I would like to be able to configure my browser to open every URL in a domain-specific "container", unless I say otherwise.
Say site www.a.org includes an image from www.evilcorp.org, and www.evilcorp.org sets a cookie. When I then go to www.b.org and it includes an image from www.evilcorp.org, I don't expect the cookie to be sent back.
In other words, the cookie should be tied to www.a.org, even though it actually came from www.evilcorp.org. It should only be sent if my URL bar says www.a.org AND the image is coming from www.evilcorp.org.
I feel that this is how browsers should have been designed in the first place. I welcome this Container Tabs feature, but I don't think it quite goes far enough to restore my privacy.
Firefox is integrating a cookie feature from Tor called first-party isolation or double-key cookies. It will separate third-party cookies for each first-party site, so evilcorp.org cookies for evilcorp.org images on a.org will not be set for evilcorp.org images on a.org. Blocking third-party cookies can break some site that rely on third-party resources, but first-party isolation should allow each site to work without cookie "crosstalk".
You can test first-party isolation now by flipping the about:config pref "privacy.firstparty.isolate" to true. Beware that there are still bugs that break some sites, which is why the feature is not enabled by default yet. If you find bugs, please report them in Bugzilla! Here is the Firefox bug tracking the integration and known bugs:
> Blocking third-party cookies can break some site that rely on third-party resources
Can anyone name sites that require them?
As someone who defaults to deny all cookies and manually enables every one my browser accepts, I don't think I've found a site that requires 3rd-party cookies. Few sites require cookies unless you login or have shopping cart.
Of course, that's anecdotal. Maybe I just don't visit certain categories of sites and don't encounter them.
StackOverflow, sadly. Their Javascript requires some off site cookies to allow for their cross domain user account stuff. Not enabling third party cookies on the StackExchange sites leads to broken pages.
Yes, though there are some ways around this. You could send the user to another domain to sign in using a unique request ID that identifies the user. After authenticating this unique ID can be communicated back to the first site to show the user has authenticated, and a cookie could keep the session information. That wouldn't give a seemless sign-in on every site, though - you'd need one cookie (and one sign-in) per domain.
The other way is to have all StackExchange sites be subdomains of stackexchange.com - which is how the designers of the web intended it to be, I think.
My university uses Piazza often as a forum, linked in through our course management site, Canvas. If you don't have 3rd party cookies, it used to just not work, but not it redirects you into opening a new tab/window for Piazza. It's still annoying and would be nice to have it right there in Canvas
I think I remember allowing them to watch Thursday Night Football on Twitter. I can't find anything about third-party cookies and tnf.twitter.com on Google though.
Probably not. HN only allows editing comments for a limited amount of time. In one post I found from a couple of years back, someone said that the edit window is two hours. I think perhaps also that as soon as someone has replied to a comment it will not be possible to edit that comment any longer but I'm not sure about that.
Could you provide some examples? That's a serious allegation.
I remember, as a volunteer, debating some privacy issue with a Google dev in Bugzilla. They made some crack about looking a gift horse in the mouth, but the discussion was out in the open. I don't recall evidence that Google was influencing Firefox improperly, but OTOH absence of evidence is not evidence of absence ...
I think the more likely explanation is that Google withdrew* once it became clear that Chrome was far more popular. This same event led Mozilla to do some soul-searching (aka user surveys, etc.) as to why they were losing users, and what their USP was compared to Google - privacy is one of them.
* Note that "withdrew" might also mean "offered less money than before because Firefox had less users than before, and Yahoo! offering more.
I'd love to know how those corporate conversations go exactly. Is it so blatant as saying "no you won't work on these anti tracking features?" Or is it more "this will be so you focus on" which conveniently excludes undesirable stuff?
This. And, what is really Google paying them for?
Ensuring that there is no mainstream browser left that would complicate things for ad/tracking sponsored web (and so never creating an incentive + ecosystem for any alternative)?
You'd probably like Self-Destructing Cookies[1]. It's an addon that deletes all cookies set by a page after you close the tab by default, though you can change it per-page to delete only on closing the browser or never. It doesn't prevent the cookies from being set, but it does effectively prevent tracking if you close tabs frequently.
Not entirely, but it has it's similarities. Differences are:
* History (Personally, can't live without it).
* Whitelist (HN's cookies, for example, I keep).
