from the archive and compare if both sha512 and sha256 match each other, if so i guess no compromise and no token, right?

All Replies (3)

James
James
  • Top 25 Contributor
  • Moderator
more options

use the https:// if you prefer https://archive.mozilla.org and https://ftp.mozilla.org

They are the same. Mozilla used to use the ftp:// protocol on ftp://ftp.mozilla.org however Mozilla discontinued the ftp:// protocol on servers back on Aug 5th, 2015. Mozilla prefers everybody use archive.mozilla.org anyways.

Modified by James

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See also:

Firefox_Beginner
Firefox_Beginner Question owner
more options

James said
use the https:// if you prefer https://archive.mozilla.org and https://ftp.mozilla.org They are the same. Mozilla used to use the ftp:// protocol on ftp://ftp.mozilla.org however Mozilla discontinued the ftp:// protocol on servers back on Aug 5th, 2015. Mozilla prefers everybody use archive.mozilla.org anyways.

Why would they preffer anyone to use archive over ftp if they are as you said the same