
Facebook Container for Firefox - aaossa
https://www.mozilla.org/en-US/firefox/facebookcontainer
======
cornholio
Third party cookies, and any way to fingerprint a specific user starting from
high entropy user agents to screen resolution, font fingerprinting or canvas
data, should be considered a breach of the browser security model.

All sites should run in containers and no advertiser should be able to track
you across sessions. When I want 3rd party interaction, I should need to opt
in and connect the current site with Facebook or some other 3rd party.

~~~
mih
Ever encountered Google ReCaptcha when you've turned off third party cookies
or while in incognito/private mode? It's a nightmare, even if you're logged
into a Google account. You can be shown upto 7-8 challenges, painfully slow
loading images and Google's insistence that they encountered malicious traffic
from your IP when attempting to use the audio version. What's even worse is
they track your mouse movements and fast solvers like me are penalized since
they think I'm not human anymore.

As much as I hate third party cookies, turning them on drastically simplifies
the captcha solving process. So much so, I now use a separate browser profile
with third party cookies allowed, just for the sake of captcha heavy sites.

Given that Google benefits by tracking my activities and free labor from my
captcha solving, they will always punish privacy conscious users via such dark
patterns.

~~~
ldjb
The optimist in me thinks that if browsers started to disallow third party
cookies, ReCaptcha might have to adapt to the change and make it easier to
solve if third party cookies are blocked. After all, if they didn't, they'd
risk website owners moving away from ReCaptcha because visitors could no
longer interact with the site.

The pessimist in me thinks that if a browser were to disallow third party
cookies, users might simply switch to a different browser that does allow
them.

~~~
eugeniub
I don't think it has so much to do with reCAPTCHA as much as it has to do with
Cloudflare and website owners themselves. Most reCAPTCHA challenges come in
the form of Cloudflare challenge passage pages. Website owners have 5 options
to choose from regarding challenges:[1]

— Essentially off: Challenges only the most grievous offenders

— Low: Challenges only the most threatening visitors

— Medium: Challenges both moderate threat visitors and the most threatening
visitors

— High: Challenges all visitors that have exhibited threatening behavior
within the last 14 days

— I’m Under Attack!: Should only be used if your website is under a DDoS
attack (Visitors will receive an interstitial page while we analyze their
traffic and behavior to make sure they are a legitimate human visitor trying
to access your website)

I think a lot of companies set it to "High" and forget about it, not realizing
that it's ruining the experience for a lot of users.

[1]:
[https://www.cloudflare.com/a/firewall/ebelinski.com#security...](https://www.cloudflare.com/a/firewall/ebelinski.com#security_level)

~~~
user5994461
It doesn't ruin the experience of anyone except a couple of overly technical
users and customers in the wrong locations.

It's very good at blocking malicious traffic though and it's totally worth
losing a pair of users for that.

~~~
eugeniub
Yes, it's the users that are wrong!

------
narag
We're going from cold war to all-in.

Not just a privacy question. Reddit nags me every time I hit the front page,
even returning from a story, asking me to log in. For most sites I need to
create ublock filters to prevent pop-ups with useless "we use cookies",
subscription requests, ads or social media bars that fills half the screen,
etc. etc. etc.

Every newspaper I read has decided that autostarting video and streaming is a
good idea.

Yes, HN is OK, but sites that it points to are not.

I'm giving up on the web.

~~~
jackgolding
When you mentioned reddit I thought you were talking about their "install the
app" pop up. They have by far the worst mobile experience out of any site I've
use more than once in the last 2 years.

~~~
dkasper
Fortunately it takes one tap to update your preference to have it stop nagging
you to install the app.

[https://www.reddit.com/r/redditmobile/comments/6hk9ot/androi...](https://www.reddit.com/r/redditmobile/comments/6hk9ot/androiddear_reddit_no_i_do_not_want_your_app_stop/)

~~~
brynjolf
It should not be opt-out though

~~~
sancha_
How would you ever know it exists then. No, they should give you the option to
be reminded again, or be done with it. But since we are talking about deleting
all cookies, where do you think this information would be added?

------
07d046
I used Firefox's containers for about a day, and then I discovered the
privacy.firstparty.isolate option (in about:config), which effectively gives
every site its own container with no user effort. That, combined with Cookie
AutoDelete, seems to work well.

~~~
minot
My use case is multiple Google accounts. I can log in to multiple Google
accounts at the same time in different containers and answer emails very
easily.

~~~
Someone1234
You can be logged into multiple Google Accounts at the same time without the
extension. Just click the little profile icon in the top right and click "Add
Account."

I'm logged into four, including a Gapps account.

~~~
swsieber
Have they fixed the issues though where some of their apps only work with the
primary account you're logged in with? (e.g. the first one)

~~~
fphilipe
Google Play Console only works with your primary account.

------
newscracker
If you use Firefox Containers, including the Facebook Container, please also
use Cookie AutoDelete [1] to get rid of cookies from closed tabs across
containers. Otherwise, in my observation, sites will still be able to track
you if you reuse a container (even after closing all tabs of that container)
for a specific site.

[1]: [https://addons.mozilla.org/en-US/firefox/addon/cookie-
autode...](https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/)

~~~
andrewaylett
It sounds like you're after Temporary Containers:
[https://github.com/stoically/temporary-
containers](https://github.com/stoically/temporary-containers)

That gets you a clean container every time you click the button. Very useful
for development testing, too :).

~~~
baq
what's the use case difference between that and porn mode browsing? i can't
really tell when i should use one and the other.