* Saving submitted form data (for auto-complete).
* 10-seconds remorse time to reopen that tab and have it stay as it is!
If it were me, I'd like entire essentially unconnected sub-profiles, restricted by sites - different caches, potentially different extensions, etc. Even with third-party cookies disabled, you end up with little tricks to authenticate and track people across domains.
I disable 3rd party cookies too, but I've had several websites that have failed to work properly because of it. So now I've had to whitelist certain 3rd party cookies (e.g. accounts.google.com, payments.google.com, etc.). But since these domains are whitelisted, they can set their cookies from any website I visit. With the idea rlpb proposed, each website (and its permitted 3rd party cookies) would at least be in its own container.
> I would like to be able to configure my browser to open every URL in a domain-specific "container", unless I say otherwise.
Sadly, that is currently not possible, not even with addons, because the containers can only be assigned when creating tabs, not when navigating them. There is a related feature (1st party isolation) but that is always-on, so it fails the unless I say otherwise aspect.
I have filed a bug explaining my use-cases [0], but it does not seem to be a priority at the moment. (other addon devs signalling interest might help)
It's more difficult than one might think to specify exactly while navigating where the old page goes away and the new one starts. Especially considering things like frames.
Also if you start a new context every time you navigate you can't for instance log into Google.
Addons get the necessary information. They can distinguish top level navigation from frames. And they could easily impose rules that keep google on the same container when needed.
That's the point of having an addon API instead of fixed behavior, to implement logic around such complications.
It's actually quite a difficult problem for the browsers themselves and they have all the information that's available. There have been a lot of issues with showing the new URL while the old page is still in the browser, for instance.
Having special cases for every exception doesn't scale. What about Outlook Web Access using Microsoft accounts or domain accounts? Are you going to build an add on for every webmail installation?
I would be happy to whitelist the sites with which I use oauth/openid to log in. If I didn't, it would still work; I'd just have to reauthenticate once for every site.
Self destructing cookies (Firefox plugin) is probably the closes you can get to that nowadays. Not really the same, but the end result is really similar.
This is a neat idea but it doesn't implement the main reason I use separate profiles in Chromium - different security contexts based on how much you trust a site.
Example: my main general browsing profile has flash, PDFs and all plugins disabled, absolutely all handlers switched off, all hardware access off, WebGL switched off, no account logins and uBlock Origin set to aggressively block most third-party requests.
My second most used context is for personal sites I login for - with access to third-party cookies (for those sites) and running most third-party requests with standard uBlock rules.
I have yet other contexts (Chrome profiles) where Flash is enabled if I need that, then a separate browser for Java etc.
I'd like to see these security levels built into browsers where the contexts are built around permissions and site trust rather than access to the user store (which is also important)
I don't think it's realistic for most users to do this right now with profiles, as it requires a lot of discipline - it needs to be in the UI.
Browsers have become as sophisticated as operating systems and we're accessing more and more of our personal data using them, yet the model of 'every site has access to everything' be it a site you trust, like Gmail, or a random URL you're clicking on - has somehow survived.
It's the equivalent of the old days where everyone would run their local systems with an admin account for everything. I really think browsers need a rethink along these lines where websites are treated like apps and you can apply a trust group to each.
I wonder how many users understand the concept of profiles and the session isolation they provide, want to use them, yet find the command line too difficult to use.
Most user won't even be aware of the possibility of using profiles, ask any of your relatives.
While if you had a "Create a new profile" button that does it in one step and that they would advertise on install much more people would be using it, even if it's just for family members separation.
Old Netscape/Firefox builds used to start with the Profile creation/selection screen by default (which is the -ProfileManager CLI option that remains today) and someone can correct me if I am wrong, but the consensus seemed to be that it confused people more than it helped them.
The majority of people already separate family members with different user accounts on the machine or mostly just don't seem to care.
This seems to be the interesting UX compromise that the new "Container Tabs" is trying to meet "where they live": the users that could use some of the advantages of profiles without the full overhead of using multiple profiles. It will be interesting to see if the compromise is picked up by average users.
(Fwiw, I've used multiple profiles in Firefox off and on for decades but have yet to find a relative I'd recommend that to.)
In the old days, seperate profiles were used to seperate Moms browsing from Dad's browsing. Now, we need different profiles to browse: one for shopping, one for banking, one for work...
