I love this feature, but it seems missing a critical thing. You can say 'always open websites A1, A2, A3 in container Y' but you can't say 'container Y only hosts websites A1, A2, A3'.
After time the container gets polluted with cookies from links clicked on website Ax.
Hopefully this gets fixed soon.
Edit: replaces 1 website with multiple websites
Edit 2 : Another useful feature, would be cookie policy per container. So when I quit FF, I can delete all cookies except those in Container X
AFAIK, C-AD has no support for DOM Storage or IndexedDB (or other legacy APIs if they're still alive, like Application Cache), though. I think it doesn't support Flash LSOs, too. It's very inferior to the SDC, and cannot be considered a reliable solution for sites to forget you. Not its fault, just that there are no APIs for this.
Nor there's any protection against HSTS and HPKP pinning, ETags or other "supercookie"-grade stuff. I'm not sure even Contextual Identities are enough, given that e.g. HSTS leaks into incognito mode if the flag was already seen in non-incognito session. That's only a suspicion, though - I haven't checked it, and it's well possible containers are isolated.
Haven't used the feature, but can you whitelist cookies on a per-container basis? If so, then I'm in. If container Y is only going to open website X, then just block all other cookies.
Yes, you can. The cookie settings are per-container (and there’s a surprising amount of customization per domain, though I wish it had decent wildcard support, it turns out to not be much of an issue).
I think what parent meant was: if I use one container for webmail, can I set it to remember my webmail cookie, but not any cookies from links I open from my email?
Is there now an option to whitelist specific origins, and block all other cookies by default?
Any reason why new tabs shouldn't create an entirely new, isolated container by default? And then allow the user to close tabs implicitly by performing a merge operation with some existing container (say, dragging with the mouse with a hotkey held down onto an existing tab group representing a single container)?
And alternatively, "merging" with the empty container, which would retroactively implement incognito mode on that tab, and incidentally coincides with the desktop metaphor for dragging things into the recycling bin... this metaphor can be extended by password protecting the recycling bin of "lost" incognito tabs.
You might like the "Containers On The Go" addon. It adds a second new tab button which will create a container for the new tab it creates, which then is deleted as soon as you close the tab.
Someone also made a theme which will color the temporary container windows a different color so you can easily differentiate them from the normal tabs/windows.
Does anyone have any advice on how best to use this? Is it really best to make all shopping websites open in the same containers? Any thoughts on what sites/kinds of sites should definitely be in their own containers. Any recommended categories besides the default container categories?
One thing I've found really really useful is handling multiple google users over multiple google sites.
I want youtube & google music to only use my personal account, so I never need to switch accounts, so google music and youtube open in their own container where only my personal account is logged in.
I want gmail and calendar to use my work account, so they open in the default container and automatically use my work google user.
I know that you can set your default google account by logging into it first, but I specifically don't want one default, I want different defaults for different google services, and that use case is handled beautifully by containers.
Anything where you have to log into an account with a secondary identity. So I have one for my work account Azure as it’s a different Microsoft account, one for work Google API projects as it’s a different Google account, etc. Used to have to use different browsers (even IE, ugh) but now there’s no need. I love containers (longtime Nightly user) but the UI is hard to get right and even harder to make intuitive, so I’m not surprised they made it an extension.
This just isn't what I want. In Chrome I have two separate profiles: work, and home. This lets me have work and home specific history, extensions, and settings. Opening a new tab in one doesn't bleed into the other. This is what I want. It's literally the only thing keeping me in Chrome these days.
Firefox used to have something like this in the past, but it's either buried deep inside some obscure setting or has been ripped out. It's a damn shame.
As soon as this is implemented directly into Firefox and easily accessible, I'll ditch chrome for good. I rely too much on separate profiles to give this feature up.
I always find it's worth pointing out that you can also bookmark the about:profiles-page and stick that into the bookmarks-bar. Or if you don't use the bookmarks-bar, you can also go into Customize and drag the Bookmark-Items-element into the Navbar and then put it there.
It's not quite as elegant as chrome, but you can go to about:profiles to manage profiles from within firefox. It allows you to create/delete profiles and launch a given profile in a new window.
I still think multiple profiles are a better choice. My main profile never keeps cookies and have a very rigid https://github.com/pyllyukko/user.js file and only a couple of extensions. I'm very scared about extensions and self-updating scripts so I only keep them isolated. It also helps with organization since I have different bookmarks. I can also "firewall" that profile to never accidentally load websites I don't want to.
If needed you can drag windows/tabs between profiles or even other browsers. I disabled all the referral options too.