~~~
pedroaraujo
The best feature (at least for me) is that you can whitelist some specific
websites to always open in a new temporary container, without any extra
effort, while leaving the rest of your websites like they are today.

For example, I have YouTube (and any other Google website) to always open on a
temporary container but other sites like HN and Reddit are on a normal and
permanent container.

------
walrus01
If anyone in your household uses FB from the IOS or android mobile app from
wifi, it will have both your IP address and GPS coordinates. Correlating that
multiple people share one residence or workplace is easily done for FB. You
can keep playing a shell game like run all your desktop PC traffic through a
VPN somewhere so that the FB container doesn't show up as the same
geolocation, but you or an ignorant non technical user you live or work with
will slip up.

Edit: fb also buys geolocation data from organizations that do the modern
equivalent of wardriving. Correlating GPS location with RSSI of specific wifi
SSIDs and AP MAC addresses. If anyone near you uses the app, even if their
phone has all location services turned off, you're still geoprofiled to within
a city block.

~~~
dao-
What's your point? Facebook still won't know what websites you visit on your
PC. It also doesn't have geolocation access there unless you explicitly grant
it.

~~~
walrus01
That the targeted advertising and profiling will still come to you. Live with
a person who joins fb mommy groups and buys diapers online? Prepare for a
barrage of relevant ads. The main point is that the combination of
relationship-inference and geolocation can undo probably 70% of your own
privacy protection measures, through ignorant ordinary use of the fb app by
friends, family and coworkers. Then combine that with fb facial recognition
profiling from photos third parties may upload...

~~~
dao-
Sure, they will still track you as best as they can (though as I said Facebook
doesn't have geolocation access on desktop). This doesn't change the fact that
without your browsing profile, Facebook will have less knowledge about you
than it would normally have, period. Facebook can't "undo" that.

~~~
addicted
I think that was the OP’s point. FB woule have geolocation information on you
because thanks to someone else’s use of your WiFi network on their cellphone,
FB can now associate your IP address with a geographical location.

So even though you’re on desktop and haven’t provided them with location
permissions, they can still identify your location based on your IP address.

~~~
dao-
Ah, okay. I still don't see how this would undo preventing Facebook from
knowing what websites you visit. The location of your PC seems like an
entirely separate data point.

------
jacobsenscott
I've been trying to use Firefox's containers for a while. They are pretty
clunky - you need to open a blank container tab using a menu and then enter
the url. I forget to do that all the time, so after some time you are just
logged into everything in the "global" container, or logged in to google and
twitter in the same container etc.

 _If you check the "Always open this page in this container thing" \- then it
prompts you with an "are you sure you want to open this page in this
container" every time you go to that page which is very annoying._ Edit - this
is not true - there's a checkbox to "remember your choice". I don't know why I
didn't see it.

They are error prone enough that they aren't good tracking protection. Just
use ublock origin or a similarly good privacy plugin to globally block as much
tracking as you can.

The facebook container eliminates some of those annoyances, but only for
facebook.

~~~
jakecopp
> then it prompts you with an "are you sure you want to open this page in this
> container" every time you go to that page which is very annoying.

That isn't true - you say yes/no the first time and then it's automatic. Works
great for me.

I create a container for every service I want to stay logged into and
whitelist the specified sites with Cookie Autodelete (which is container
aware), then auto delete all other cookies on tab close.

~~~
function_seven
Yeah, I'm not getting it after the first "Are you sure?" prompt, but that
first one is annoying. I already checked the box asking to always open foo.com
in a specific container. Why is it asking again?

Also, I'd love to do this in my bookmarks, instead of having to visit each
site and set the container one-by-one.

~~~
zjs
> I already checked the box asking to always open foo.com in a specific
> container. Why is it asking again?

I have some sites that I almost always want to open in a specific container.
Except when I don't.

I suspect this double-confirmation is for people like me: I can chose between
"always open this site in this container" and "always suggest opening this
site in this container".

~~~
kbenson
I actually have a few cases like this as well, but they are very common cases
I encounter 20-30 times a day.

I thought containers were clunky too until I went looking for bug reports for
the functionality I wanted (always open domain in container) and found out I
just wasn't using them right.

I'm actually really impressed with how polished it is given the complexities
it entails

~~~
infogulch
Is there an official article/tutorial detailing how to use them and use cases
with examples?

~~~
kbenson
From searching I just found a Mozilla help page[1] that seems to have much of
the useful info, along with some links to other articles.

Not sure of it or something similar was referenced at some point during the
extension install process.

1: [https://support.mozilla.org/en-
US/kb/containers](https://support.mozilla.org/en-US/kb/containers)

------
amelius
IMHO, this is how containers should really work:

\- Every website (domain) should get its own container by default. I _don 't_
want to configure stuff when visiting a new domain.

\- If I want domains to share a container, then I don't mind having to
configure that.

\- When clicking a link inside a container that points to a different domain,
then the link should open in the container for the domain pointed to.

\- When clicking a link, I should have the opportunity to edit the link before
opening it, to avoid information leakage from one container to another.

\- Cookies may be saved per container (default). But I should be able to turn
cookies off for a specific container.

\- Containers should work against fingerprinting, i.e. by perturbing browser
characteristics slightly. This should work by default per container and per
session. It should be configurable.

\- If some well-known websites only work with multiple domains, then that is
ok. These domains can be grouped into one container. Firefox can distribute a
"whitelist" for such configurations. Please don't bother me with the
specifics, but enable me to figure out what the settings are for a container,
and to change those settings.

\- Container settings should be synced over my devices. Needless to say,
containers should work on all platforms.