Seems to me that coders forget that people evolve. Same with Moxie saying that it is fine for WhatsApp not ticking the 'tell me when the key changed'-box by default because that confuses people. Perhaps it /did/ confuse people, when security was not a known issue. People tend to learn, in my experience. You can't say: "Well, we did an A/B test in 2002 and now we're done for the next millenium."
Uh, right, people could use one for shopping, one for banking, one for work, etc... but they'd like them all to be in the same window so they can switch between them as tabs... (It's funny when you realize that the old ProfileManager predates tabs.)
Which is where we arrive today with Mozilla's work on "container tabs". The code and UX evolve, too.
I'm not sure what your complaint here is, mverwijs? That Mozilla should test Firefox starting up with the ProfileManager again? Like I said, I think "container tabs" might be a good way to do this in a way that mainstream users might pick up and this will be interesting to watch.
(I guess one trick that might be interesting if there was a way to easily "graduate" from I know/love "container tabs" to "oh, the next thing I can try is profiles to do more complicated things", but I think the answer is that profiles will adapt more to work with "container tabs" UX than "container tabs" UX will adapt to the old profiles UX. Given "incognito" tabs in other browsers can be seen as a specialization of a "container tab"/"profile tab", I suspect mixing profile tabs in a single browser window is a UX that is here to stay.)
I'm genuinely not trolling here: what are you worried could happen if you didn't do all of this stuff with the extensions and settings in your various profiles? What does it mean to trust a website?
From past experience, and the reason I browse with some fairly aggressive security settings (not the OP): I'm worried I could acquire a nasty rootkit-level virus.
I'm worried about that because I used to browse with no Noscript/similar, and then I got a infected by a rootkit, which I traced back to a new site I'd visited.
Since I didn't enjoy having to nuke my entire computer environment from orbit, I now have a rather locked-down browser.
I turn all of those Chrome features off everywhere anyways. I find the handlers to be especially annoying. Why the fuck would I want that? There's a reason I use Mail.app and it's not because I love using email in web views.
"I'd like to see these security levels built into browsers where the contexts are built around permissions and site trust rather than access to the user store (which is also important)"
I want to take it all the way to eleven and 'jail' a gui process (in this case, the web browser - any web browser). It gets its own filesystem root and its own IP BUT I don't have to pay the penalties of firing up a full blown virtual machine.
This isn't easy to do in the way that, for instance, jailing a daemon is easy to do ...
Further, even if I did have a workable recipe to jail a chrome process (and all of it's children) it would certainly only be for X. Maybe there's some recipe for that in OSX but it would be profoundly different. OSX doesn't even have the 'jail' command (although it does have chroot ...)
depending on your OS of choice, desktop containers using something like docker (e.g. https://blog.jessfraz.com/post/docker-containers-on-the-desk...) can achieve it and are a reasonably straightforward (for a certain value of straightforard) option (linux only unfortunately...)
I'd take a look at uMatrix, which is easier and more granular than NoScript (but lacks the more in-depth security features). It allows you to block/allow cookies, css, images, plugins, scripts, frames, and more on local/remote host basis.
For example, when visiting example.com you could allow scripts from example.com but not from gstatic.com, analyticshost.com, or shadylookingdomain.com. Yet at domain.com you could allow gstatic.com scripts and images because it embeds Google Maps.
It's all done in an amazing, quick GUI that provides a visualization of the rules. I wish all firewalls would adopt the UI.
NoScript is a pain to use and configure. And you need to finely tune it. With this profile method, you can have a "all-in" profile, and a "safe" one. This makes things much easier to manager.
> you only have to click the icon again if some site is not working.
And then you start realizing that blocking all scripts is a pain. You want just this script to work, but not this one. So you start filtering and it takes so much time.
Then often, a site is not working exactly right, and you don't know no-script screw you. Sometime you realize it after 10 minutes looking for something no-script removed. Waste of time. Then you for some time you want it one for a site, then off for the same site. And on. And off. And you have 30 tabs, then you have to jungle with the state of it.
I am a Mozilla supporter and FF is my "daily driver" browser. Very interested in this feature.
Chrome has had it for a years, and it's a killer feature for many developers. It's very very useful to have multiple browser windows open, each logged into the same site as a different user. A lot of people do this by opening multiple browsers (FF, Chrome, Edge, Safari, etc) but that has its limits and it just adds another variable my poor brain would prefer not to handle.
