I LOVE this feature, but it has only one problem: when I'm in a container and I press Ctrl+T (new tab), the new tab opens in the default container. This doesn't make sense, I want it to stay in the same container.
This was also discussed in the issue tracker, in a now closed issue, in which the intuitive behaviour (staying in the same container) was proposed, but got sidetracked and in the end implemented something totally different.
So if anyone from Firefox is listening here: please PLEASE consider implementing Ctrl+T in the same container :)
It's a popular request; about as popular as everyone who wants Ctrl+T to open in the default container. :)
So, for our core experience we picked the default behavior that helps maximize the privacy and security protections of Containers.
The good news is that, with the contextualIdentities extension API (exclusive to Firefox!), add-on authors can make their own add-ons to change this behavior. Like Taborama is doing:
If both are equally popular, it would make sense that this be an easily configurable option in the browser's settings. Favouring one option over the other will inevitably alienate about half the consumers of this awesome feature, which seems like a bit of a waste to me.
It seems like the Firefox team intends to only have what maximises the privacy security protections, and that this extra functionality (hereafter referred to as SameCon, versus the current DefCon) is ideally implemented as an add-on. I'd imagine they're thinking that if a user wants SameCont, that user can just add it as an add-on
I don't think this is the ideal solution, because I'd imagine there are a population of users who just wouldn't consider the possibility that SameCon could Be an add-on. Especially if the community is split roughly down the middle.
I think yours is the ideal solution, making SameCon a configurable option, but having the default option be DefCon. That way, the privacy and security protections are the Default behavior, but a user has the option to change it Built In
"Opening a new tab from a container window opens a normal tab and not a
container tab"
I should note that the last comment on that issue was made in July, so I went ahead and commented asking about adding a setting to change the new-tab container inheritance behavior.
They're probably making a conservative change that's easy to back out of, as a default, and then let various extensions experiment and discover how it should really work.
Personally I would want tabs to be in the bozo container by default, unless I explicitly grant the website access to a trusted container, or something.
Extension makers will experiment and Firefox can choose from what gets learned.
Popularity is only one aspect. The only thing split popularity means is that you probably don't want to make the choice with that as your top criterion. Also, people preferring A doesn't automatically mean you'll alienate them by choosing B. Choosing this default because it's more secure, in the face of a split vote, seems like a pretty decent option to me (and I say this as somebody who would've voted for the other option).
Thanks for that hint on using "Ctrl ." ! After this key combination, it would still be useful to avoid further navigation using tab and arrow keys and instead have some kind of additional key (like p, w, b, s for personal, work, banking and shopping, respectively...or the first letter of the container name as the shortcut).
i would prefer that different containers open in separate windows and then every Ctrl+T would open in that window's context. also makes it easy to close all tabs from a single identity,
How is that helping the privacy? That option would seem to me to be worse for privacy. If I'm in my personal container and my work container is the default then I want my next tab to open in my personal container.
On behalf of Linux users who use this to open Terminal... NOOO! I use this key combo constantly and it would take ages to unlearn it. Ctrl+Alt+T = open a terminal window, dozens of times a day every day.
I'd really like to be able to follow links from within a container and have them open in the default container (or a specific container if they are pinned).
Example: I contain google.com to a container called "Google", then I perform a Google search. I click a search link, and it opens in the Google container.
Ideally this would still use default. There is the option to right click every link, select "Open in Container" and then pick the default but it's not really optimal for two reasons:
1. Manual effort by the user
2. The link is to a redirector on Google's site, before it forwards to the third party site (though I guess I can live with this, its kind of outside scope of the feature).
So, really, I just want to pin a domain to a container. If I leave that domain, I want it to change containers.
I haven't been able to find a good way to do this automatically, with any of the configurable settings.
I think opening links this way would defeat the purpose of containers (with respect to privacy) because that would allow Google to link containers (most sites contain some JS from G). If this is not what concerns you then I guess some extension could fix it?
Well, that specific example is a confusing type of link, but it would not really expose your privacy any more than having to right click 'Open in a different container' if you have segmented off the Google domain..
EG, if you open it within the Google container, your privacy is most exposed. Whether you have to right click and select 'Open in a different container' when following search or email links, or whether you can have the browser do this automatically, the end result is the same. You're following a Google link, so if they create a special one that tells them which result you clicked on, they still see it and know about it because it's on their domain.
But once you get to that third party domain, you're in a separate container instead of one filled with your own special Adsense cookies.
There are extensions you can use to remove Google's redirect link in their result page.
But this is kind of tangent to what I was trying to get across.
If one has goal is to contain a web property, giving them their own container but then keeping that container open when you leave their site is not really containment.
> It's a popular request; about as popular as everyone who wants Ctrl+T to open in the default container. :)
Do you have any proof like a larger survey? I highly doubt that's a 50:50 request.