~~~
amelius
Btw, the ground rule I used here is that the amount of "security-related
mental-gymnastics" I have to perform to stay on the safe side during normal
browsing _should be zero_.

------
Insanity
Don't blame them for taking advantage of the current media attention facebook
is getting to bump firefox containers a bit! It's pretty neat technology.

------
tylerl
/sigh. Yet another "privacy" solution that's solves the wrong problem.

You prevent the big bad company from _spying_ on your browsing activity while,
at the same time, explicitly posting to the big bad company's first-party site
messages containing all the juicy bits of private information that you went
through all that effort to prevent them from inferring through your other
activities.

And we pretend this is helping, rather than just adding noise to an already
confusing technical landscape.

~~~
TheRealPomax
Sorry, you're not seriously entertaining the idea that browsers should just
turn off facebook for everyone, are you? There are plenty of parts on this
planet where facebook is the main page in people's lives, like it or not, and
the problem to solve is one of people's attitude towards that being okay. Not
the availability of facebook. You don't change people's minds from "this is
useful to me on an hourly basis" to "I won't use this" without going through
(many) intermediate step(s), and this is a GREAT intermediate step for those
people who can't (for whatever reason) give up facebook, but do understand
that maybe it's time to restrict what facebook sees a little. And then we keep
the pressure on, as society. This is a long battle, we're nowhere near done.

~~~
some_account
Big companies like this never go away. They just reshape their public image
and keep doing what they are doing. The Facebook thing will blow over. He has
friends in high places. Right now this is a show for the public. Later its
forgotten and Zuckerberg is back doing whatever he wants to do.

~~~
TheRealPomax
Big companies like this have never existed before. It's hard to remember, but
10 years ago there was no "massive Facebook" or anything of the same scale.
Amazon, Apple, you name it: NONE of them have been around long enough for a
claim that "they never go away" to make any kind of sense.

~~~
sametmax
The same shape no.

But big invasive entities have always existed. In france, coal mines almost
owned the lifz of their worker : when they shop, where they slept, etc. News
were only on a few newspapers or tv channels linked to the same top people,
one source of info to tell you what to think, do and to buy.

The government has always collected a lot of infos to.

Before that, the church did. They polished the global personnal data
collection but called it confession. They mastered the ad, it was for all
people to see on sunday. Very useful for population control and black mail.

So unless people learn to see the red flags and react, the next wolf will it
the sheeps like always.

------
strogonoff
Made a jump to Firefox as primary browser on macOS this month. My setup
involves heavy use of the new containers feature and a tree-style vertical tab
panel, which AFAIK is unique to Firefox and offers neat visual browsing
history.

Extension rundown:

— kesselborn’s Conex, a Spotlight-like quick container switcher/tab finder.
It’s set to auto-hide tabs not in the current container, and I use it to
routinely create one-off containers for specific tasks

— piro’s Tree Style Tab, with a workaround setting to make it play well with
Conex and a couple of custom styling rules

— MarsCat’s Switch Container, which allows to re-open a tab in another
container (used with caution)

What unblocked the switch for me:

— There’s now a working tree-style tabs extension in Quantum

— The new Web Authentication API removes the need for Keychain integration in
the long run

I’m wary of getting too used to a heavily customized setup, and am still
figuring out the best way to back up my Firefox profile. Previously I relied
mostly on stock Safari and Chrome, which is still great for its developer’s
tools.

~~~
kodablah
> tree-style vertical tab panel, which AFAIK is unique to Firefox

For the major browsers, yes. Some Chromium off-shoots have them though.

~~~
strogonoff
I stand corrected, also I should’ve added “on Macs”. I’ve been keeping an eye
on Doogie[0], but its maintainer doesn’t have the resources to maintain
another build.

Curious if anyone can weigh in with similar alternatives available on macOS.

[0] [https://cretz.github.io/doogie/](https://cretz.github.io/doogie/)

~~~
kodablah
You're talking to the maintainer :-) Yeah, I don't use Apple products so
looking for someone to do the work. In the meantime, I am not too familiar
with mac alternatives, but these days CEF, QtWebEngine, etc aren't that
difficult to use if you want to roll your own (mine is just Qt + CEF).

~~~
strogonoff
Hey, that’s unexpected and awesome! I hope to be able to help with the build
after I upgrade to latest OS version.

Concepts on which Doogie is built sound very reasonable and I’m pretty sure
they inspired my current setup. Native approach to bubbles vs. workspaces is
better than shoehorning containers and tree-style tabs into that with a bunch
of extensions in Firefox.

------
JoshMnem
You can also run multiple Firefox profiles at the same time, each with
different extensions. Something like:

    
    
        $ firefox -ProfileManager -no-remote &
    

Also interesting:

[https://github.com/mozfreddyb/webext-
firstpartyisolation](https://github.com/mozfreddyb/webext-firstpartyisolation)

[https://github.com/stoically/temporary-
containers](https://github.com/stoically/temporary-containers)

~~~
cpeterso
You can also create and launch Firefox profiles in a running Firefox instance
on the about:profiles page.

------
chmike
I have a similar need for Google. I have two gmail accounts. One is to
preserve my privacy. But I can only open one at the time. That's acceptable
since I forward mails.

But then, everything I do at Google is tracked and associated with this opened
gmail account.

Once we are connected to Google, we are kind of logged in Google. They can
track everything we do, even searches.

The problem I'm facing is that I can't keep the Google agenda opened for one
user, and be connected to Google gmail as the other user. That's how far the
"logging to Google" has got.