Also very useful for home/work separation. One browser account for work and one for home. And also maybe one for porn. So that when you're screensharing in a meeting and you type a URL into the browser, you don't get autocomplete suggestions for your favorite porn sites popping up. Happened to an old (married) boss of mine once while displaying his screen on the projector... typed "a" into the URL field and the browser helpfully suggested he navigate to AdultFriendFinder. Right in front of some clients. :)
Firefox's "container tabs" implementation may be slightly confusing. Chrome's implementation is dead simple. One identity per window, and the identity name is always displayed in the upper right.
With FF's container tabs, I'll have one identity per tab, and I can see they're color coded, but that means I'll have to mentally map colors to identities. It's more flexible than Chrome's implementation but there's more cognitive overhead involved.
Also, what's up with the name "container tabs?" That tells me nothing about what they do. All tabs... contain things. I think they need to rename it to "identity tabs" or something. How on Earth would anybody ever guess that "container tabs" is related to identities and data sharing?
We'll see how it plays out though. I'm excited to try it and I am continually grateful for Mozilla's efforts. In fact this reminds me I haven't donated to them in a while....
Chrome has had it for a years, and it's a killer feature for many developers. It's very very useful to have multiple browser windows open, each logged into the same site as a different user. A lot of people do this by opening multiple browsers (FF, Chrome, Edge, Safari, etc) but that has its limits and it just adds another variable my poor brain would prefer not to handle.
Firefox has had this since, well, forever; they're called "profiles". I run two windows with different profiles (for "personal" and "work"), each with different install addons, Sync accounts, etc. Unfortunately the UI is clunky (requires adding a couple of flags to the shortcut/command).
Firefox profiles used to be more prominent/accessible. Then about 5 or so years back, Mozilla decided to dumb down the UI to better imitate Chrome. Now I think you have to actually launch Firefox from the command-line with special arguments to use profiles (or else install a third-party plugin to manage them).
No, not really, not at all. Chromium has an equivalent (but more accessible and more user friendly) feature than Firefox profile, but it's nowhere close to this.
The profile feature in Firefox and Chromium allows you to have a different set of add-ons or browser configuration, but this feature is really different: it allows you, with the same features and add-ons, to have different sessions, with independent cookies to limit tracking and mitigate CSRF attacks.
Firefox has had multiple profiles for years too, though the UI isn't as nice as Chrome's. This is different, this is basically profiles that can sharethe same browser window.
I personally like keeping things in a single browser window, and find it super annoying when I have multiple windows. But I sometimes want to use a site whilst logged out or logged in to a different account, or just don't want to be tracked. across the web. It's nice to be able to do it all in one place. It also helps enforce a better discipline in keeping parts of your life (and thus your online identity) separate so that it's harder to track.
totally agree with the naming, 'container tabs' is bad. Also I dont like the separation, like having one for banking and one for personal stuff. Arent they the same? I'd have the following:
personal: For personal banking, gmail, facebook, etc. very high security except on my trusted sites.
Work: Work stuff. high security.
Browsing: normal security, so everything works.
wild west: No history, high security. Like private mode. gmail, facobook, banks etc blacklisted so you cant log in even by accident.
Personally, I don't care for their choice of names. Hopefully the browser will allow an arbitrary number of containers and customization of their names.
When I went looking for a per-tab profile, I did not see this in either Chrome or Firefox. Firefox has the Multifox addon that does this per-tab, but it is incompatible with the multiprocess feature.
Edit: I guess I'm misremembering how Chrome works, or maybe they changed it since I've last used Chrome seriously. I'll leave the comment so the replies make sense.
Original comment:
I'm kind of surprised that Mozilla went with a per-tab approach here, since they went with per-window for private browsing (while Chrome did the opposite: per-tab private browsing and per-window profiles).
It's not even per-window. If you open an Incognito window and log into a website, any other Incognito windows will share that same cookie jar and thus also be logged in to said website. I would love a way to keep them distinct, but simply opening a new window won't do it--you have to close all Incognito windows/tabs to clear its temporary cookie jar.
Right now, what I'm doing is that all my standard browsing happens on Firefox, with uMatrix blocking JS and just generally locked down. For anything where I want to log in or have a persistent identity (stackoverflow, gmail, etc), I set up separate Chrome profiles and manually open each site in the appropriate profile.
