
An Update on Firefox Containers - clouddrover
https://blog.mozilla.org/tanvi/2017/10/03/update-firefox-containers/
======
clumsysmurf
I love this feature, but it seems missing a critical thing. You can say
'always open websites A1, A2, A3 in container Y' but you can't say 'container
Y only hosts websites A1, A2, A3'.

After time the container gets polluted with cookies from links clicked on
website Ax.

Hopefully this gets fixed soon.

Edit: replaces 1 website with multiple websites

Edit 2 : Another useful feature, would be cookie policy per container. So when
I quit FF, I can delete all cookies except those in Container X

~~~
HanyouHottie
I think this is the only sane way to deal with cookies:
[https://addons.mozilla.org/en-US/firefox/addon/cookie-
autode...](https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/)
(or Self Destructing Cookies before Firefox 57)

~~~
drdaeman
AFAIK, C-AD has no support for DOM Storage or IndexedDB (or other legacy APIs
if they're still alive, like Application Cache), though. I think it doesn't
support Flash LSOs, too. It's very inferior to the SDC, and cannot be
considered a reliable solution for sites to forget you. Not its fault, just
that there are no APIs for this.

Nor there's any protection against HSTS and HPKP pinning, ETags or other
"supercookie"-grade stuff. I'm not sure even Contextual Identities are enough,
given that e.g. HSTS leaks into incognito mode if the flag was already seen in
non-incognito session. That's only a suspicion, though - I haven't checked it,
and it's well possible containers are isolated.

------
nicklaf
Any reason why new tabs shouldn't create an entirely new, isolated container
by default? And then allow the user to close tabs implicitly by performing a
merge operation with some existing container (say, dragging with the mouse
with a hotkey held down onto an existing tab group representing a single
container)?

And alternatively, "merging" with the empty container, which would
retroactively implement incognito mode on that tab, and incidentally coincides
with the desktop metaphor for dragging things into the recycling bin... this
metaphor can be extended by password protecting the recycling bin of "lost"
incognito tabs.

~~~
c0nducktr
You might like the "Containers On The Go" addon. It adds a second new tab
button which will create a container for the new tab it creates, which then is
deleted as soon as you close the tab.

[https://addons.mozilla.org/en-US/firefox/addon/containers-
on...](https://addons.mozilla.org/en-US/firefox/addon/containers-on-the-
go/?src=userprofile)

Someone also made a theme which will color the temporary container windows a
different color so you can easily differentiate them from the normal
tabs/windows.

[https://addons.mozilla.org/en-US/firefox/addon/containers-
th...](https://addons.mozilla.org/en-US/firefox/addon/containers-
theme/?src=api)

~~~
digikata
I wish they would create a "private" container that is equivalent to the
private browsing window. This sounds pretty close...

~~~
Vinnl
I think for all intents and purposes it is the same, except perhaps for
blocking trackers.

------
Larrikin
Does anyone have any advice on how best to use this? Is it really best to make
all shopping websites open in the same containers? Any thoughts on what
sites/kinds of sites should definitely be in their own containers. Any
recommended categories besides the default container categories?

~~~
JosephLark
I wonder about this as well. What are people finding is the best use of the
default container - what opens as a new tab?

Do you keep that your personal container, and opt-in to other containers like
work, shopping, etc.

Or do you use the default container as your most used type - perhaps work -
and opt-in to personal/shopping containers as needed?

Keep the default container blank and try to always open up a specific
container?

~~~
riri-au
It's useful for handling sites with really long login flows, and multiple
accounts, so I use them as the exception, rather than the rule.

Eg: AWS I have a work and personal account, and their login flow sucks, but
the work and personal containers handle this situation easily.

------
jherdman
This just isn't what I want. In Chrome I have two separate profiles: work, and
home. This lets me have work and home specific history, extensions, and
settings. Opening a new tab in one doesn't bleed into the other. This is what
I want. It's literally the only thing keeping me in Chrome these days.

Firefox used to have something like this in the past, but it's either buried
deep inside some obscure setting or has been ripped out. It's a damn shame.

