
Containers Come to Firefox Test Pilot - groovecoder
https://hacks.mozilla.org/2017/03/containers-come-to-test-pilot/
======
nachtigall
I do find the name – "containers" – a bit confusing. "Contextual identities"
would seem like a better fit, because that's what it will be used for.

I am reading this name also on other places, surprised Mozilla sticked with
"containers":

* [https://blog.mozilla.org/tanvi/2016/06/16/contextual-identit...](https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/)

* [https://wiki.mozilla.org/Security/Contextual_Identity_Projec...](https://wiki.mozilla.org/Security/Contextual_Identity_Project)

* [https://wiki.mozilla.org/Security/Contextual_Identity_Projec...](https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers)

~~~
smacktoward
It's only confusing if you're a technical person -- the sort of person who
hears "containers" and thinks "oh, Docker." For laypeople who don't have that
association already burned into their brain, it's a simple label that pretty
clearly communicates the purpose of the feature -- much less scary-
complicated-sounding than "contextual identities."

~~~
jgruen
Yes this, we did some brainstorming and solicited user feedback about names
and decided Containers makes sense for a general audience. Docker Containers
and 'Contextual Idendities' are kind of inside baseball.

~~~
cpeterso
Why not "Persona"? ;)

I kid, but it makes sense. Containers describes the implementation, not the
user experience or benefit.

(Reusing the name "Persona" for any new project is a running joke at Mozilla.
:)

~~~
Pxtl
I like persona too, or facade, or anything else that shows this is about what
you present to the world... but most users won't think of it that way. Theyll
think of it a keeping a bunch of sites in a box. They don't think about how
the internet sees them, only how they see the internet.

~~~
grimgrin
"Persona" was a jest towards
[https://en.wikipedia.org/wiki/Mozilla_Persona](https://en.wikipedia.org/wiki/Mozilla_Persona)

~~~
Pxtl
I know, but it still works with the idea that a userprofile has multiple
personas.

------
vsviridov
Containers are great. I've been using them for a bit. They definitely need a
few things. Like an ability for the "new tab" to be sticky (if I'm in a
container - new tab should open in the same container), and the ability to
pick which container to open things in when the OS triggers the browser to
open a URL. Right now it's very leaky... Say I start a registration process
for a site in a container, they send a email confirmation, I click the link
and it opens outside of the container, leaking the cookies. Bad for OPSEC.

~~~
pmontra
It would be great if it could create automatically one container per domain:
every site would be neatly separated from all the other ones. If you logged in
Facebook the other tabs for other sites wouldn't know about it. Doing that
manually every time is almost impossible.

~~~
alyandon
I would pay actual money to help get a feature like that into Chromium or
Firefox. Hell, if Firefox added that exact feature I might actually rethink my
decision to switch to Chrome once they drop support for all the addons I use.

~~~
groovecoder
We are also hard at work supporting add-on authors porting to WebExtension
APIs. I'm especially trying to help Privacy & Security add-on authors.

~~~
pmontra
uBlock, NoScript, Self Destructing Cookies. Also DisableWebRTC. Firefox would
be Opera, Chrome or Vivaldi without them. No particular reason to use it or a
random one among the others. Stylish and Greasemonkey are useful too, when
sites insist doing the wrong things. I hope all of them survive the switch.
Will they?

~~~
groovecoder
You can keep track at
[https://arewewebextensionsyet.com/#addons](https://arewewebextensionsyet.com/#addons)

------
cpeterso
The UI/UX for container tabs will be a difficult design challenge. How do you
explain to typical users what a contextual identity is and why/when they might
want to use one?

I think per-window contextual identities, instead of per-tab, might be a good
mental model. It's easy to explain to users that tabs in different windows
can't see the same cookies. This is a generalization of Private Browsing
window's throwaway context identities today. It's harder to explain that some
tabs in the window are in the "Shopping" container and others in the
"Personal" container.

~~~
groovecoder
Great feedback. A segment of people seem do correlate windows with containers
more easily than tabs. We are measuring both window & tab usage in the
experiment to get a quantitative sense for it too.

I personally use Tab Groups add-on and associate each of my tab groups with a
container, but I also mix my containers in a certain group. E.g., sometimes
I'm on hacker news for fun, and sometimes I'm here for work. ;)

------
tmccrmck
Amazing. These types of changes are a step in the right for direction for
Mozilla. I abandoned Firefox long ago for Chrome but now with containers,
e10s, and Electrolysis I'm planning on moving back.

~~~
narrowrail
I realize it's somewhat off-topic, but when on Android, I have found no better
browser than Firefox because of extensions. uBlock Origin is indispensable if
you don't want to root your device.

~~~
wodenokoto
I don't use extensions and still find Firefox better than Chrome on Android.

It is a really good browser.

------
JetSpiegel
This seems like a reimplementation of Profiles, that you can use with `firefox
-P`.

The main issue here is one of UI. If you click a link in a PDF, what profile
should the link be opened in? My take is that if you have multiple firefox
instances it should ask you, otherwise it should just open on the only one
open.

~~~
wodenokoto
It's a simple UI version of Profiles.

The choice of container is no more or no less complicated than the choice of
profile for links in external programs (or within Firefox)

~~~
groovecoder
Just to be clear, this is NOT just a simple UI version of profiles. Containers
only separate Cookies, localStorage, indexedDB, HTTP data cache, Image Cache
(bug in progress), and other areas supported by originAttributes (See
[https://wiki.mozilla.org/Security/Contextual_Identity_Projec...](https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers#What_is_.28and_isn.27t.29_separated_between_Containers))

I.e., Containers do NOT protect against some lower-level privacy
vulnerabilities like plugin enumeration or history-sniffing that are mitigated
more by using entirely separate profiles.

