If we can get Tor Browser's first party origin feature in as well, this will be fantastic! I would love to have the ability to type www.facebook.com and get a context that isn't linked to the rest of my tabs.
I also want ephemeral containers so I could open a tab that forgets its cookies when I'm done. Think private browsing but without forgetting my history, requiring a new window, or being limited to one context at a time.
I prototyped this feature last year as an intern at Mozilla. I think the engineering done for containers can be exposed in a lot of cool ways to the user. I'd love for you to send in your ideas on the comment form [1]. One of the features we considered last summer was "site specific containers" [2], which would support your facebook example.
Is it possible to implement this feature via the extension API ? Exposing the low-levels, like choosing the cookie jar or intercepting calls to the local storage, would sprawl some really good privacy-enhancing extensions.
EDIT: Looks like there are already extensions doing that ! nice !
Did you try the "Self destructing cookies"[1] extension for Firefox? It is close to your "forgets cookies" requirement. IIRC it has per domain settings and allows you to configure the cookies to self destruct after closing the tab, the browser or never.
I use this and am very satisfied with it. It's a very simple thing that anyone (that knows how cookies work) can fully understand within seconds and it prevents many, many sorts of tracking. A password manager is a must, of course.
Every time I use someone else's computer now, I'm horrified to see my settings from last time on random sites. You don't realize how much tracking is done until it's not the standard anymore. I even forgot to log out of places, so I've defaulted to opening private windows instead.
Anyway back in topic, SDC helps a lot but doesn't do everything OP wanted to do. I too would like to be able to open Facebook without wondering what other openings tabs might be using it, preventing SDC from removing the cookies. I'm really really excited Mozilla is doing this. SDC is a good start until it's out of nightly/beta though.
Exactly, I also want to have private browsing but with persistent history. I'm using Self-Destructing Cookies [1] for that; you can also white-list some domains there for eg. keep me logged in. But would love to have the container as you describe for that.
I really feel like the entire session model of the web needs reworking from the ground up. I honestly want most of the websites I use to act more like apps, with a dedicated space for that site and not spread out across N tabs or windows. And also containerized exactly like this describes.
There are some browser extensions that to do this, but they're pretty clunky overall.
In what I want I don't really see that being different. Not everything is an app, but the things that aren't are things that I don't visit every time I sit at a computer.
Mostly I see it actually working a lot like android's url-based intents, where there are things recognized as "apps" and actions directed at urls within that scope go to that 'app' to decide what to do with it, and things outside it go to a more traditional browser environment.
Firefox's clumsy profile support is the one thing that makes me keep switching back to chrome. I really prefer firefox sync to chrome's implementation, and some of firefox's tab organization tools are way better than chrome's. But I use many of the same webapps in my personal life as I do in my work life, and being able to run two profiles simultaneously, and start them up without having to launch firefox from the terminal every time, was difficult.
What they've implemented seems to be better than chrome's profiles, in that it's easier to create a new profile for a specific context (so I don't have to sort things into a "work" bucket and a "personal" bucket.) It will be interesting to see how the contexts interact with plugins.
I agree that Firefox profile management is not user-friendly at all. I have an advice for you though, you don't need to open Firefox from a terminal if you want to be able to choose your profile at start-up.
«all» you have to do is go to ~/.mozilla/firefox/profile.ini and change it with:
```
[General]
StartWithLastProfile=0
```
Now Firefox will open a dialogue box at start-up asking you for the profile you want to use.
-P "<profile name>" Starts with a given profile name (profile name is case sensitive).
-no-remote Enables running multiple instances of the application with different profiles; [1] used with -P
#!/bin/bash
case "$1" in
personal | work | banking | shopping)
firefox -no-remote -P "$1" ;;
*) echo "unknown arg: $1"; return 1; ;;
esac
and either rename profile directories, or the case statement labels,
and optionally associate calls to the script with icons/widgets.
[code not tested, use at own risk, ymmv, etc.]
> I have an advice for you though, you don't need to open Firefox from a terminal if you want to be able to choose your profile at start-up.