Why should one want to open a new tab in the default container with Ctrl-t? Ctrl-t is used and learned as a shortcut to open something (like a tab) in the current context. The current context would be not just your current browser window but also your current container. Ctrl-n would go more in your direction.
Would be great if we had sensible defaults without the need to get exensions.
Besides, do I need to get a Firefox account for this feature?
If it works like in test pilot, try middle-clicking the new tab button. I usually use it to open a new tab next to the one I am reading, and it opens it in the same container (which is sometimes slightly annoying).
Of course, this is no replacement for a keyboard shortcut.
Same if you do ctrl + enter in the url or a containerized tab.
And you still have no way to have bookmarks that open in a specific container. (you can however flag a URL to always open in a container since recently).
But it's just because the feature is very new. They do listen to the community, and will fix it on the long run.
At the very beginning containers where unusable, because even links you clicked would not open in the same container :) The community reported it and it was fixed.
So don't worry, it takes time, but Mozilla will do the right thing. They most often do, that's the beauty of it and why I kept using Firefox to support them, even when it was clearly less practical than chrome.
> This doesn't make sense, I want it to stay in the same container.
I'd say it's highly subjective and it may vary case per case. Also this would completely defeat the security purpose of this feature.
Imagine someone has opened a "Banking" tab, and want to convert an account number to IBAN, or just convert amount between two currencies. You'll need a new tab for that. But you definitely don't want to do that in the "Banking" session, right?
As I've already remarked here[0] on github, the real problem is that you're forced to choose the container before you decide what you're doing in the new tab.
This is incredibly useful. It's basically like Chrome's 'profiles', except per-tab rather than per-window. So I can now have my personal gmail, my work gmail, and the 3rd gmail account for a client set next to each other, and colour coded.
This, along with the speed improvements (both the UI and content processes) in Firefox 55 have made it my default browser for the first time since Chrome was released.
Yes, best feature ever. I've been giving it a try for some time now since it came out in test pilot and it's beautiful.
Open your google/twitter/whatever accounts in separate profiles, et you get the benefits of being "always logged in" with no tracking on your main session.
Having multiple github accounts next to each others is a bliss and prevent so many stupid mistakes I used to make, like commenting with the wrong identity on a PR.
Combined with the tab group extension, it makes currently Firefox the most productive browser experience I had in years.
If you enable 'privacy.resistFingerprinting' in your about:config, you get substantially harder to track. The caveat is that there's a small (albeit noticeable) performance delta.
Unlike chrome, you can't have multiple Firefox profiles running simultaneously unless you're using two separate installs. Even then, one has to be nightly/developer/etc, or it refused to start.
You can. As the other commenter wrote `firefox -no-remote -P` works. You can also add the name of a profile after the "-P" to launch directly into that profile.
If you're not on Windows, you can also instead use `firefox -new-instance -P`, which is better, because -no-remote cuts off communication from other applications to that Firefox instance, meaning that you can't open links from those other applications inside a Firefox instance that's been started with -no-remote.
The aforementioned "about:profiles" also has a button "Launch profile in new browser", which is much easier than the above methods, but those are useful, if you for example want desktop shortcut for your individual profiles.
Yes! I've said this since day zero of the Chrome profile implementation we were all forced^H^H^Hstrongly encouraged to evaluate. This does not work on a Social web, at least not for most people. Humans have one technical identity, but they have multiple personas, and they adapt them per context. We have done so for thousands of years and to force every interactive to be viewed in the context of every other robs people of normal expectations of freedom.
Yes Firefox seems to be making big strides, and I find myself using it more often these days. It's a ripe environment for them right now too, with many more of the general public growing wary of Google (kind of the new Microsoft, in Mozilla/Netscape terms). If I didn't have to test stuff in Chrome, I'd probably be ready (as of FF55) to uninstall it altogether. Even the Firefox dev tools are better than Chrome in my opinion.
I agree, although the fact that pinch-to-zoom still sucks big time in Firefox (in comparison to Safari and Chrome/Chromium) annoys me so much, in the end i always keep avoiding Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=688990
It sooo much easier when reading articles to be able to zoom in to the 'article text only' in Safari/Chromium.
However it doesn't appear to containerize extensions / add-ons, so it's probably still prudent to use a separate clean profile for banking to avoid the risk of malicious data-slurping add-ons.
Despite their claims for it: "Maybe you want to keep your bank’s website farther away from your Pinterest board"
I think the OP is sorta saying the same thing -- they perhaps don't want their banking container to see add-ons (except the container add-on :-)). It's perhaps okay to be relaxed about some add-ons in some environments, but not in all environments.
I always thought profiles we're designed for multiple users on one login; they've been around for ages, and I assumed it was because windows 98 wasn't good with multiple profiles/users.
This is huge! I work for an IT consulting firm and we have accounts for each client which I store in their unique chrome profiles. Keeps things organized but switching between windows can get tedious at times so having them per-tab is making me switch back to Firefox
As an aside, I've been migrating away from Chrome for a while - and I posted here a while back being dismayed by how terrible Firefox was, how slow/etc it was, etc. Many people suggested I switch to nightly.
