When you use software to upload files to microstocks FTP servers you must enter your username and password into software you use. You can easily end up with a question if you can trust this software. It’s even more naturally to ask this kind of questions if this software is not open source. You don’t know what’s going on inside with your valuable data.
But even if you trust your software, there’s one huge security hole behind everything. And this hole is … FTP.
FTP (File Transfer Protocol) is not secure protocol by definition. It sends your credentials in plain text over the internet to the remote server. Don’t belive me? You can install Wireshark and investigate yourself. Or you can read a number of blogposts about this. Why is FTP insecure, Grab FTP username and password using Wireshark or you even can see a video of how to do it on the Youtube.
There are several ways to mitigate it.
One of the most simple one is that all microstocks will switch to SFTP which is Secure File Transfer Protocol (basically it’s encrypted FTP). Then your credentials will be transferred over the network in secure manner.
Another options is do what Fotolia does: they supply each contributor with separate username and password for FTP upload so even if someone will intercept your credentials everything he would be able to do is … to upload some pictures for you?
Talking about Xpiks, it always uses AES encryption when storing user’s FTP passwords. Also you can set your own passphrase for encryption. So it is almost next to possible for other programs to retrieve them. But remember: because of the FTP it won’t save you.