I don't know, on Mac or Windows, how (although it would be nice) to wrap your script, or any other command-line executable, as an app that takes its arguments as parameters specified on double-click.
Doesn't it also just genuinely feel more sluggish to you? Just installed Nightly to test this feature out, and then took another minute to use the developer tools to do some debugging, and the whole experience felt less smooth. Maybe only microseconds of a difference in <my action> and the <browser's response>, but noticeable nonetheless.
Do you have extensions installed? Nightly has E10s default-enabled, and there's currently still pretty bad performance problems when using certain extensions with E10s.
Basically, extension developers can "shim" their add-ons, which, as far as I understand it, tells Firefox that it has to handle things which are affected by the extension in a single-threaded way, again.
And because the world is a grim place, this doesn't just get you back to non-E10s performance, but is actually worse.
Eventually, add-on developers should properly port their extensions to E10s and then those performance problems will disappear, but at the moment they are still very frequent and when Mozilla rolls out E10s, they will also only default-enable it for users without extensions for this exact reason.
If you want to troubleshoot this, I would recommend looking at about:performance and www.arewee10syet.com.
You should probably check how performance is in a new profile[0] first, though, just to make sure that you're not trying to replace extensions when it might be caused by something else.
I don't mean to tell people how they should and shouldn't use the web, but if you disagree with Facebook's off-platform data-collection practices, consider sending them a message about it and closing your account. They have no reason to change their policies unless we give them concrete evidence that it will hurt their business.
They track out even if you don't have an account. They have no reason to change their policies, because you cannot hurt their business enough as a user (you're the product, not the customer).
The only reasonable option, if one cares, is to use disconnect/ghostery/abp with the right lists, etc.
In case you are not aware: Every single web page that has a 'facebook like' button reports your surfing habits to Facebook, whether you have an account or not.
One person in a billion closing their FB account over privacy concerns probably isn't going to sway them. You'd have a better chance of making them realize that a sizable number of users care about such things by organizing a petition or a mass-closing event.
How is this even legal? By clicking to that site, i'm agreeing to allow FB to do whatever ONCE. How do I get out of the agreement if I find it doesn't suit me?
This is like saying, "By agreeing to take this person on a date one time, you're agreeing to take this person with you wherever you go from now until whenever."
That looks neat. And if it were possible to cheaply create and delete contextual identities on the fly it would even fix an issue I had today: the difficulty of multiple separate private browsing sessions in the same browser.
Agreed. Easy creation and management of additional contextual identities, even ephemeral ones that exist only for that particular browser session, would be terrific.
In addition, I'd like the ability to fine tune which items are isolated versus shared. I think in many cases, but not all, I'd like to shift saved passwords and form data into the identity contexts and away from the shared context. Not having to manually manage credentials when using multiple distinct sessions of a single web service would be nice.
This is an issue for me, primarily for using Twitter. I sometimes want to use multiple Twitter accounts at once, and not via TweetDeck. What I end up doing is having one account in use on normal Firefox, one in Firefox private browsing, one in Chrome private browsing, one in Safari private browsing, etc.
It's quite easy in firefox. Just have two firefox shortcuts, one of "firefox -P default" which you use normally (default profile) and one with "firefox --no-remote -P" which, on launch, will give you a dialogue to select or create a named profile. In addition, the "--no-remote" bit means you can run any number of firefox instances side-by-side with no issue.
Yes safari's private browsing goes a bit too far as even opening a new tab from an existing one (e.g. open a link to a new tab/window) isn't linked to the original context. Safari's private browsing also has some issues (e.g. the localStorage quota set to 0)
This seems very useful for it's intended use-case. At first glance I would like to note however that advertisers (and other parties) will probably still be able to track you across these "containers", due to not isolating HSTS-flags and similar features.
I also wonder whether a seperate banking container makes a lot of sense when doing online payments, as in my country we get redirected to our bank to do payments. This might create confusion among non tech-savy users ("but this should be in my banking-container, I'll just switch. Why does the webshop give an error upon returning now?").
Overall a really cool feature though and one that might persuade me to give Firefox a try as daily driver again.