Nightly is .. a night and day experience. I've been fully switched from Chrome now, thanks to Firefox. Note that on OSX I've had no complaints with Safari as my Chrome replacement, so I've stuck with them - but on windows it's all Firefox.
Keep up the great work guys, the new stuff is amazing. Hope you can push it to stable branch soon for people. :)
Just installed Nightly thinking "how can it be any different from the Developer Edition?" ... Wow, I couldn't be more wrong!
It is indeed a night and day experience! More approachable UI, and much faster performance... Big well-done to everyone working hard to keep Firefox competitive :-)
As an aside, whenever I click on a Slashdot article about Mozilla and Firefox...ALMOST ALL the comments bash Mozilla and Firefox to pieces...and mostly from anonymous posters.
On HN we seem to get reasoned arguments for or against Mozilla and Firefox, but not seemingly mindless hate.
Now I know that HN is a higher class forum these days--Slasdot is not still in its heyday--but I have to say it is refreshing.
You're likely experiencing the major performance improvements that come along with Firefox 57. In a few weeks the general release should feel that fast without some of the trade-offs that come with Nightly. The biggest downside to 57 I'm experiencing is that not all extensions have been updated to the new web extensions framework, so there are some workflows that don't work for me at the moment (LastPass, which is working on a new release, and Stylish, which I'm not sure will update).
Thank you so much to alerting me to this, I was completely unaware. Switching to Stylus now, which has the nice side effect of making me readier for 57.
Stylish has a Chrome version so I'd guess they'll port that to Firefox for 57+. In the meantime there's Stylus, which is a fork of the Chrome version of Stylish:
Yeah, I recently went full-bore over to Firefox and DuckDuckGo. I was been surprised by how easy the transition was. Firefox is way better than it was a few years ago.
For historical reasons I cannot avoid to mention that I achieved this with my Cookiepie extension 11 years ago (a billon Internet years ago indeed): https://youtu.be/2Pfg-kJ4nAw Cookiepie was written only in JavaScript and was very hackish because Firefox APIs didn't have a way to correlate network requests with the tab in the UI, so I traversed network and UI objects recursively to find unknown relationships between them. It was very difficult to support because even minor Firefox releases broke it.
I even posted my Cookiepie extension for the first Firefox extension contest [1] and there was no prize or mention for it.
As a Firefox engineer, then, let me say props for being ahead of your time! (And waaaaay ahead of mine - I'm new to PrivSec engineering at Firefox)
I'm not sure if Cookiepie directly inspired the engineers who built originAttributes and Containers features here, but after working with this Firefox team I can definitely say that the core Containers tech is not hackish at all - great engineers here.
> I'm not sure if Cookiepie directly inspired the engineers...
I never thought Cookiepie was an original idea since many people wanted to have cookie separation per tab once they started to use multiple accounts from the same service.
The interesting part of Cookiepie was solving a problem that, supposedly, was not possible to solve with the API, and required some exploratory techniques like automating the search of relationship between objects.
originAttributes and Containers can be traced back to the appId cookie/storage separation implemented for b2g (aka FirefoxOS) apps. I remember that baku wrote an early Fx add-on abusing appIds and docShells to provide a container-like functionality.
For the original FirefoxOS security model, sicking and jlebar rototilled all the security checks in the codebase to switch from comparing origins to comparing (origin, appId, isInMozBrowser) tuples.
Later on, for the eventually-abandoned FirefoxOS New Security Model (NSec), we needed to pass around a signed package id instead. So the options on the table were to rototill the codebase again, or to do something out of band with the cookie service (sicking's proposal).
When I found out about this I wasn't particularly happy with either option, and used my sec module ownership to insert myself into the discussion, and push for a more general approach (i.e. OriginAttributes). Sicking was initially kind of peeved about this, because they were on a deadline, but eventually came around. So we did one more pass of the rototiller to switch everything from appId+mozBrowser to the general and extensible mechanism.
Years later, FirefoxOS is no more, but OriginAttributes are still used to implement Private Browsing, Containers, and First-Party Isolation. Here's to general/reusable solutions!
I am a long-time user of the deprecated Multifox extension and I have switched to the Firefox containers ever since they have been introduced to the stable releases about a year ago. This feature is actually builtin in Firefox, you only need to change some config settings to enable the UI (probably this is also all what the linked extension does?).
As Multifox was one of the old XUL/XPCOM extensions, I am glad that this functionality was integrated natively before Firefox 57 will disable all extensions that are not WebExtensions.
It is a great way to login to multiple accounts on various sites such as Twitter, without going through the hassle of a full logout/login cycle. You can use the accounts side-by-side in different tabs, which will be color coded to indicate which container they belong to.
how do you do #2? I can't find it? For example, I want Facebook to always open in my "Facebook" container.