~~~
ttctciyf
Why not use different browsers, like chrome and firefox, or, purely within
firefox, different browser profiles?

~~~
pritambaral
Or, purely within the same Firefox profile, different containers? (I recognize
that that's coming back to square one.)

------
jakecopp
In my opinion Containers are the best thing in Firefox. I'm sacrificing
battery life just so I can use them on my Mac.

I finally feel free to search for whatever I want and not have second
thoughts.

~~~
ReverseCold
> I finally feel free to search for whatever I want and not have second
> thoughts.

Doesn't Google also link sessions through IP Address? That combined with "how
you usually browse" \+ interests is a very powerful deanonymization tool.

~~~
jakecopp
You may be very right.

I haven't encountered any targeting related to search terms yet, but I'm sure
they have the capability.

I do need to make the leap to DuckDuckGo at some point!

~~~
rocgf
Making the leap to DDG was way easier than I thought and I am really pissed
now that I didn't do it months ago. As other have said, you can generally find
anything you want and, if not, you always have !g. However, I now have an
intuition as to what sort of searches might yield good results. Either way, I
encourage everyone to do it. Just change your search engine to DDG in your
browser and, after a couple of searches, you will forget it's not Google.

------
cosmotron
Here's a link to when this was first appeared on HN (March 27):
[https://news.ycombinator.com/item?id=16688681](https://news.ycombinator.com/item?id=16688681)

The comments have input from the add-on's author (groovecoder).

------
dasanman
Its funny with all the focus on Facebook, while Google tracking is so much
more widespread

~~~
isostatic
Google didn't elect Trump

~~~
LowDog
Yeah, the American people elected Trump in an extremely rare case of the
public taking back the election from corporate behemoths.

But let's pretend that Google hasn't had enormous sway over the White House
and hasn't been rubbing shoulders with Obama and other Democrats [1][2][3][4].
Let's also ignore the fact that much of Silicon Valley publicly supported
Hillary and opposed Trump, with big outspoken critics including Microsoft,
Faceboook, and Apple.

It's a shame to see indoctrination stretching to users of this site such that
people here legitimately believe that a bunch of Russians locked away in some
computer lab single-handedly elected the only man who challenged the prospect
of perpetually living under the oligarchical thumb of the Bushes and the
Clintons.

[1] [https://theintercept.com/2016/04/22/googles-remarkably-
close...](https://theintercept.com/2016/04/22/googles-remarkably-close-
relationship-with-the-obama-white-house-in-two-charts/)

[2] [https://www.washingtonpost.com/politics/how-google-is-
transf...](https://www.washingtonpost.com/politics/how-google-is-transforming-
power-and-politicsgoogle-once-disdainful-of-lobbying-now-a-master-of-
washington-
influence/2014/04/12/51648b92-b4d3-11e3-8cb6-284052554d74_story.html)

[3] [https://www.theguardian.com/us-news/2015/dec/18/google-
polit...](https://www.theguardian.com/us-news/2015/dec/18/google-political-
donations-congress)

[4] [http://dailycaller.com/2017/08/09/google-higher-ups-love-
don...](http://dailycaller.com/2017/08/09/google-higher-ups-love-donating-to-
democrats-not-republicans/)

~~~
pritambaral
This is off-topic, and your idea of how Trump got elected is not the only — or
even one of the popular — view.

Closer to the topic: what Facebook enabled was far more effective targeting,
by agents not authorized by the targets, on a massive scale. That's a lot
different than the "bunch of Russians locked away in some computer lab single-
handedly elected" rhetoric.

~~~
LowDog
It's as on topic as the parent comment. I have to yet to see even a single
fact to back up your claim. If someone is going to spread disinformation and
not present any facts, then I am going to post a sourced rebuttal. Feel free
to change my mind with actual facts instead of undermining the voters who
disagreed with your political outlook and then blaming the results on some
ludicrous notion of a bogeyman.

~~~
pritambaral
Yes, your parent comment introduced the topic of Trump's election, though
still in the context of online tracking. Pardon my poor choice of words above.

> I have to yet to see even a single fact to back up your claim.

Here's the first result from a Google search I just did:
[https://www.wired.com/story/russian-facebook-ads-targeted-
us...](https://www.wired.com/story/russian-facebook-ads-targeted-us-voters-
before-2016-election/)

> If someone is going to spread disinformation and not present any facts, then
> I am going to post a sourced rebuttal.

I don't see any sourced rebuttal.

> instead of undermining the voters

I didn't undermine any voters. I made no claims about any voters. I commented
only on the targeting, and that the targets hadn't consented to their data
being accessed.

> blaming the results on some ludicrous notion of a bogeyman.

A calmer rhetoric would be more productive to discourse. Targeted advertising
is not a "bogeyman". Stolen data and privacy concerns are not bogeymen. That
people put up lots of private info that can be used to accurately profile them
is a fact. That ads can be effective has been proven from the time ads were
invented, and that targeted ads can be even more effective — especially in a
political context — has also been studied and concluded lots of times. See [1]
and [2].

Frankly, now that you've brought up backing of claims, I'm a bit discouraged
to have to defend stuff like this against clearly biased political rhetoric.

1:
[http://politics.oxfordre.com/view/10.1093/acrefore/978019022...](http://politics.oxfordre.com/view/10.1093/acrefore/9780190228637.001.0001/acrefore-9780190228637-e-217)

2: [https://www.gsb.stanford.edu/faculty-
research/publications/a...](https://www.gsb.stanford.edu/faculty-
research/publications/advertising-effects-presidential-elections)

------
msravi
I've used a separate container tab for facebook in firefox (nightly) for some
time now, along with uMatrix, uBlock origin, and privacybadger. I downloaded
my info from fb a few days ago, and was pleasantly surprised at how _little_
info they had on me - they only have 2 advertisers with my contact info (email
id). I click stuff on fb, but don't post, and occasionally have had message
exchanges with friends.

------
dilliwal
I did the same for many years, blocking third party cookies, having a
different browser profile, but none matters.

Recently I downloaded all my fb data and I found that fb gives a tool to
advertisers where they can upload my contact information to join all the dots.

The heading says "Advertisers who uploaded a contact list with your info"

[https://imgur.com/a/FRsUP](https://imgur.com/a/FRsUP)