..."Firefox profiles" fixed it very well. Same as Chrome profiles: I have one for my work persona, one for my personal persona, another for my sysadmin persona, and 3 others for... er... nevermind. But it works great.
Besides, 11 FAQ and a long blog post: I'm not sure they narrowed down the most focussed feature that would provide the most value and be used by the most number of users.
Yeah, but afaik, switching those profiles in Firefox is (currently) really difficult. So much so that it almost feels the same as if you didn't have the capability to do it...
You can edit your shortcut or .desktop file to open "firefox -P" instead of "firefox". Each time you click it, it will ask which profile you want the new window to be in.
Had I known this earlier... I had the same reaction as the person you replied to, I hadn't thought of using profiles. I knew something called profiles existed, but I thought it was not in use anymore (at least not properly supported). I never connected the dots.
Still sounds like a pain to manage though, compared to this new feature.
Yeah it's not a great user interface, and it's definitely buried. Aside from the Developer Edition which uses a different profile by default, it seems to be ignored by Firefox devs. Probably because they don't want to support all the people who get confused by the terrible UI!
I think, often it was more that one didn't want others to know about the history of those activities, which is not the same thing as not wanting them recorded.
If there had been a safe way to secretly store that history, by having seperate identitie's in Firefox, (with password protection and crypto, etc...), that would've solved that case nicely.
And if you clear that secret, protected identitie's history, we'd have had 'Private Browsing', but also a ton more.
Separate histories and identities has been a feature for a while. Firefox and Chrome (and probably others) have profiles (though I don't think Firefox had an easy way to switch).
This is different. Cookies and storage are separated, but history, bookmarks, passwords etc. are shared [1]
Firefox has had those kind of profiles for a long time, they just aren't the most accessible thing in the world.
But yeah, you can access them from about:profiles or also via the command-line with "firefox -P". If you want to use it more extensively, there's also extensions available for easy switching, like for example Profilist. https://addons.mozilla.org/en-US/firefox/addon/profilist/
This is a great step in the right direction -- though it is not enough. Different identities would still be going through the same IP (not much one can do about that). But some things that can be solved are NOT addressed with containers:
- see EverCookie[0] for more things that have been known to occur in the wild (and remember it is outdated). the article mentions cache is not shared, but e.g. HSTS pinning is. evercookie easily pierces through this system.
Since 2005 or so, I have had different users for different purposes; Not sure how well it works on Windows these days (it used to not work at all back in 2005) - but on Linux, it's just a "sux - otheruser" or "sudo -u otheruser" command away, and it is well isolated on the web side[1]
I still think that better support for contextual identities would be a net-positive across the board for the web, but I have to say that this little stunt gave me a good chuckle. Bravo!
And separate proxy/user agent/other trackable stuff settings for every context.
My post was not only a joke. This has serious potential to make multi-account tracking a nightmare... as it should, but not everything about that is good.
This looks really promising. The identity problem in browsers is something I tried to solve by customising the look of different Firefox instances opened with different profiles[1] (one for personal use, one for work etc). But having this functionality built in is definitely preferable.
I solved this so far by using two different browsers. But this is cumbersome and Mozilla now makes sure that I only use their product. This is good, because I like Firefox.
This is fantastic! I've been wanting this for a few years, but didn't think anyone else would care enough to get this on a browser's todo list. Awesome to see Mozilla doing this!
I know a lot of people that use multiple browsers (IE, Chrome, FF) to achieve the same effect. Especially in internet marketing, where you constantly switch between Google accounts it's something that's very useful.
Great idea that makes me glad I use Firefox (settings for maximum privacy and discard all cookies when browser shuts down; I also use Chrome for Google properties, Twitter and Facebook).
With Firefox containers I suppose I could drop my two Browser setup, but I won't, at least for now.
Wow, this is insanely cool!
I've been thinking to create add-on to be able to login to multiple Google accounts from different tabs, but they managed to create it faster!
I am always confused by the lack of user customization in features like this. Why am I limited to four containers? Why can't I rename them?