EDIT: I guess I just had to ask then my brain figured it out. :) Open the page in the container you want, right click the extension icon and choose "Always open in this container"
I'm actually quite shocked Youtube does that. I know exactly what you mean, and I specifically avoid clicking on some videos because I know Youtube will just spam me with those in the future.
I'm sure in many cases the recommendations give more traffic than less, but I can't help but feel for me personally, it's giving Youtube less traffic. I actively avoid clicking some videos on Youtube, because I don't want that crap to repeatedly show up for me. It's a cancerous feature.
I've found it useful to purge my Youtube history every once in a while. If I click on random Youtube links on irc, they always get opened in a private/incognito session. I'm annoyed this is something that I think about.
It's not terribly useful for people who open stuff from within the browser, but for the past couple of years I've actually had my default browser in Windows set to incognito/private mode of whatever browser I'm using. This way I don't have to think about it, and I also don't have to deal with things like Gmail deciding that I've already seen some emails because my inbox loaded in a background tab.
That is my whole problem with this recent machine learning approach has been taken off in last decade. I don't have anything against AI. But there is got to be a way to sign this off. Sadly google thend to shove it in people throats.
Agreed, and it's one of the reasons I've switched off of everything google I can. Youtube and Google Voice are the only things left. Oh and my Pixel XL phone, but I'll be switching to the iPhone X in Jan / Fed (whenever it goes carrier free).
I hate not knowing what consequences my actions are going to have.
Personally, I think people should never use these services while logged in their Google account. Just keep the logged accounts in another Firefox profile and browse from an "amnesic" one (one which blocks third party cookies, have cookie self-destruct, adblocked to the hell, etc).
This new extension should help with this experience, BTW.
You can delete videos from your history or "tune" what it shows you by selecting "Not Interested" on the video's option menu in the recommendation list.
I was in the test pilot for this and I had one singular gripe which I don't think has been addressed or brought up anywhere else I've seen: I want to be able to move a tab from one container to another.
It's so easy to open a tab in the default container, or the wrong container, and being able to move that tab, along with all the data it has spawned (like cookies) would make this a killer feature for me.
The only other thing, which admittedly makes my one singular gripe less singular, is that I didn't see any separation in the history, as far as what was in a given container. In an ideal world, each container would have its own "Show all history" data.
I use Chrome profiles heavily, so I am very happy Firefox is exploring this feature. When doing consulting, I like to keep different client activities isolated to their own profile, so I have less things to juggle if they use the same cloud service (AWS, G Suite, Jira, etc).
One limitation I currently see to that workflow (that works better for me in Chrome) is that this appears to all reside under a single Firefox Account which essentially creates master set of data to Sync. I would like to be able to setup Containers to be pegged to different Firefox Accounts (or not at all).
So that seems broken as well, when you click "Launch profile in new browser" it doesn't actually appear to be creating a browser tied to that profile, as I just setup my personal sync account it caused all the open browsers (across 3 profiles I setup) to all sign into that account.
So if this exists, why don't they do some minor adjustments to make it usable and call it good? This works rather well (except not telling you which browser is loaded with which profile)
This has been extremely useful for the past month or so that I've been using it. I separate work accounts and personal accounts and that has tremendously simplified using the browser. For Youtube, I can use a different Google account without logging out of my main one. I call it my "Entertainment" container - maybe it will also make it harder for agencies to connect my leisure activities to other activities.
I even have a "Testing" container when I'm testing a webapp and need to log in with 2 different users in the same window. Very convenient.
This is exactly how I would like to use this feature, but from what I read, Firefox Sync only supports one of the accounts. Does that affect containers? I'd like to sync all of my bookmarks, history etc. from both work and personal containers.
Bookmarks and browsing history are not separated by Container Tabs. So, it will sync both personal and work bookmarks, just like it would without Container Tabs. The idea being that you look towards the internet like several users, but on your end it still behaves like a single user.
If you do want bookmarks and browsing history separated, then yeah, as the other guy said you'll want to use classic profiles. Easiest way is to type "about:profiles" into the URL-bar and then the rest should be self-explanatory. Another (scriptable) way is explained here: https://support.mozilla.org/en-US/kb/profile-manager-create-...
And then you'd create a second Firefox Account and give each profile a different Firefox Account to sync to.
I've been using containers in test pilot for about a month and I love it. Google is separated from my news reading, is separated from my banking, is separated from my shopping, is separated from my leisure activity, is separated from my work activity. Once you set it up to aways open a site within a designated container it is all smooth.
However, I wonder. What is the technical reason for not making it default to 1 container by site? Sure that would mean hundreds of containers...but does that pose performance problems?
> However, I wonder. What is the technical reason for not making it default to 1 container by site? Sure that would mean hundreds of containers...but does that pose performance problems?
It would break some webpages. Also, yes, the vast majority of broken things will be tracking, but as a browser vendor you sort of need to not piss off webpage owners (which often benefit from tracking, directly or indirectly), as otherwise they'll stop testing their webpage against your browser.