Multiple profiles are such a pain. You don't even get the common history and autocomplete that comes with having a single profile. I've used them for a while with Chrome and they're just too annoying to use. This looks like it could turn out really great.
EDIT: It seems I was unclear in what I was trying to say. I wasn't criticizing multiple profiles in general; I was criticizing using multiple profiles as a replacement for containers. The way I see it, they don't substitute for each other, and they both have their own great use cases.
Chrome profiles are an absolute joy for splitting between personal/work activities. They also work better for, say, switching between Google accounts than the "inline" Google account switcher, which is often buggy and at least used to have incomplete support (does the Analytics dashboard finally support the account switcher?).
I agree, they're fantastic for their use cases. I'm trying to say this is not one of them, and trying to use them as container replacements results in an awful and painful experience. That's all.
Frankly you shouldn’t ever look at porn on a work machine, no matter how much they encourage you to think of it as your personal machine. It is only a liability.
You've got to use an entirely separate browser for that IMO. Even with Chrome's totally segregated user profiles, it's too easy to pull up a NSFW URL in the wrong Chrome window and have it pollute your "work" profile.
I use FF for work and a special Chrome profile (not the default one) for anything that shouldn't pop up in my autocomplete in front of coworkers/clients.
Hmm, I find it odd that you want cross-noise in your autocompletes. I use the things for doing personal browsing on work machines and find them very convenient.
But on Firefox it seems totally unusable because of near misses in UI. I haven't found a nice menu for switching between profiles, or a way of getting a list of available profiles short of rooting about in my settings. The default profile is can change itself in strange, and will only sometime coincide with the profile called "default".
I think you misunderstood what I said (might have been since I wasn't too clear on this in my comment). I wasn't criticizing the profile feature itself. Profiles are fantastic for your use case. I was criticizing using profiles for THIS use case (i.e. substituting for containers). They simply don't substitute for the container feature; they solve different problems. One is for separation of concerns and one is for privacy/security. The two sometimes affect each other but they're not the same concerns.
I use them daily for development. It is great to be able to have multiple sessions in the same window for the same application when testing/developing a feature.
Yes, that's true and I wonder how these are related.
I usually use the tabs not in containers for mobile, the containerized ones for the desktop testing.
I have being using Chrome Profile(People) feature since they were introduce. It has been a god send for me. I tried Firefox containers for a couple of days here a couple things that will really help:
* Containers need to be per window. Keeping track of containers at Tab level is lot of mental work.
* Set a different default container per device. For example I want to set different default for an office laptop, home computer, shared device, etc.
Firefox is getting there i feel it is just moving too slow for me to make a complete switch.
The equivalent feature you're probably looking for is Profiles, which have been in Firefox for ages already :) It's pretty similar to Chrome's. See about:profiles.
Containers already are not shared between devices.
On a related note, does Firefox implement something like Safari's "Intelligent Tracking Prevention"[0] that times out third-party cookies? Advertisers seem to be mad[1], so they must be doing something right.
Don't think Mozilla could really afford to implement that right now. You can only piss off advertisers so much before webpage owners stop supporting your browser and Mozilla is already pissing off advertisers in many ways. Especially compared to Chrome which is worth supporting more due to its oversized market share, too.
design (coloring of tabs for banking etc) seems to be heavily borrowed from QubesOS. For those not running Qubes using isolation like this is a really great step forward in steering users awareness and training them to properly isolate. I applaud these decisions by Mozilla since for avg users it can be daunting to think for themselves about where the trust boundaries are.
A question for clarification:
Containers don't prevent the browser from leaking information such as the addons and fonts installed, right? In other words, the browser fingerprint would still be revealed?
If this is the case then containers might be an okayish first step but may convey a false sense of security to the user.
These look really cool. I've had Self-Destructing Cookies (or Webextension equivalent) on Firefox for awhile now to try to combat this problem, but it is a bit annoying that if I inadvertently close HN's tab or navigate away from it because I followed a URL, I need to log back in. Containers might eventually give me enough segmentation that I can feel confident with staying logged into some stuff without being concerned that all the cookies are talking to each other.
Might still want something that deletes all cookies when the entire container is closed, though.
They mentioned my main peeve about containers: IMO control-T should open a new tab in the current container rather than in the default container. They implied that this could be fixed in an extension and linked some extensions, but those extensions appear to do other things. Has anybody found an extension that changes the control-T behaviour? Thanks.
Edit: They've totally got the default right. Pressing control-T from a banking container should not open a new tab in the banking container. It's just that's not my use case.
FYI: This is exists in Chrome, but only for the other profiles open. If a window for the other profile isn't open, the option to open in that profile doesn't appear.