Honestly, this whole thing is a bit of a pain - my ideal solution would be one where I can set up "domain groups" matching on the URL in the URL bar, each fully isolated from one another (different extensions, settings, caches, histories, forms, cookie stores, etc), and clicking links that go from one profile to another, all referer information is stripped out. Anything not matching one of the domain groups would go to the "default session" (which I would configure to be completely locked down and ephemeral).
Additionally, I'd want a context-menu item "Open link in group <x>", which would open something matching another domain group in the domain group of my choice, so that I could do things like visit gmail in two different groups.
> For anything where I want to log in or have a persistent identity (stackoverflow, gmail, etc), I set up separate Chrome profiles and manually open each site in the appropriate profile.
FWIW, this is also doable in Firefox: try 'firefox --new-instance -ProfileManager'; you can also directly open up a new profile from the command line (and hence do the same from scripts, desktop entries, or whatever else your platform supports).
I have one profile for my finances, one with NoScript in blacklist mode, and then my normal profile.
Yeah, I know it can be done, I use Chrome because it's more convenient to click the profile icon and pop up the new profile in a new window. In my experience with Firefox profile switching it's always been a much more involved process than the two-click Chrome process.
hmm so you can log into multiple profiles at once in chrome and have them run under separate session spaces?
i found that i can have on session space in regular chrome and one more in incognito, but all tabs in incognito seem to share that same session. i.e. opening a new tab automatically shares the same session as the other tabs in x domain. Maybe there is a way to control this behavior?
There is a button in the top right for profile switching. For me, it has always popped up a new window in a different profile, not closed the existing window.
This is awesome. Microsoft's identity system is a nightmare so switching between my Office 365 email account and my OneDrive/music accounts is always annoying. I'd love to be able to contain each and stay logged in to both accounts.
At work I test lots of user accounts on the same site and make heavy use of Chrome profiles for that. This would fill a similar role.
But while I'm glad to have them, no average user would ever understand any of these concepts as presented in these screenshots.
I have been using Self-Destructing Cookies[1] for few years and while I think the extension is great, I always feel there's not enough isolation between tabs. For example, if I have Twitter logged in in one tab, and other tab contain Twitter button, then the other tab can still have access to my Twitter cookie. (Because Twitter tab is still active, so SDC would not destroy the cookie.) I know this is solvable using tracker blocker, but something like SDC but worked on tab container level would be very welcomed.
(Other side effect of using SDC is I seems to get the harder ReCAPTCHA that make you click an object until all of it disappear, with new ones popping up after clicking. Usually took about 5-10 clicks. Very annoying.)
You may want to try uMatrix[1]. It block any 3rd party content by default (cookies, scripts,...) . So Twitter buttons (and similar) do not load by default, but you can allow it with two clicks.
Thanks for the suggestion, although I'm already using uMatrix :-)
SDC + uMatrix do make a really great combination, and I'm really glad I use these extensions when I see some sites loading 10+ trackers that are not relevant to site's function at all.
I've been doing this for years using both Firefox' and Thunderbird's multiple-profile features.
Just run "firefox --no-remote -ProfileManager" and here you go.
So the serious question is: how is this any different from using multiple profile?
Multiple profile also have the pro/con that they are actual different processes, so there's no information leak between profiles whatsoever (well, unless some serious hacking happens).
Edit: being different processes with different profiles, they also have different configuration folders, different cookie sets, different password storage locations etc...
Just run "firefox --no-remote -ProfileManager" and here you go.
I'm sure Grandma and Joe SixPack will do that... Not everybody is tech savvy. I'd say the majority of FF users don't even know there's a profile manager.
The writing is a bit ambiguous here, but "true" is the default setting in Firefox nightlies currently, so no about:config tweaks needed. The preference is also available in the preferences UI in the "Privacy" section.
Of course, most people are probably not running Firefox nightlies either.
I'd been using the command line way for a long time, until I found this. Now the first thing I do is install it in every new office computer, and then I have a Work and Personal firefox profile, completely separate from each other. At home we have mine and my wife's profiles on the laptop.
To answer your question, it's probably quicker and takes up less HD space :) And now we can have profiles and container tabs in those profiles, or just use profiles or just use container tabs, how cool is that.