I've used this from the days of it [1] being in Test Pilot (an add-on for experimental features) [2] and really loved the idea. Usually I'd use a couple of different browsers or shuttle between normal and private browsing/incognito modes for using multiple logins on services (from a privacy standpoint, I don't like linking accounts together on any service, like for example how Google allows users to do).
I did provide feedback to the developers on the following:
1. Opening new tabs should have better intelligence about which container a user wants to go with.
2. Improving the look of the tab bar for better tab visibility and clarity on which tab was the current one.
3. Detailed and clear documentation on how containers work across normal windows and private windows, because I certainly wouldn't want to use something believing that it's providing me isolation while it does not in certain scenarios. In my limited knowledge, the behavior of different browsers, in keeping cookies/storage isolated, in private/inprivate/incognito mode varies when it comes to multiple windows, multiple tabs and closing windows/tabs. That is already not clear enough (to me) that I don't open more than one private/inprivate/incognito window at the same time.
I would love for this to get into Firefox main instead of being an extension!
I am building my own Chromium-based browser with a similar concept called "bubbles" [0][1]. Not doing a show-hn on it until next week because I need to build another release but feel free to try it out (I recommend building over using the one in the releases area as a lot of bugs have been fixed in master).
Oh and for the commenter wanting Ctrl+T in the same container, a Ctrl+Shift+T in Doogie does open a child page in the same bubble.
Instead putting your effort into a single person project you could do it for Brave browser or ungoogled-chromium, it would be more useful and you would get more users.
I implement "containers" simply by using different browsers (one for each screen). Chrome runs my (Google) email, calendar, drive. And then I use Firefox for my client work, where I log in/out of various client identities. I have Firefox set to "nuke" all session data on close - an absolute must-have feature for testing caching issues and making sure I don't end up with "hidden" active sessions around the web.
I've been wanting something like this for Android / ios.
I've had the problem that many restaurant rewards program have gone from "10 punches on this card and your next sandwich is free" to "type in your phone number / scan this card" on each visit and have now become "install our app" to get that free sandwich. That's more than I'm willing to give up for a cheap meal once every few months.
My equivalent is to use incognito/private browsing (depending on browser of choice). However, once again, browsers are opinionated, and don't offer to save passwords in private/incognito mode (with no overrides). Which means I just avoid the whole experience when possible.
Similarly, things like Focus let you access a throwaway experience even more easily. Still no password saving though.
I've been using this for over a month now, and while I'm convinced it's the right idea, the implementation leaves much to be desired. Currently, it costs more effort than it's worth.
[EDIT: comments show this does exist! great]
Missing: easy way to open a new tab in a specific profile. ctrl-T always opens in Default profile, not the one you're on. So have to go File menu -> New tab -> select profile. And that menu changes items around slightly, so no muscle memory. I end up going to a tab already open, middle clicking a random link, ctrl-L, and using that as a fresh tab. I see on their little drawings they show some cool drop down under the + button at the right of the tab row, but I can't find any such functionality.
[EDIT: Comments show exists. Good enough!]
Missing: a way to fix certain hosts to certain profiles. E.g. {XXX.myclient.com -> always open in "Client X" tab}. E.g. with links from GitHub (which is client independent) into custom CIs (jenkins etc). You forget, "why isn't this logged in? oh, profiles", go back, right click the link, open in new container -> select container. Ugh.
Missing: a way to disallow any non-whitelisted hosts from a tab. E.g. having a gmail tab is useless, because every link you click will open in that profile (and you won't notice because hey, it works) and now your gmail credentials and cookies are available there. Again defeats the purpose. Especially for a "Banking" tab, for example.
Missing: clear warning that this doesn't do anything meaningful against tracking. It's a complete waste of time to separate your Facebook into a separate profile if you don't want to be tracked across other domains. Fingerprinting goes well beyond cookies. They don't need your account cookie to link your visits.
Missing: segmentation of plugins!! Different NoScript or µblock settings per profile? yes please! Or even just native Firefox settings (3rd party cookies, clearing policy, etc) per website per profile would be lovely.
All in all: I'm stubborn so I'll keep using it, but I'll be honest: there's quite a low ROI on them, as they are. Good start, hope they improve.
EDIT: Another missing: clear cookies only from a certain profile. E.g. discover I've accidentally been browsing youtube in work profile (or whatever), I want to delete all youtube cookies _but only from that profile_. Can't do it. I encounter this problem often with GMail, where I want to clear a friend's login but not log out all my sessions from different containers.
(PS: Sorry for using "profile" and "container" interchangeably---it was a bit stream of consciousness. I mean "container" for both words).
The Firefox "containers" experiment (available in Nightly at least, maybe earlier) lets you set a site to always open in a certain profile. Even if you use ctrl-T (or ctrl-click on a link from a default tab, etc.) to open a new tab in Default, navigating to a site that's set to always open in container B will cause that tab to switch to container B.