Four is not enough (personally, though I imagine it would be for most people) and remembering which identity is under "Work" and which is under "Shopping" is just an annoyance when none of my identities would be for "Work" or "Shopping". It would be faster and less annoying to sign out and sign in as another account. Being able to name my containers after my psuedonyms and have a container for each psuedonym would make it infinitely more useful and intuitive for me - rather than a mental burden not worth the hassle of using.
This is a complex feature to implement and they "don't have all the answers...yet, but hope to start uncovering some of them with user research and feedback." If customization is important to you, you can let them know: "We hope to gather feedback on this basic experience to see how we can iterate on the design to make it more convenient, elegant, and usable for our users. Try it out and share your feedback by filling out this quick form or writing to containers@mozilla.com."
My post was more of a mini-rant about how UX of otherwise useful/good features always seems to be an afterthought. The UX ends up being poor resulting in an underused and often later abandoned feature.
Although it is likely my social niche - I know more people with multiple personal or social accounts who will find this feature useful but have a terrible UX due to the container names.
"Hand me the long, blue screwdriver - by which I mean the short, red hammer." - terrible UX
I'll be providing concern this as feedback via email when I get home and have access to my personal email.
I was at the talk where this was announced -- four containers is just for now as a prototype, they probably would have the ability for custom ones later (this was explicitly mentioned).
I'm not sure about Firefox's implementation of it, but throughout computing I'm seeing more and more need for this kind of thing, not to mention something softer than full user-account switching for handing a device between family members or teammates. As everything gets more personalized and more tightly bound to the user by learning their habits and typing and voice and all that, and simultaneously in a social networking context we broadcast stuff about ourselves incidentally (like Youtube learning your viewing preferences and likes) that the ability to switch context neatly and quickly is becoming more important.
I think I'd love to be able to define which domains open in which contexts so if I click a link that happens to be to something I want in other context ...
But that got me thinking just how effective will this be? If someone sends me a link in fb and I click it. Even if it opens in a new context it seems like it's only a matter of time before all the links are changed to https://destsite.com/path/to/resource#fbtrackingid or something similar which then adds the cookie across contexts?
However, my personal vision is taking this one step further with an 'identity management' daemon running on your computer or a hardware token which acts a cryptographic agent on behalf of your identities. So firefox, chrome, or whatever application could request a credential for some service and your daemon would pop up and ask you which identity's credentials to use or if you'd like to make a new one (U2F or some other system).
This is really neat, although it does not look slick enough to replace my own hacky word-around:
What I have been doing is creating a separate Chrome application launcher for my different life contexts -- http://lifehacker.com/5611711/create-application-shortcuts-i... I have one for anonymous browsing, one for work, one for personal-real-name, and one for pseudonymous browsing. I renamed the application so I can launch by typing "WorkChrome" or "PersonalChrome" in spotlight search. Each Chrome app then runs with a separate profile, separate cookies, etc. I have a different icon and colored theme for each one, so that I never make a mistake with regards to which I am browsing in. I can have multiple open at the same time and tab switch between them.
Now if only Firefox AddOns/Extensions would be able to properly access DBus, this would allow for a so much better Linux integration (storing passwords through org.freedesktop.Secret, opening URLs in the appropriate container from KDE Plasma sessions instead of random switches to another activity where a Firefox window is found, global media playback states/control for web video/audio as org.mpris.MediaPlayer2, powermanagement inhibitors through org.freedesktop.login1, etc)
The idea is good, but what's with the identities they chose? "Personal", "Work", "Banking", "Shopping"? Is "Shopping" supposed to be an euphemism for "Porn"? As far as I can tell, nobody has a "shopping" Twitter account.
I think one thing that bothers people is when they look up "Samsung Smartphone" or "children's stroller" on Amazon and are suddenly bombarded with advertisements about these things all over the web.
Digital marketing companies are moving to reduce or eliminate their dependence on cookies for identifying users, so unless they add some Tor-like functionality to this tool that makes you appear to be connecting from a different IP address, I don't see this having much of a long-term privacy impact.
That said, no need to volunteer any more information than necessary to use online services.
I can't emphasize enough how much I've been waiting for this.
I've even tried pushing it via the dev-tools uservoice as a developer tool instead of a privacy tool, since you often need to test with multiple sessions at the same time. No reaction.