~~~
Antrikshy
That's kinda the opposite. The brands somehow had your info (from accounts you
may have created with them, for instance), which they explicitly imported into
Facebook specifically to show ads to you etc.

~~~
dilliwal
Yes, it seems like that, and thats what I am trying to say, that browsers are
just one vector, users information is collected from number of sources: \-
apps you use on your mobile \- your email/phone (example: which you gave to a
Pizza company is same as of your fb) \- Your address which is with a local
store nearby etc. etc.

All this information is collected to connect all the dots.

When I was going through the advertiser list, I was kinda shocked coz I never
give my any detail to them, and still they have somehow uploaded it to fb. FB
should ask the advertisers about source of data.

------
zyztem
Unsurprisingly there is no Google container for Firefox

~~~
asdsa5325
You can use containers for any website / group of webistes.

The specific Facebook-only container extension is for people who don't want to
hassle of organizing their containers themselves and only want one for
Facebook.

~~~
gowld
Hey why is Firefox giving Facebook preferential treatment?

~~~
lucb1e
Preferential? Other than publicity, I'd say it's the opposite. Though I see
your point.

------
gerardnll
I don't trust Facebook. I am 'aware' of the importance of privacy. I install
'Facebook Container' because I prefer to install an extension to keep Facebook
kind of controlled than to delete my account.

It doesn't make sense to me. If you are so privacy concerned it seems to me
that the step you should take is to delete your account but not to look for
ways to avoid being tracked by the company you don't trust, although you use
its services.

If this extension is not for Facebook users but for everyone, why don't
implement it by default and for a lot of other websites?

~~~
siddhant
> It doesn't make sense to me. If you are so privacy concerned it seems to me
> that the step you should take is to delete your account but not to look for
> ways to avoid being tracked by the company you don't trust, although you use
> its services.

A lot of people I know use Facebook because they _have_ to. For instance, a
friend of mine keeps track of job postings that are only posted in certain
Facebook groups.

I would modify the argument such that if you're so privacy concerned, don't
put any personal information on Facebook, and limit what Facebook has access
to (which is what the container extension is doing).

------
badloginagain
Im using uBlock origin and PrivacyBadger, will this cover something Im
missing?

~~~
asdsa5325
PrivacyBadger might not block all trackers. Firefox containers "block" _all_
trackers (or rather, they allow all trackers but limit the information they
can gather completely).

------
Klasiaster
GNOME Web (Epiphany) lets you easily save a web page as web application, so
that it gets an own desktop icon and browser profile to separate it from your
normal browser.

------
jrochkind1
Heck yeah, I've been dreaming of this for a while. Or really, something that
can work on _any_ website you configure it to work on, not just fb.

Or specifically, I'd love one that worked for google search (not neccesarily
all google products, which would be hard, but one which let me search without
being able to tie me to my other internet use including other google
products).

~~~
calvinbhai
Checkout Ghostery. It does a pretty good job with blocking trackers of any
type. Ghostery is owned by a company that is backed by Mozilla, and claims to
not share any data with third parties.

~~~
jrochkind1
I've been using Disconnect, I may try Ghostery instead.

Disconnect inteferes with a lot of websites from working, and I think (like I
think Ghostery which works similarly) does not do the same thing(s) that
Firefox Containers do. I actually didn't realize the general Firefox
Containers feature existed, and will also explore that more.

------
cJ0th
They have the right intention. But how is this useful? As far as I can tell,
it does not prevent FF from leaking information that helps FB generate a
fingerprint. I'd still reveal the same IP address (would be cool if Mozilla
provided a VPN that all FB traffic goes through), the same browser, the same
OS, screen resolution etc...

------
BuckRogers
I'm glad they released this and hit got some headlines because I tried it,
realized how necessary it was and then learned about Firefox containers in
general.[0]

Now I'm using them for Gmail, Youtube, Twitter & FB. The three amigos, the
internet bad guys. I really should just delete the last two accounts, but I
feel a heck of a lot better now. I used to keep those in Microsoft Edge, a
browser pretty much relegated to that dirty, social media duty alone. If I can
use Firefox for everything, and cut off Google while I'm at it, even better.

[0][https://www.youtube.com/watch?v=Gy7lyvAfOSw](https://www.youtube.com/watch?v=Gy7lyvAfOSw)

------
jammi
I hadn't used Firefox for anything practical in years except testing things of
my own for compatibility. Now I launched it from a clean state, installed that
extension and logged into Facebook... and it is still slow as molasses. It
feels like downgrading the hardware to something 1/10th as powerful than what
I'm used to. My point of comparison on this hardware is Safari, which I use
for regular everyday default web browsing. It's not just Facebook on Firefox
either; everything is sluggish and even typed text lags noticeably behind,
which is something I hadn't experienced on anything since the iPhone 4 iOS 7
upgrade.