I really like this! First time I've actually tried it out now that it's an extension. Seeing an issue with the always open in this container feature though - clicking on a YouTube link set to always open in a 'Personal' container, it's opening multiple new container tabs. At first it was just a duplication with new tabs, but now it seems to be opening three tabs.
Edit: Above is when opening from a default tab. Maybe this is expected, but the clicked links show as visited in the default tab even when they're opened in a container tab. Perhaps this is to be expected, but it seems like a type of information leakage across containers? Actually, seems like links clicked in the default container show as visited in other containers. Odd as well is that I'm not seeing the duplicate tab issue when clicking YT links from a non-default container.
Edit 2: Is there any way to opt-out of "always" opening a specific site in a given container? Say I configure youtube to always open in a personal container, but for some reason I now have to test something in a work container on youtube. Is that possible? Or do I need to go edit out the config and then replace it when I'm done?
For your question about opting out: if you are not in the container that the site "always" opens in it will offer you a choice of opening it in your current container or in the default container for that site, at least it does for me.
What I would like is the option to assign a site to two different containers, so mail.google.com would not offer me to switch when in in Personal or in Work, but would give me the choice to open it in either when I'm in a default container.
I did get that as well. I'm confused why this is the default. I imagine it's just the learning curve of this feature, I totally understand why they have the need to spin off certain expected-default behavior to further extensions.
So I just told you to always open a site in a specific container, and then you're going to ask me when I next load that site starting from another container whether to open in the container I've asked the site to always be opened in. Why would my choice be anything except 'Open in <Preference> Container' and 'Remember my decision for this site'. Isn't that what I already asked you to do?
Why am I setting the same preference twice? It seems like the opt-out is there by default when I don't want it, and not there when I do.
* Set facebook, gmail, analytics, youtube and all google services other than Search to always open in "No tracking"
Now in theory Facebook and Google can't track me across the web (at least not in a way that it's linked to my real identity), and I don't have to do anything to maintain this.
- Storing visits across the web on different sites that use 3rd-party Google/Facebook-hosted services against a shadow session. Google Analytics, Google Maps, Google Web Fonts, Google CDN / JSON APIs, share buttons.
- I presume you don't login with Facebook / Google on any websites? If you do, that would conclusively link the aforementioned shadow session with your actual account.
- Also, there are integrated browser services calling home to Google. Check about:config?filter=google
---
Edit: For an extra step to mitigate some of the above:
Install either uBlock Origin or uMatrix and painstakingly block all of the above-mentioned 3rd-party origins: analytics, web fonts, share URLs, login APIs, CDNs and JSON APIs. Blocking the last two will break some websites - e.g. Stackoverflow - but you can further mitigate this breakage by installing the Decentraleyes extension.
The cookies. If I understand correctly the discussion, people here observe that e.g. Facebook cookies from your example are saved also outside of "No tracking" "container."
For me, the most significant part of this announcement is the breaking out of this feature into an extension. Some interesting questions
- Does this represent a deprioritisation of the feature by Mozilla (it would seem not, since there's an explicit WebExtensions API just for this, but I'm curious to see how the level of maintenance of the extension UI keeps up with browser changes going forward)
- This seems like the first major WebExtensions API that Firefox has added post 57 (though it was available with a flag before) that no other browser supports[0]. Does the represent Mozilla's future policy w.r.t. WebExtensions in general - i.e. building out the API with Firefox-specific features? This could be good for differentiating Firefox again, but probably more work for devs creating cross-browser extensions.
Personally I don't want this feature. Because it is an extension, I don't have to have it and my browser can be lighter. This is exactly what should happen, move as much as possible into extensions.
If WebExtensions doesn't allow for this, then yes, Firefox should extend it. That way, other extensions can make use of it. You might not be able to port it to Chrome because it is using specific Firefox APIs but the alternative is not to have this feature. I expect to see other extensions in the future like the ability to hide the tab bar.
I have to agree with Vinni here, particularly as a former Opera user which is a browser that took the polar opposite of this approach and yet remained by far the lightest, most performant of the main browsers up until version 12.
It is absolutely possible to have your cake and eat it here, and the main reason for this is that extensibility - from an engineering perspective - is complex. Providing extension APIs necessitates generalised code, that fits a range of use-cases and is parameterised in a generic manner. Providing specific browser features on the other hand requires specific code, which can be written in a targetted fashion for the single feature, and therefore can be made much leaner and optimised.
This is absolutely not always the case - you can of course have the worst of both worlds (inflexible non-extensible apps with inefficient badly written code), but I would not underestimate the heaviness of extensibility, nor the potential "lightness" of built-in features.
