
Ask HN: What do Firefox containers do that Safari doesn’t? - iamdamian
I haven’t found any answer to this online but figure HN is the place to find out.<p>If I use Safari out of the box with third-party cookie blocking, default uBlock settings, and Pi-hole, what do Firefox containers add to the picture from a privacy perspective? Which specific types of tracking would be covered by containers and not these other tools?<p>Note: I’m not asking about UX or security unless it also has direct implications for privacy.
======
gshdg
It lets you sandbox your activity - for instance, preventing google from
linking your activity for a work account with that from a personal account.

It also adds some confidence that vulnerabilities won’t be used to track or
crack sensitive interactions. For instance, if I log into my bank only in one
container and browse untrusted sites only in another, I can be more confident
that my bank account won’t be subjected to a XSS attack.

And then, some sites (AWS, I’m looking at you) make it really really difficult
to manage multiple accounts from a single browser.

Finally, Safari’s extension ecosystem and developer tools kind of suck. This
way I’ve got access to Firefox’s.

~~~
iamdamian
What I can discern from your answer is that the specific type of tracking
stopped is based on XSS and nothing else, is that right?

And if that’s the case, then if I am someone who is primary worried about
being tracked by ad networks, then I don’t really need Firefox containers. Is
that fair?

~~~
gshdg
Only if you’re confident your ad blocker blocks them effectively. Also, it
isolates cookies (so for instance, Facebook can’t tell you’ve visited sites
that embed its share script if you visit them in a container where you never
open Facebook).

But yeah, containers are about isolation more than privacy. It’s like having
multiple independent browser instances (each of which has a name and remembers
your state and logins and such for just its own instance, even through
restarts) at once.

~~~
iamdamian
That makes sense, thanks.

So a concrete example would be that a container would block a Google Analytics
script from setting a first-party tracking cookie if, for some reason, my ad
blocker weren’t already blocking that script.

(My understanding is that, with third-party cookie blocking, cookies are
already isolated, but not if a site has set up first-party cookie tracking.
That tracking can only be blocked at the script level.)

Is that about right?

~~~
gshdg
Containers don’t block cookies.

But a cookie set in one container is available only in that container, not in
other containers.

~~~
iamdamian
That is true, although that says nothing about the ability of whoever provided
the cookie to track you across containers through said cookie. I believe this
is the basis for all cookie-based tracking.

What I am gathering from this discussion is that containers are really not
targeted at privacy as a use case, unless you have an ad blockers that isn't
effectively blocking specific scripts from setting tracking cookies.

~~~
gshdg
How would it track you across containers with the cookie when the cookie set
in one container doesn’t even exist in another?

~~~
iamdamian
I am not completely sure, but I would guess that first-party cookies for
third-party ad/analytics services have this ability.

~~~
gshdg
They don’t. You need to be able to read a cookie in order to track the user.