------
shiado
Can't this be easily bypassed by Facebook? Given the amount of information
usable to fingerprint browsers with JS enabled can't FB do some basic tricks
like IP + WebRTC local IP + WebGL fingerprint + Canvas Fingerprint , etc...?

~~~
bencmbrook
Yeah, their fingerprinting would be incredibly well trained, and I imagine
would work perfectly well on sparser data.

------
drinchev
This should be enabled by default in Firefox, as is the tracking in Facebook.

Hardly will Facebook care for the couple of hundreds that install and use
something like this, but it will be much more efficient if browsers are pre-
enabled with this feature.

~~~
dest
It may not be completely legal for Firefox to do that. I don't know though.

------
tomc1985
Is this any different than Firefox's regular container support?

~~~
cptskippy
It's got Facebook in the name to ride the hate wave? I'm so glad Mozilla hired
a Marketing team... /s

~~~
Blaaguuu
IIRC, this was just one engineer's side project to take their existing
container tech, which might be too 'advanced' for most users, and make a one-
off addon that more users might be interested in.

Do you think that Mozilla's marketing of Firefox as more privacy focused is a
bad thing?

~~~
cptskippy
> Do you think that Mozilla's marketing of Firefox as more privacy focused is
> a bad thing?

Not at all. This just strikes me as desperation, jumping on the hate train
against Facebook because it's easy. Instead I'd like to see them actually
develop their container functionality into a mainstream feature for the
browser that might gain enough attention to make people start asking why
Chrome, Safari, or Edge don't do the same.

I could see it very easily existing somewhere between the "New Window" and
"New Private Window" menu options. They'd just need to rebrand it as something
other than "containers" for the masses to understand it. "Private Window"
would have been good but unfortunately that's been taken, in hindsight they
should have gone with something that more clearly convey's the "burned after
reading" forgetful nature of the private window because I think private
conveys secret/isolated without the self destruction that comes with a
Private/Incognito window..

People understand the Private/Incognito window, it wouldn't be hard to explain
that a container window exists somewhere between a regular window and
Private/Incognito. They could also easily surface or suggest sites you might
want to containerize.

------
calvinbhai
Have been using Ghostery on Safari for quite some time, and I dont see how
this Facebook Container can be anywhere close to what Ghostery provides. The
number of trackers on any website, is just mind blowing.

I believe Ghostery works with all browsers and I strongly suggest everyone use
it, in addition to what ever ad blocker, container, VPN service you intend to
use, even if you are using Facebook Container for Firefox.

~~~
eugeniub
Ghostery has a shady history of selling data it collects on you to advertising
companies. The data collection feature was previously called Ghostrank, and
now it's called Human Web. I'm not sure what Ghostery does with the data since
it got acquired by Cliqz in 2017, but I'd be careful.

~~~
calvinbhai
Wow, good to know! thanks for sharing this info. Will check and figure out
what is a better alternative.

------
nimbosa
why not just use the Private / incognito mode every time you want to use
Facebook directly or indirectly?

That way any Facebook-owned service like logins and website comments plugin
will work as expected but will not follow you around in your regular browser
window!

________________________

From the extension page:

> "Clicking Facebook Share buttons on other browser tabs will load them within
> the Facebook Container. You should know that using these buttons passes
> information to Facebook about the website that you shared from."

> "Because you will be logged into Facebook only in the Container, embedded
> Facebook comments and Like buttons in tabs outside the Facebook Container
> will not work. This prevents Facebook from associating information about
> your activity on websites outside of Facebook to your Facebook identity.

> In addition, websites that allow you to create an account or log in using
> your Facebook credentials will generally not work properly. Because this
> extension is designed to separate Facebook use from use of other websites,
> this behavior is expected."

------
sammorrowdrums
They have a newer version that can handle custom isolated tab groups not just
Facebook.

[https://addons.mozilla.org/en-GB/firefox/addon/multi-
account...](https://addons.mozilla.org/en-GB/firefox/addon/multi-account-
containers/)

~~~
so33
The Facebook container is the "newer" extension, IIRC, released after the
Cambridge Analytica news. Both extensions use an API called
contextualIdentities: [https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/AP...](https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/API/contextualIdentities)

------
TekMol
Looks like what it does is deleting a bunch of cookies.

If it only was that easy!

The real problem is not cookies.

I can already delete those.

The real problem is fingerprinting.

~~~
yetanotherjosh
And all this talk of cookies leaves out html5 features like localStorage.
Targeting only mechanism for tracking does not solve the tracking problem.

------
baalimago
This might have been commented already, but: maybe have something similar for
Google also? Now I'm not an expert, but ghostery/duckduckgo privacy
essentials/ublock and so on "blockers" tell me that Google is responsible for
a majority of the tracking

------
atonse
Uh it says I'm on Firefox 52 and can't install this. But I'm on Firefox 59.