---
That said - I'm impressed with the performance of 57 and the ease of writing WebExtensions, so I'm pro this move personally.
That sounds rather arbitrary. In fact, most of the feature is implemented in browser code; what the extension does is expose a UI for it. "Lighter" isn't really properly defined, and it feels a bit like you're just principally opposed to code you don't personally use "being there", which I don't think is really productive if it doesn't really impact your use in another way.
I know they were struggling with a way to make this available to the users without being confusing. Making it an extension probably comes down to "we had no idea how to do that/only power users considered it useful, so an extension is a good compromise". In other words: if an extension is a good way to serve a significant part of a certain group of niche users (i.e. power users), they will probably properly maintain it but keep distributing it in this way.
Oh, and about the API: they already had quite a few API's that weren't available in Chrome (e.g. the sidebar API). It will be interesting to see whether/how much they will be able to get standardised, and if they are willing to make breaking changes to the API if the W3C desires those to be made.
I just installed the container add-on and I miss a basic function: how do I open a bookmark in a container? The "open link in new container tab" seems to be missing if I right click on a bookmark.
So is "Containers" being removed from Firefox? Or it will only live in Nightly ever? So confusing.
edit: From some experimenting, it looks like "Firefox Multi-Account Containers" extension extends the "Container Tabs" feature in Firefox. (This is an assumption based on the fact that the Options/Preferences now tell me I can't disable "Container Tabs" since "Ff MA Containers" is using it.
The container functionality is exposed in a WebExtension API called "Contextual Identities" (in Firefox 53+). Designing a user-friendly UI/UX for containers will take time, so the API enables extension developers to experiment with new ideas before Mozilla commits to something.
i love containers, but keyboard usage is still not ideal (i had submitted a feature request for this via github a while back).
they landed on using ctrl-. (control-period) to open the containers dropdown and then you have to tab to the container you want. not only does this require two hands, but even tanvi in the blog post admits this is not discoverable at all.
ideally, you could have a single hand command (like cmd-shft-1, cmd-shft-2, etc) that would open blank containers of the corresponding type, with the (awesome?) address bar auto-focused. then for discoverabilty, you could put the corresponding number next to each menu item with a mouseover tooltip providing the full keyboard shortcut.
even without the single-hand shortcut, the numbering could be useful for selecting a container: ctrl-. then "2" for a personal container or what have you.
but at the very least, let us also use the up and down arrows to select conainers. tabbing is one of the least obvious options here.
(yes, i've spent entirely too much time thinking about this! =)
This was exactly the feedback I had provided on a previous HN post a few weeks ago. At that time, one of the developers suggested filing an issue for it. I didn’t get around to doing that at all. Maybe you could consider doing that, or I’ll do it in about a couple of weeks.
The one problem I have with this is that I want `mail.example.com` to always open in my work container, but `mail.example.com` redirects to `mail.google.com` and the latter is what ends up being saved, so it's not possible to assign to different Gmail accounts to different containers. I wish I could edit the URLs for sites assigned to a given container.
I gave it a shot for about 3 weeks, the last time container tabs popped up on HN, but I'm back on Chrome now. Containers are awesome! But Ctl + T not doing what I want it to, combined with FF still just not being as responsive and stable as Chrome did it in for me.
Is there a way I can convert a current tab to a container? I press <C-t> by default and maybe I want to sort it later. That is, without opening a new container and copy pasting the address.
Update: I looked around and it does not seem there is a way, they seem not to want to do it either. The flow of copy, open new container tab, paste, seems pretty cumbersome to me. Especially if you want to move a tab to a different container or into one. If it weren't for this issue I'd love to use them.
I do like that you can hide containers or manipulate them as a group. This has great organizational benefits.
excellent news! Containers have become a really convenient part of my work-flow, if for no other reason than all of my reddit accounts can be logged in next to each other..
I've just created multiple chrome people. You can create a chrome person, even without signing in, so you don't necessarily need a google account for each person.
Containers are also an abstract data type who's primary purpose is to contain other data [1], Containers are a concept in type theory related to collections [2]. Web Containers are the parts of a web server that interact with Java Servlets [3]. OLE Containers are a technology for embedding content in editors such as Word [4]. AVI is a multimedia container format that can contain audio and video encoded in various codecs (as is MP4) [5].
Operating-system-level virtualization never had a monopoly on the word container, and as long as there's no potential for confusion I don't see why it should.
After time the container gets polluted with cookies from links clicked on website Ax.
Hopefully this gets fixed soon.
Edit: replaces 1 website with multiple websites
Edit 2 : Another useful feature, would be cookie policy per container. So when I quit FF, I can delete all cookies except those in Container X