There is still the very real issue of fingerprinting across containers, which they point at towards the end of the article, but this might just be enough for me to drop Chrome completely and get my Firefox set up again the way I like it.
This sounds better than my current solution of multiple Chrome profiles, but how does this interact with extensions? So many extensions require broad permissions that give them nearly as much power as the browser vendor themselves. With separate Chrome profiles, I can keep sketchy extensions away from sensitive credentials. I hope these containers do something similar, because I think the UX of per-tab containers might be superior to per-window profiles.
They just barely separated the chrome process from the rendering process. All tab content is rendered in the same process for now. Eventually they will separate it further but it's not done yet.
Wonderful. I'm looking forward to a feature to automatically create a container for every new tab, unless explicitly told to open a tab in the existing container. Example: two tabs for the same site, right click, Open Link in New Tab (same container). The browser default could be opening in the same container. An about:config switch would be ok, we'll find it.
It has always been relevant for me. Chrome has nowhere near as powerful customization and privacy features, and Opera has nowhere near as much support. Firefox has always been the best browser for both power users and privacy conscious people.
If you were going for something minimalistic and good for business/home usage, Chrome might be a better choice indeed. I can definitely see the advantages and I've installed it for my family back when it was substantially faster than Firefox (by now Chrome got a lot heavier and Firefox, uh, I guess they must have become a bit lighter but I don't know). I guess I should switch them back to Firefox again, but it might not be worth the learning curve.
Revenue will go down even further, that'll happen. Same as with ad blockers, except they cannot detect it this time around (at least not easily, it would be a bug if they could).
Nothing changes really, ad revenue should already have been going down for years with how many ads we see every day. Almost everyone should automatically block them out mentally by now, and I think I recently heard this is starting to happen more and more now.
I prefer to use separate browser instances with different --user-data-dir (in chrome, i dont know the equivalent in firefox). Adding a different color theme helps to immediately discriminate betwen them.
Having tabs from different contexts in the same window is confusing.
I'm pretty happy with Chrome's support for multiple profiles in separate windows - for example I have one for work and one just for Facebook. I wonder why Firefox is using tabs? What other differences are there between these approaches?
Well, because some users will prefer to use them in tabs. If you rather want separate windows, then you can put those tabs into different windows yourself. No need to limit what users can choose to do...
I would much prefer it in Chrome if I had the option to also have them in tabs. I like using tabs rather than having multiple windows. It would be nice to have both.
Is it like the Chrome "People" (or profiles or user) feature ? Suggesting that "user won’t need to use multiple browsers" seems like a problem that didn't exist if you used chrome.
One notable difference is that those identities are tied to tabs instead of windows. Chrome doesn't let you mix tabs from different "profiles" within the same browser window.
When submitting, I intentionally editorialized the title from something unclear out of mozilla's blog context ("Contextual Identities on the Web") to a more explicit title that speaks by itself ("Firefox 50 nightly new feature: Contextual Identities").
- This guideline feels a wee bit sad, because editorializing can be valuable (a title might be crystal clear in context but nonsensical once pulled out of it).
- But I understand how we generally don't want it as it might lead to linkbaiting and misrepresenting the original title.
I know, but in some cases like this one, I feel it's not enough.
Had I not been subscribed to Mozilla's RSS feed, I personally would have skipped a "Contextual Identities on the Web (mozilla.org)" post on HN, because the vagueness would have made me mentally flag it as not time-worthwhile.
Contrarily, adding a few non-likbaitish words providing context (here, mentioning we're talking about a new feature in Firefox testable in Nightly, which is what my rename did), it becomes much more precise, less arbitrarily discard-able, thus interesting for certain people, including me.
But again, I understand the main reason the guidelines proscribe the practice: because it's a slippery slope to linkbait and incorrect reformulations.
This is genuinely super! I've already configured my firefox so that fb exists best within the non-public context. This means i will visit any website which uses fb monitoring, and so forth, and that i won't be logged in!
I also want ephemeral containers so I could open a tab that forgets its cookies when I'm done. Think private browsing but without forgetting my history, requiring a new window, or being limited to one context at a time.