~~~
evilpie
You probably have the privacy.resistFingerprinting preference set to true.
This spoofs your browser version.

~~~
atonse
Yep that fixed it. Thank you!

------
benevol
I'm in favor of putting Facebook in a container.

I further suggest to throw the container into a fire.

------
TheCapeGreek
What makes containers and other related things here better than just
downloading something like PrivacyBadger and using some anti-tracking uBlock
lists? I'm assuming it's because some things might still fall through the
cracks?

------
moocowtruck
cool, but if anything tells me there's something wrong with permission systems
it's this... the permissions it asked for, if that was any extension i'd be
leery of it, but since this is from mozilla i trusted it..

------
miken123
What I cannot find anywhere: how does this compare to Firefox' tracking
protection feature? That would already block third-party requests to Facebook
on other sites, wouldn't it?

------
mehrdadn
How in the world do you get this to work with subdomains in the general case?
How do I just say "open all [sub]domains under example.com in their own
container, end of story"?

------
amelius
What about this is specific for Facebook?

Why not apply it to every website we visit?

------
bhu1st
I don't use Facebook much but when I login I've been using Internet Explorer
just for browsing Facebook. Otherwise IE would just sit there on my MS box.

------
Kequc
I would like to isolate every website I visit into a container, such that
cookies or other tracking mechanisms are unable to be effective while on other
pages.

~~~
tehlike
What about ips?

~~~
dredmorbius
To an extent, Tor can address this, though many sites make this exceedingly
painful (Captchas, rate-limiting, outright blocking), and Tor itself is slow
-- to set up, bandwidth, and latency.

I'm not sure if some middle tier of connection indirection, content caching-
and-forwarding, or other mechanisms, might better address this.

There are protocols such as IPFS and browsers such as Min which might be a
partial response to this:

[https://minbrowser.github.io/min/](https://minbrowser.github.io/min/)

------
kgoutham93
What's a Firefox container and why should I use one ?

~~~
dao-
As the page explains: it prevents Facebook from tracking you across the Web.

~~~
kgoutham93
No I read it, but I want to understand the technical details like how is this
different from using Facebook in incognito window.

~~~
dao-
Using Facebook in private windows only is a reasonable workaround that
achieves roughly the same if you're disciplined. The addon is more user
friendly.

------
piyush_soni
Is the 'Facebook Container' extension different from I creating a new
container myself and keeping only facebook in it?

------
k__
Half-OT: Somehow pages like dev.to or whatsapp always get opened in the
default container, even if specified otherwise.

------
wufocaculura
for those wondering what's the difference between Facebook Container and
Multi-Account containers:

[https://support.mozilla.org/en-US/kb/how-facebook-
container-...](https://support.mozilla.org/en-US/kb/how-facebook-container-
different-multi-account-con)

------
roomate
Currently it is not about my privacy and data (those has been lost and given
away far ago). It is about my time.

------
Operyl
> In addition, websites that allow you to create an account or log in using
> your Facebook credentials will generally not work properly. Because this
> extension is designed to separate Facebook use from use of other websites,
> this behavior is expected.

As much as I love these kinds of things, this is going to break something for
my less tech-y family. As such, I can't let them use this kind of thing.

~~~
briandear
Maybe you should can’t let them use Facebook logins?

~~~
Operyl
They have existing apps that wouldn't let them do that. I'm not about to
control my mother's choices.

------
dbalan
I like this, but 2018 Internet is essentially needing this for _every_ website
you visit.

------
_pmf_
Time for a Facebook browser, I guess. Circumventing the middle man is the next
logical step.

------
chicob
Firefox Containers don't seem to work in Private Mode. Also Privacy Badger,
btw.

~~~
yoavm
How would you use Firefox Containers _in_ Private Mode? Private Mode is
essentially a container that destroys itself when you close it.

~~~
chicob
Well, I didn't know that Private Mode worked as a container.

I thought it merely didn't store browsing history and cookies between sessions
by default, while allowing tabs to share data between them for each session.

------
tptacek
Is there an advantage to this over Chrome Profiles, a feature built-into the
browser?

~~~
pcwalton
See "How does this compare to the Facebook Container extension?":
[https://addons.mozilla.org/en-US/firefox/addon/multi-
account...](https://addons.mozilla.org/en-US/firefox/addon/multi-account-
containers/?utm_source=blog.mozilla.org&utm_campaign=firefox_frontier&utm_medium=referral)

It is also my understanding that Chrome Profiles are per-window, while Firefox
containers are per-tab.

------
gfody
can someone explain why this is necessary? shouldn't anything that happens
outside of any site stay outside that site, why a special extension just for
facebook?

~~~
dfee
Let’s say you go to example.com and they’re using a Facebook Pixel for
analytics - so example.com can continue marketing that widget to you after
you’ve left their site.

Well, when you visit example.com/shop/widget1 you essentially load a 1x1 pixel
image from the url ads.facebook.com/pixel?metadata=goes-here and you web
browser sends your Facebook cookie along side the request (as it does for
every request to _.facebook.com).

So Facebook knows what site you’ve visited and what your interest are so that
example.com can better market to you, their prospective customer.

The web relies on cookies so you can remain logged in, have a shopping cart,
and do most everything else that is stateful (though sometimes this stuff gets
implemented in the browser’s webdata cache called localStorage). The container
effectively makes the “session” - all data that is identifying - unique to the
tab. So you couldn’t open a second tab and remain logged in to your bank
account, for example.

_the urls are examples; I’m on my phone, not on my laptop.

~~~
d6de964
Can't the websites share that information with facebook by proxying that
information? It'd be the same workaround as for ads if you host them it's very
hard for someone else to block them, especially if you use dynamically named
divs, image sizes etc.

~~~
dfee
No. You’re not providing your Facebook cookie to the third party site. So,
there is no way to associate your identity on example.com with your Facebook
profile.