I actually have a use-case for this. I have a "webdev"-profile where I've got none of my usual webpage-breaking privacy extensions, I do have Tree Style Tabs there, because when coding I tend to open a ton of tabs, and well, then I use the Container Tabs, since I need to be able to see my webpage as logged-out user, as logged-in user etc.
I was using ParrotSec OS for a few months and it had this as the default for opening Firefox, it would prompt you to ask which profile you wanted to use, it was somewhat handy. Firefox can be set to always open the profile manager on startup by default. But what they're saying now is per tab vs per window.
I tried using container tabs with Nightly, but it just doesn't offer the full seperation that multiple profiles does. Having a different color on each tab with container tabs is nice, but not as obvious as being able to set entierly different themes as you can with seperate profiles.
I do think container tabs makes it easier for the everyday user to enjoy some of the benefits of seperation, though. Most people aren't goint to want to deal with settup up multiple profiles, choosing profiles, and all that jazz. This is certainly a cool feature for FF to add in.
For years I have been wondering when there'd be an easy way to do run multiple profiles in Firefox.
At least in OSX I haven't figured out how to make an icon I can click that will open a specific profile and running the command from terminal leaves a termnial window open.
I know it is not hard, but it makes the multiple profile thing cumbersome enough for me to never have adopted it.
To answer your question directly: It is easy to use and integrated into the UI. It also works across tabs instead of just across windows.
Command+Space
>> "automator" Enter
>> Choose "Application"
>> search for "shell" and double click "Run Shell Script"
>> type "/Applications/Firefox.app/Contents/MacOS/firefox --no-remote -ProfileManager" into the shell script box
>> Command+S to save the app as whatever you would like
Of course, that also means that you can only customise once.
I use separate Firefox profiles in order to have different add-on configurations, e.g. in my daily driver NoScript is set to whitelist mode, while in my special JavaScript-permitted profile it's in blacklist mode.
I would love this feature and it would actually get me to switch to Firefox in a heartbeat. I'm currently using Chrome just because of the the (subjectively) better developer tools, but this is a feature that would make my life so much easier!
Firefox tab management is lackluster compared to Chrome; container tabs won't change that :/
Every time I try using Firefox I pretty quickly hit the limitation on selecting tabs. Chrome lets you select tabs like files in a file manager: Shift click for ranges, ctrl+click for adding/removing single tabs. You can then drag & drop the group in or out of various windows, close all at once, etc.
Container tabs imho won't be usable unless something like this is in place. When dealing with as few as 5+ tabs, I certainly wouldn't want to manually tweak them one at a time. Can't imagine for 20+, 50+.
But the idea is nice for feature separation, I like that a lot.
Firefox's default tab management might be worse than Chrome's, but once you add something like Tab Mix Plus into the mix, Chrome starts looking like a Ford Model T next to a Ferrari.
Yeah, it's already in Firefox Stable. It's not yet fit to be used as an actual security feature, especially not the outdated version of it in Stable, but just for separating logins, I'd assume it's perfectly fine.
I like where this is heading but their pre-selected categories don't make sense. Container isolation should be based on security requirements rather than site content. E.g. shopping and banking have similar security requirements that are different than following a click-bait link on facebook.
I'd like a container per Google account since trying to switch users in their apps is a disaster that forces me to run multiple browsers.
I'd also like to tie sites to specific containers. So supposing Banking stays its own category, that should mean that any sites that open in the Banking container will never open in another container. Similarly it should be possible to whitelist a set of sites for a container so e.g. only specific banking sites will launch in the Banking container.
Each container should have its own set of security permissions.
I'd like to have disposable containers. I want a safe space where I can open a sketchy link and not have to worry about that page doing anything to the rest of my environment.
This is why I'm using Firefox nightly. It is a killer feature to keep open my many AWS and GCP accounts (one container per client). It still needs to be polished though.
why isn't "Saved Passwords" and "Saved Search and Form data" separated between containers?
There have been autofill/form-data attacks in the past[0] and there was a story recently on HN's front page showing the same[1].
I'd like to point out that mozilla already has a configuration option to disable form data saving on https sites, 'browser.formfill.saveHttpsForms'. Why?[2]
> Right; the idea is to eliminate "opportunism". If my laptop is stolen, Firefox's current behavior makes it easy for a thief to find a https: site in my history, go to it, check out, and then just let autocomplete hand them my complete credit card details.