I put this thing together a while back to help out with accidentally opening things in the wrong tab. You can right-click on a tab and 'move' it to a different context. It's a bit of a hack, in that it destroys the old tab and replaces it with a new one, but it's still quite useful.
And we're asking folks to upvote their favorite issues, so we can point more add-on developers at these lists. Since we can't solve for every workflow and use-case, we really want to enable an ecosystem of container-aware addons. (Some of the other comments here link to the already-growing number of container-aware addons)
> I see on their little drawings they show some cool drop down under the + button at the right of the tab row, but I can't find any such functionality.
Click and hold the new tab button. You should see the menu.
> Long click the new tab button then select the profile. Or just click the button on the toolbar and select the profile.
Further to this, I've been using (and meaning to embellish on) a little trick to make this even simpler, without having to use the mouse, using the "always open this host in container X" feature.
I have 2 gmail accounts so don't want to tie gmail.com to a specific container. I only have 1 pagerduty account so I have that open in my Work container automatically. So, to get to my work gmail I open a new tab (Ctrl+T), go to pagerduty (you don't have to wait for it to load), then go to gmail. Voila, work gmail without the mouse.
The embellishment is to set up work.mydomain.com, play.mydomain.com, whatever.mydomain.com. Tie each of them to a container and go from there.
> Missing: a way to disallow any non-whitelisted hosts from a tab. E.g. having a gmail tab is useless, because every link you click will open in that profile (and you won't notice because hey, it works) and now your gmail credentials and cookies are available there. Again defeats the purpose. Especially for a "Banking" tab, for example.
You can mitigate some of this with Cookie AutoDelete which has support for contextual identities. After you close a tab it'll nuke cookies for any non-whitelisted domain for that context.
I think parent comment wanted something more like First-Party Isolation (privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access in about:config, use with caution - it will break things, including breaking Cookie Auto-Delete extension)
> Missing: segmentation of plugins!! Different NoScript or µblock settings per profile? yes please! Or even just native Firefox settings (3rd party cookies, clearing policy, etc) per website per profile would be lovely.
Privacy extensions could do this on their own. They can integrate with containers where it makes sense. Enforcing it from the firefox side would probably be more confusing than useful.
> EDIT: Another missing: clear cookies only from a certain profile.
Extensions could implement this.
> Missing: a way to disallow any non-whitelisted hosts from a tab.
Another fan of containers. I switched to Chromium/Safari a long time ago, but installed Nightly 57 the other day out of curiosity, and containers is definitely the best feature in it. Only thing I would love even more would be a private/incognito container (or basically private tabs alongside regular tabs without the need for opening a private new window).
Great feature! I switched to FF Nightly some months ago, and I can confirm the performance is great. Sadly I had to switch back to Chrome, the quality of extensions in Chrome is just much higher.
Now, I only just learned recently that in theory you can use Chrome extensions in Firefox, does this actually work well? Or just so-so.
So, this extension quality problem isn't new. Firefox's current extension API is really powerful, but really complicated and it's not really an API, it's more-so just a way to fuck around with Firefox's source code, so if Mozilla changes things then generally extensions break and need to be updated.
Because of that Mozilla has wanted to move to a different extension API for a long time, they just couldn't really afford to, because it would require breaking all extensions for good.
Now they are at the point where they do feel like breaking all extensions weighs up with the benefits. Another big factor here is the new multiprocess-architecture, which is the foundation for most of those performance improvements that you've seen, and also requires breaking all extensions. (Currently those old extensions can still be used, but Firefox will then drop back to singleprocess - another quality problem that you likely encountered.)
So, now they needed that new extension API. And instead of writing and testing a completely new API, Mozilla decided to base it off of Chrome's extension API.
Some smaller Chrome-specific APIs were left out / adjusted, but short of that and potential bugs in the implementation, Firefox is going to be compatible with Chrome extensions. (They are also adding new APIs that Chrome does not support, because they want to offer more extensibility, so it's essentially a superset of Chrome's extension API.)
For most extension developers, the only porting work is going to be to test it, work around bugs if they run into some and then upload it to addons.mozilla.org.
The more or less 1.0 release of that implementation is going to be with Firefox 57 on November 14th, which is also when the old extension API is going to be disabled. But most of this new extension API (called "WebExtensions") is already in Firefox as of today, there's just still some bugs left to be squished.
So, that's why and how you can run Chrome extensions in Firefox. It's up to the individual extension developers to port their extension.
Well, that's the normal path, which is not going to be so-so.
Assuming there's no bugs, then the only part which can't be automated is signing the extension. Haven't done it myself yet, but from what I hear, it's a matter of creating/having a Firefox Account, uploading the extension-file and then waiting for a few days or so.
So, to summarize: Firefox now supports Chrome extensions with minimal porting work necessary, meaning that lots of those will get ported over. You can try to port things on your own and if there's no bugs then it shouldn't be hard (and it's not hard to find out if there are bugs). And lots of old, unmaintained and problematic extensions will get thrown out with Firefox 57, making it much easier to find the qualitatively better ones.