Think of it this way, if you have an authentication ticket, such as what is in
a session cookie, then you have access to your account. If someone intercepted
that ticket / cookie, they could maliciously act on your behalf and play
around on your Facebook - just like you. Your browser therefore doesn’t send
cookies to domains that aren’t specified as trusted by the originator of the
cookie; I.e. third parties.

So example.com and Facebook wouldn’t be able to associate the two identities.

*except of course through some interesting trickery like browser fingerprinting.

------
KKKKkkkk1
Great initiative. I'm wondering why no Google container?

------
gnanesh
I need a Google container for firefox.

~~~
mverwijs
There you go: [https://addons.mozilla.org/en-US/firefox/addon/google-
contai...](https://addons.mozilla.org/en-US/firefox/addon/google-
container/?src=search)

------
kunthar
i have deleted all facebook accounts. easy and clean solution. also i suggest
to use several browsers to login google accounts and browse daily. therefore
activities totally separated and tracking is getting hard with combination of
cookie removal. etags are still big problem though.

------
justme00
Up! Following.

------
thrwwy_cntnr
I normally avoid posting on threads like this, because there's more pile-on
then there is coherent discussion, but I think there are some things missed
here, and I want to elevate the discussion.

Let's take a step back for a moment from the fact that this is extremely one-
sided, since there are many sites used all over the web which have a view on
most of your browsing traffic, like Google Analytics (try and pry that from
the cold, dead hands of administrators), to reddit, to other ad networks. I'll
assume that the reader would just respond that we should do this for all
sites.

Think a bit about the generalized business model of contracting out to third-
party vendors. When you go the supermarket, it's very likely that the cash
registers came from IBM (at least in the US). When you go to a restaurant,
your payments are likely to be handled by Authorize.net (not to mention the
credit networks), when you go to a hotel, the wifi is handled by some third-
party company.

In each of these cases, there is a valuable service being provided to a
company, and any service that has a large enough market penetration has access
to a large amount of information about you. Third-party vendor relationships
are not going to go away.

So what does this mean for the net? What effect will this have on the world?
In the best case for anyone who thinks this is a good idea, it won't catch on,
doesn't go mainstream, and a small amount of invisibility is granted to the
few users who adopt this. But what happens if this were to become the default
way the web works? Think about the wrench/security XKCD (
[https://xkcd.com/538/](https://xkcd.com/538/) ). If browsers started doing
this, than the companies who depend on these services will just find other
solutions. Already, many sites use url redirectors in order to accomplish this
(think: Google Search), if we try to prevent redirects, then you break the
web.

Okay, nuclear option, we decide to break the web, and require all users to
manually confirm before doing redirects. There will be sites concerned enough
about the drops in traffic that would be caused by forcing redirects that
they'll stop using them. Does that mean this practice will stop?

Of course not! The next step is out-of-band network requests. You request data
from a site, they ping the third-party, no muss, no fuss, and you're never the
wiser. Well, what happens in that case? Suddenly, you go from a situation
where companies are using third-party services via the browser, where the end
user's interface to the third-party is entirely secured from the company
receiving the service, to a world where all of this information is proxied the
third party, meaning that instead of less companies being able to track you,
suddenly more companies are able to track you.

I for one, hope that this does not catch on. Not because I care one way or the
other about the tracking (I think there are better solutions _) but because I
think this is an effort that will hurt both the web, and eventually users.

_ My thoughts on this: I find this akin to state surveillance. It's
inevitable. The 'solution' to state surveillance is not hoodies and masks, but
instead sousveillance (which means granting distributed surveillance powers to
the masses, like way a large number of police issues came to light). Put the
power in the hands of the people. How does this apply to web traffic? Same
thing, instead of having traffic available to a few companies, make it
scattershot, and make sure everyone has access. Surfing the web? Make browsers
overfetch. DNS lookup for the letter p? grab everything from park to porn to
production. That way, there is no loss of power

------
dingo_bat
Now do it for Google!

------
_o_
Just as alternative, I am using this and it works great:
[https://github.com/jmdugan/blocklists/blob/master/corporatio...](https://github.com/jmdugan/blocklists/blob/master/corporations/facebook/all)

(I don't use FB)

------
EastSmith
Good start targeting one of the biggest offenders. Now make the next step
implementing full blown ad blocker the way Brave has done it.

~~~
dao-
Firefox has tracking protection. It's a pretty effective ad blocker for me.

~~~
dingo_bat
That's absolutely wrong! Tracking protection just results in dumber ads. But
they still clutter your pages and waste your bandwidth.

~~~
dao-
That tracking protection is a good enough ad blocker for me is absolutely
wrong? You do realize that tracking protection actually blocks ads, don't you?

~~~
dingo_bat
I did not know that, sorry. I thought it blocks tracking cookies and stuff.
Does it actually hide advert elements from the page? If yes, I can see how it
can be good enough for most people.

------
fiatjaf
Stop "containing" Facebook, just quit it. These workarounds are just keeping
you from facing the real problem: the time and mental effort spend on
Facebook.

~~~
sjwright
Quitting Facebook doesn't solve the problem that containing it solves.

------
hartator
Mozilla likes so much to trend, but this container wouldn’t have done anything
against the current Facebook leak.

~~~
Krasnol
It's not like they could have. They do what they can.

------
suyash
Firefox is one of the worst browsers in terms of security, so much malware
just slips right through it, not to mention web designers don't bother testing
on firefox much.

~~~
kjhkhhhhhb
Citation?