Probably because of usability, they are still exploring how to integrate it in the browser (it will probably stay hidden behind a pref for a while).
Right now no configuration screen is aware of the container feature.
Yeah usability is a toughie, an other feature I'd be interested in would be some sort of container inheritance (e.g. sub-identities in a work context when clients provide office 365 identities or to test projects under different identities all within the broader work context) but that's even harder to make easy to use.
I also wish it was toggable to make history dependant on a container. My personal history will likely grow and have too much garbage, it would be nice to wipe it and have it not affect my work container.
This is really awesome!!! I used to manage this kind of separation by using private windows and using different browsers. I don't really want to manage these by window or create user profiles, as may be the case in other browsers.
I don't want to be too greedy (considering that the presence of this feature on the desktop is already great), but is there any chance that this will be coming to Firefox for Android? It might be a challenge to implement this UX-wise; however, it would also be extremely helpful since it would help in isolating mobile "web-apps" while still using a decent browser (Firefox for Android instead of Chrome), especially as profiles, which exist on the desktop version of Firefox, are not available on Android.
(Googling does not seem to have produced any relevant hits.)
Cool. I had been using multifox plugin for testing websites, but it won't work with the new multiprocess engine and the plugin author had no intention of porting it. Glad to see an alternative.
I use Firefox for testing my dev work but reading about the privacy use-case, I might seriously consider switching from Chrome as my main browser.
This is a great idea! I love the fact that I can have both contexts in the same window. What would also be pretty cool is being able to move all windows in one context into a new window, if I want to separate things in a new OS workspace.
This would be nice for using more than one Twitter account without needing to open one in private browsing (TweetDeck exists, and I do use it, but I prefer Twitter Web). I hope it makes it to the release channel.
This is a Firefox addon that uses part of the security model of Firefox OS to create sandboxed tabs. Each sandbox is a completely separated world: it doesn't share cookies, storage, and a lots of other stuff with the rest of Firefox, but just with other tabs from the same sandbox.
I became a huge fan of Opera Neon's interface, though. And it would be a perfect fit for "containers". Drop icons into folders, and done. Folders represent containers.
This is really good. I might actually find myself using FF more now. Chrome supports multiple profiles but it's quite tedious make the switch(you'd need to create multiple accounts). The best solution that I'd been using was opening an incognito session, regular session, guest session(easier than having multiple profiles but hardly sufficient when you want many more separate sessions).
Edit: I love the color coding feature that distinguishes the distinct containers you have open.
How would you design a user interface for container tabs that non-technical users can understand?
Something like container windows, isolating different browser windows instead of tabs, might be a clear way to visibly show the separation to the user. In one window, they can log into their work Gmail. In another window they can log into their personal Gmail without any Google cookie confusion.
I'm long searching for a solution to do this is a much broader way.. On the OS level.
Private
Work A
Work B
Work C
Ideally it would seem like a different user. (Filesystem, cmd-tab).
But easily accessible like the three finger swipe.
Fast user switching doesn't cut it.
I even tried logging in on my local machine using VNC or remove desktop.. Is having 4 VMs the only way?
Yet another potential solution, if you're on Linux. This is more on the accessible side of things, it doesn't do separation as much as you would like it:
KDE Plasma has what they call "Activities". In its basic idea, it's kind of like fancy desktop workspaces. So, it does separate your windows into workspace-like groups, but you can also set what files and widgets are displayed on the desktop on a per-Activity basis.
So, you don't have a different filesystem, but you can have a folder or multiple folders displayed on each Activity's desktop. Also, shortcuts to different applications, including for example Firefox profiles, as well as different sets of widgets, for example I like to use the little post-it note widgets to write things down on.
And yeah, with that you can then just switch between Activities via a simple keyboard shortcut or by clicking an Activity-selector on your panel (if you've put one there).
This sounds most like what I'd like.
Spaces on mac doesn't cut it because the application instances are shared, which causes it to switch spaces when tabbing into something.
On Linux, you just set up another user and it's one "sudo" command away.
Long time ago (win2000, before XP)I tried to do it on windows with the "runas" command, but things like IE would keep popping up with the wrong user (they managed to communicate with the desktop and have that open the new window) so it wasn't a good solution. Perhaps it is better now.
Nice to see this integrated natively. I was using MultiFox before to get this functionality. For example, this allows me to manage multiple twitter accounts, without logging out and back in all the time.