I doubt this will help much with privacy. People's laziness plus cognitive effort needed to track what container you are in plus various tricks from advertisers and publishers will keep vast majority of users perfectly trackable.
Chrome's approach at least helps to keep multiple profiles visually separate.
Yes it shouldn't be used for privacy-sensitive identities. Right now opening a new link in a new tab will use the default profile, this makes it super easy to link profiles. Even if that was fixed, all the tabs have pretty much the same browser settings.
The main use-case is when you have home/work split with multiple accounts.
The article says: "online trackers can’t easily connect the browsing", which seems to imply that they can still connect the browsing. Why can't they be completely prevented from tracking other browsing. The second question I have is how is this different from Firefox profiles?
They can still track you through your IP address, or by a combination of many browser/computer/OS properties available through JS, for example window size, browser agent, OS, fonts installed, etc. All these things don't identify you by themselves, but with enough of them you can build a fingerprint which is (almost) unique.
Firefox Profiles function like a multi-user experience whereas Container Tabs function like a single-user experience that only looks like multiple users towards the internet. So, for example browsing history, bookmarks and add-ons are not separated by Container Tabs.
Also, you can (obviously) use them in tabs, not just in separate windows like profiles.
I wonder if there is any reason each tab isn't spawned in its own container. It seems the natural thing to do once you have implemented this, since it maximizes privacy. Unless the resource usage is the limiting factor, I don't see a downside. Am I missing something?
It breaks some webpages to do that and Mozilla unfortunately can't always just put user privacy above all else, because then webpage owners have little incentive to test their webpage in Firefox, as they'll make less money if they can't invade user privacy so much anymore.
Tor Browser has essentially what you described, so it's not the case that resource usage would be problematic.
Yes, I'm interested in the technical background of this supposed breakage. Having a container-per-tab is essentially the same as that tab being the only one open in the browser, from the webpage's perspective. How could that break anything?
Update: Nevermind, the right answer is that users probably expect that different tabs pointing to the same website share the same context.
You could open five tabs of Facebook, and you'd probably want each one to share its container with the four others unless you specifically want it not to.
True. It still seems like an unfortunate miss of opportunity since this is essentially an UI problem. It would be great if there was an option to switch the default the other way around: all tabs are opened in their own containers unless you open a tab by "cloning" from an existing tab (for instance, by right-clicking).
I've been using the tests version of this for some time now. It's great. Keeping work/personal sessions from mixing is really useful (eg: I want my work google account whenever I visit gmail, but my personal one for youtube).
You can also set certain domains to open on certain containers by default.
It's available here for now, but I really hope this ends up making it into firefox itself:
This is great! I have been emulating this feature for years with multiple profiles, but let's get things right: it takes some work and it is hard to teach non-techie folks how to do the same.
How does this compare with using multiple profiles and the -no-remote flag? Does this manage only cookies, or does it also separate local storage (HTML5 session/local/global/web sql database), webcache, window.name caching (if the same tab can use multiple profiles), web history, flash cookies, for those who still have flash installed, etc.
People might get a false sense of security if all of these methods of saving data in the browser are not also separated along with cookies.
Thanks. So it appears that most of it is separated, with the exception of web history and search and form data (which can be identifying). This was also interesting:
"Users can log into multiple accounts on the same site, even when the site does not natively support concurrent sessions.
...
Current solutions:
Users open multiple browsers (this takes users away from Firefox).
A user opens one account in Private Browsing mode (this has a limit of 2 accounts, and forces one to be ephemeral)."
There is no mention here of the -no-remote flag which has been available for many years.
Generally speaking, Container Tabs try to make you look towards the internet like several users while on your end it behaves like a single-user experience. So, things like history, bookmarks and add-ons are not separated by Container Tabs.
And the technology behind this was developed by the Tor Browser devs and then uplifted into Firefox and reused for this, so this is a proper security/privacy feature, not something that only works on the surface.
That might bring make me bring back part of my browsing to Firefox. The identities functionality was what made me use Chrome almost exclusively the last two years.
Switching between profiles in Firefox is the most painful experience ever. Running multiple Firefox profiles simultaneously requires using a terminal command.
Switching between profiles in Chrome involves clicking on an easy to find button, and lets you easily run multiple profiles in parallel. No terminal involved, accessible to anyone.
To be fair, running multiple chrome profiles in parallel kills my (somewhat old) machine (mostly by virtue of having too many tabs in each profile), so Firefox does win there.
Love that they have decided to add this feature officially. I was using using sandboxed tabs -> Priv8 for years so that I dont have to be logged in to facebook and old emails globally.
The one thing I miss over the old plugins is the ability to set home pages per profile, which I know doesnt really fit in with the new tab ethos of default Firefox, but I would love a plugin to be able to add the functionality back.