------
option_greek
Can't wait to say "Eat that gmail" (for annoyingly logging me into every other
google property).

~~~
groovecoder
This is the most satisfying experience I have so far using Containers. :)

------
moondev
I really love this. Will be a very easy way to keep gmail, aws accounts etc
separate. Awesome idea. No more temp incognito tabs!!!

------
Sanddancer
Is autocomplete also handled per container? There's an awful lot of privacy
sensitive info that can be gleaned from there but it's not listed as being
covered.

~~~
oconnore
I don't think a website has access to your autocomplete unless you select one
of them.

~~~
ponyous
Google has access when completing your query or wherever that autocomplete
goes.

~~~
groovecoder
You can disable search engine suggestions in the Firefox Search preferences,
if that's what you're worried about?

~~~
ponyous
I am not worried about anything I was just pointing out that there is still a
potential problem. I understand that for knowledgeable users like average joe
on hacker news is probably common sense to disable such features if he wants
"full privacy".

Anyways; it's not safe by default which should preferably be.

~~~
kingstonTime
Firefox can autofill password fields if you choose to remember them yeah.
There is a platform bug filed for making these container specific or choosing
not to auto populate when they were saved in a container.

The test pilot experiment is really to help us to figure out how people are
using containers.

------
amluto
IMO it would be awesome if we could configure a few privacy-related settings
per container. For example, enabling first-party isolation for Shopping would
be great. And creating a container that forgets cookies after a very short
timeout (kind of like private browsing) would be nice, too.

~~~
groovecoder
Independent of Containers in test pilot, we are planning to do a shield study
with variations of privacy-related settings toggled for users, then measure
and ask users how their web experience worked. The goal is to find improved
privacy related settings that don't break the web for people.

------
drdaeman
The section "How does the Test Pilot experiment differ from Containers in
Nightly?" isn't really clear. It doesn't explain what Nightly (and Developer
Edition) users should expect to what they use (if they're not willing to jump
to Test Pilot).

Are container tabs are being moved out of the browser core to the Test Pilot
walled-garden extension store? Or Test Pilot extension is just enabler and all
the stuff is still in the core? Or core is becoming chromeless/API-only and
extension does the UI? Or both systems are going to be developed in parallel
(or maybe Test Pilot is fast-ring and built-in stuff is a snapshot of whatever
looks stable at relase time)? Or is it something else?

~~~
callahad
All of the machinery is in core, and will stay there (much of it is also
depended on by the Tor uplift project's first party isolation features). This
Test Pilot experiment is predominately about iterating on the UI.

Test Pilot isn't a "walled garden extension store." It's just a bunch of
normal Firefox add-ons that are authored by Mozilla and happen to be
explicitly experimental / ephemeral.

~~~
kingstonTime
Yeah Test Pilot just is there to help us gather more data on how people use
Containers so we can shape it's future. Lots of people are asking for features
and we would like to concentrate on the ones that users would like.

Containers are indeed internal to the browser using origin attributes which
are a platform feature. We have opened this up to extension authors also in
WebExtensions so they can play with ideas also.

~~~
drdaeman
Thanks. Good to know containers are in the core.

Telemetry isn't an issue. If anything, it can be fully disabled. And yours is
done right - all the data sent is properly described and observable. (Although
it would be cool if there'd be a helper "let me decide later" mode when I can
let browser collect data for a short while, get notified to review it, and
then decide whenever it contains anything I consider sensitive or not...)

Maybe this is silly and irrational, but... While it's all your work (and thank
you for this!) and decision, it just somehow doesn't feel right that an
locally-installed software - no matter how experimental - is ephemeral, almost
like it's not a software but a service. With normal AMO addons - even the
experimental ones - I can browse the version history and roll back if
something's not right. Test Pilot feels like end-user is completely out of
control of whatever happens (unless they don't participate and just install
from Git repos).

~~~
groovecoder
You're right. We keep control over the experiments so that we know the
consistency of the data we're measuring.

A problem with using our full release channel Telemetry is that so many users
have so many variables it's hard to compare apples to apples. E.g., was their
performance issue caused by a setting, an add-on, the site they were on, or
Firefox itself?

Test Pilot experiments give us some controls and parameters on the experience
so we have a clearer idea of what's causing what.

------
eliaspro
Is there any chance those could be synced with KDE Plasma's Activities (which
implements a quite similar concept on the DE level)?

The biggest issue with using Activities has always been that browsers know
nothing about them, so when clicking a link in any application, it was opened
in the most recently active browser window - no matter which activity it was
on.

So ideally there'd be a way to have Firefox simply inherit KDE Plasma's
Activities as Containers, so one wouldn't have to maintain and somehow map
Activities/Containers for both at the same time.

~~~
groovecoder
That's a neat idea. Is there a bug for it in bugzilla?

------
mozillian2017
People interested in this may also like this add-on, which I've been using for
years: [https://addons.mozilla.org/firefox/addon/private-
tab/](https://addons.mozilla.org/firefox/addon/private-tab/)

It lets you open private tabs in the same window as regular tabs.

------
webwanderings
How is this different from Profiles?

~~~
jgruen
Containers are per-tab and isolate only tracking-related data (not bookmarks
or history, for now). Also containers don't require that you open multiple
instances of Firefox.

------
remx
From the post:

> _How will users know what context they are operating in?_

I find that themes are great for knowing what context I'm in, like the Totem
mechanism in Inception. I'm not sure if we can have a different theme for each
container though.

~~~
groovecoder
Another good idea. I filed an issue in the repo for this. Add +1's here:

[https://github.com/mozilla/testpilot-
containers/issues/343](https://github.com/mozilla/testpilot-
containers/issues/343)

------
CommanderData
i love this brilliant idea, i have always needed something like this and as
substitute i've been using two browsers.