Tech question: Does Firefox has technical process seperation of tabs nowdays? This is one of the main features of Chrome since 1.0 and just want to know if Firefox has something similar finally.
The foundational work is there, it's currently still going through testing, although you can already manually enable it and it works rather well, but as of right now it's not planned to have complete separation for each individual tab, as that just chews up a lot of resources with relatively little gain in performance.
What's planned instead, is to use a set number of processes across all tabs. So, if this would be two processes, then every other tab will share a process with one another. And they'll probably have around 5 processes for tabs at a maximum once this is fully rolled out, at least for the foreseeable future.
You can manually change this maximum number of processes in about:config, though. And if you do set it to something like 500, i.e. just a very big number that you're not likely to hit in number of tabs, then it will separate each tab into its own process, with whatever performance problems come with that.
Slightly OT: This page reads like Mozilla's Developer Network (MDN) online documentation, I had to read the first sentences few times until I got what container tabs are about.
That's because it's on the Mozilla wiki. I'd expect better docs on the support site (and maybe MDN) once the feature nears completion/release. The mozilla wiki contains all kinds of odds and ends about random ongoing projects (status, documentation) and is mostly developer-facing.
site1.com might include embedded images that are hosted by site2.com, so may site3.com, site4.com, site5.com and site6.com
Now site2.com (aka facebook like button) knows that you have visited both site1, 2, 3, 4 and 5.
You can work around this in some ways by disabling "third party cookies" but this breaks certain features, such as using your facebook identity to post comments on other sites, so sadly all browsers enable this by default.
Ok - I'm happy to break all such functionality by refusing the use of those cookies. I'm almost sure Ghostery already does this. Is there no legit/useful use for this (I don't count fb auth or like/tweet buttons)?
Ghostery blocks specific well known trackers. An approach like Container Tabs would prevent these types of tracking in principle.
Valid use for 3rd party cookies is something like single sign on. (Eg. sign into all Google services at the same time, even though they use separate domains)
Wasn't there an attack that if you go to web.xyz, there was an embedded link that led to http://192.168.1.100/reset which reset your modem. In this case it would work either way because there is no authentication. However, if the modem required an authentication and you are logged in in one tab, then going to that website in a different other tab would still work.
I don't think this would work if you use the container tabs.
The behaviour that you describe is default in all browsers. This is more that the same site can't access it's own cookies if the user doesn't want it to.
Do you mean officially considered beta/stable quality or just that it's there in the Beta or Stable version, so that you don't have to migrate to a less stable version of Firefox in order to use it?
If it's the latter, there's two preferences that you can flip in about:config to enable it (even in Firefox Stable): privacy.userContext.enabled and privacy.userContext.ui.enabled
Mind though that since this feature is currently still under active development, that it might actually be less error-prone in the normally less stable versions of Firefox.
As a user, I actually just want my browser to contain less features. Vendors add and add and add features. If I want different user profiles, I already have many users on my OS - I just switch between them.
When Chrome came out, I and many others switched to it just because it was lacking so many features. It was great!
So then use a browser whose stated goal is to be minimal. Container tabs are an amazing addition with great security and privacy benefits. If you think changing OS user profiles is comparable, you either don't fully understand the concept or you are way outside of the demographic of people that will use this.
It's per window and it remembers the last profile used. I find it hard to manage as other apps will open links on the active window, which might be in the incorrect profile I want to use at that time.
I like this new feature in Firefox. OS-level profiles being the slowest method, Chrome profiles being faster but with this annoyances (for me)... Firefox new container tabs look like a more lightweight/faster method for context separation.
Yeah, this is actually distinctly different from Chrome's profiles. Firefox does already have an equivalent to Chrome's profiles [0], so it wouldn't make a whole lot of sense to implement this, if it wasn't different.
Say site www.a.org includes an image from www.evilcorp.org, and www.evilcorp.org sets a cookie. When I then go to www.b.org and it includes an image from www.evilcorp.org, I don't expect the cookie to be sent back.
In other words, the cookie should be tied to www.a.org, even though it actually came from www.evilcorp.org. It should only be sent if my URL bar says www.a.org AND the image is coming from www.evilcorp.org.
I feel that this is how browsers should have been designed in the first place. I welcome this Container Tabs feature, but I don't think it quite goes far enough to restore my privacy.