Not sure. I've been using separate "Work" and "Personal" profiles at my workplace, and can beautifully have two Firefox sync accounts syncing their own stuff. This limitation of the new Container extension prevents me from using it as I'd never want my personal and work set of extensions, bookmarks, and history to mingle with each other. Big oversight.
I tried this feature when it was available only in pilot mode. It was very nice and fitted quite well my uses. But the UX back then could use some improvements. For example, opening a new tab in a specific container took way too many clicks. And you couldn't just to CTR+T because it would always open the tab in the default container, rather than that of the active tab.
One issue I see is that it seems to be based on domains.
(Ex: if I want a container for my streaming apps, there's no way to segregate Amazon Video from the rest of the "shopping" app)
Then again I may be getting too fine grained with my personas but segregating Reddit, HN et al away from my Google account and away from my streaming accounts seems to kick tracking in the ass.
I've been doing multiple containers for multiple accounts opening five different browsers (SF, FX, CR, OP, TR). Now I only need Safari for my regular browsing, Firefox for multiple accounts and Opera for free VPN.
Free, but you get exactly what you pay for: a rather bad VPN bordering on "this is not a VPN at all". Of course, you should not believe a random commenter on HN for that, so hit up https://thatoneprivacysite.net/vpn-comparison-chart/ and use that as a starting point to verify for yourself whether or not Opera's VPN is any good.
If you want security rather than security veneer, use a real VPN instead, with browsers set to either use or ignore the system proxy, depending on what you want out of each browser.
I would swap to Firefox in a second if I could live with their font renderings. It's just so different than what I am used to in Chrome/Safari/Opera and for some reason its really hard for me to read.
Chrome/Safari/Opera all use the WebKit/Blink font renderer, so yeah, those will look similar. Firefox relies on your OS' font renderer, so maybe try to tweak the settings there.
It's not better, it's different. They cover different use-cases. Container Tabs function like a single-user experience that only looks towards the internet like multiple users, so things like browsing history, bookmarks and add-ons are not separated by it.
This is my most wanted feature for a browser. Anyone knows if every instance has not just a different cookies set but also different canvas fingerprints?
Docker didn't invent the term 'container' for... well, _containing_ an environment.
It's not really overloaded here. 'Container' means a contained environment that can see itself, and cannot see other contained environments on the same machine/network. It has the same basic meaning for both Docker and Firefox.
Docker was released in 2013, so if you search for "software container" or "software virtual container", or "chroot container" on Google filtered to before 01-01-2012, you will find plenty of examples of it from the past.
LXC - Linux Containers – was released in 2008... Virtuozzo Containers since at least 2000.
Sure, I'm familiar with the history. It's just that, all prior art aside, the term "container" at this point in time has a pretty particular connotation.
Nightly has this built in actually, though the icon looks a little different. Enable it in about:preferences#general in the Tabs section. The icon looks like a file cabinet.
Indeed: that’s how I use it. (I use this to keep work and personal stuff separate because of a couple of services that don’t support multiple simultaneous logins.)
That's a built-in Firefox feature. https://screenshots.firefox.com/ I thought it was only included in Nightly builds but I guess they pushed it to Beta?
I think they pushed it to main? It appeared unsolicited on my toolbar (on Kubuntu) with last update I did -- I would have thought they'd been warded off adding unrequested feature buttons by now. Would it be that hard to have an update page that says "do you want to add $commercialTieInButton"?
It was more a general point, like for the Telefonica button, the Pocket button, etc., this links to a particular image upload tool though doesn't it? Only looked at it long enough to find if I'd got malware.
Is that really so much different than just sticking a button there and then if you don't want it, you remove that button?
If they make it opt-in like you suggest, then a good number of casual users will not understand, because they can't try it without opting in, and therefore ultimately not opt-in, even though they would probably like this feature. (They've had it in the Test Pilot project like the above and got a very good response to it.)
I love this! I tried to do this by running multiple instances of firefox in separate Docker containers using software I wrote for the task (see subuser.org), and while it works, for more than a few different accounts it gets slow to switch between them because my system won't keep all of the instances of firefox in memory.
Just a word of caution, anecdotely I installed the Container extension/feature 2 weeks ago when this was discuted on HN, I opened some tabs in different contexts, copied important links I wanted to keep, then decided to hide them, then finally yesterday I wanted to read one of these links, I go look in the menu... Pouf gone, all my links gone... Least to say I was happy.. Therefore not only I have uninstalled this feature but also Test Pilot altogether. I decided from now on to keep things simple because it seems this is only what really works. Maybe I'm rambling a bit, but the sad truth is I don't have much trust in Firefox anymore, I use it because it is to me the least worst browser, not because I really enjoy using it.
This was also discussed in the issue tracker, in a now closed issue, in which the intuitive behaviour (staying in the same container) was proposed, but got sidetracked and in the end implemented something totally different.
So if anyone from Firefox is listening here: please PLEASE consider implementing Ctrl+T in the same container :)