~~~
vulkoingim
It still has it, although is not as easy to access as in Chrome.
[https://developer.mozilla.org/en-
US/Firefox/Multiple_profile...](https://developer.mozilla.org/en-
US/Firefox/Multiple_profiles)

~~~
jdalgetty
As soon as this is implemented directly into Firefox and easily accessible,
I'll ditch chrome for good. I rely too much on separate profiles to give this
feature up.

~~~
bwat49
It's not quite as elegant as chrome, but you can go to about:profiles to
manage profiles from within firefox. It allows you to create/delete profiles
and launch a given profile in a new window.

~~~
482794793792894
I imagine, there's also going to be add-ons that make this even more
accessible.

------
randomString1
I still think multiple profiles are a better choice. My main profile never
keeps cookies and have a very rigid
[https://github.com/pyllyukko/user.js](https://github.com/pyllyukko/user.js)
file and only a couple of extensions. I'm very scared about extensions and
self-updating scripts so I only keep them isolated. It also helps with
organization since I have different bookmarks. I can also "firewall" that
profile to never accidentally load websites I don't want to.

If needed you can drag windows/tabs between profiles or even other browsers. I
disabled all the referral options too.

~~~
throwaway613834
Multiple profiles are such a pain. You don't even get the common history and
autocomplete that comes with having a single profile. I've used them for a
while with Chrome and they're just too annoying to use. This looks like it
could turn out really great.

EDIT: It seems I was unclear in what I was trying to say. I wasn't criticizing
multiple profiles in general; I was criticizing using multiple profiles as a
replacement for containers. The way I see it, they don't substitute for each
other, and they both have their own great use cases.

~~~
tomjakubowski
Chrome profiles are an absolute joy for splitting between personal/work
activities. They also work better for, say, switching between Google accounts
than the "inline" Google account switcher, which is often buggy and at least
used to have incomplete support (does the Analytics dashboard finally support
the account switcher?).

~~~
fish_fan
To my understanding, firefox also has support for multiple profiles at that
level, but it may be by app launch, not by window.

~~~
Vinnl
It can be per-window: in about:profiles there's a "Launch profile in new
browser" button underneath every profile.

------
cygned
I use them daily for development. It is great to be able to have multiple
sessions in the same window for the same application when testing/developing a
feature.

Great work, Firefox team!

~~~
asfdsfggtfd
But responsive design mode doesn't work?

~~~
cygned
Yes, that's true and I wonder how these are related. I usually use the tabs
not in containers for mobile, the containerized ones for the desktop testing.

~~~
asfdsfggtfd
It basically makes containers useless for developing webapps with role based
permissions where mobile usage is required (all apps in 2017).

------
room271
I switched to containers almost two weeks ago and they are great, the kind of
thing that makes you think how did I browse without this before?

I've separate containers for: work, home, facebook, shopping. It's
particularly useful for google accounts, as I have gmail for work, home, etc.

And the ergonomics - e.g. being able to sort tabs by container, or hide work
tabs in the evening - is great.

------
47
I have being using Chrome Profile(People) feature since they were introduce.
It has been a god send for me. I tried Firefox containers for a couple of days
here a couple things that will really help:

* Containers need to be per window. Keeping track of containers at Tab level is lot of mental work.

* Set a different default container per device. For example I want to set different default for an office laptop, home computer, shared device, etc.

Firefox is getting there i feel it is just moving too slow for me to make a
complete switch.

~~~
Vinnl
The equivalent feature you're probably looking for is Profiles, which have
been in Firefox for ages already :) It's pretty similar to Chrome's. See
about:profiles.

Containers already are not shared between devices.

------
morsch
On a related note, does Firefox implement something like Safari's "Intelligent
Tracking Prevention"[0] that times out third-party cookies? Advertisers seem
to be mad[1], so they must be doing something right.

[0] [https://webkit.org/blog/7675/intelligent-tracking-
prevention...](https://webkit.org/blog/7675/intelligent-tracking-prevention/)
[1] [https://www.theverge.com/2017/9/14/16308138/apple-
safari-11-...](https://www.theverge.com/2017/9/14/16308138/apple-
safari-11-advertiser-groups-cookie-tracking-letter)

~~~
scott_karana
Yes: since version 42, Nov 2015.

[https://developer.mozilla.org/en-
US/Firefox/Privacy/Tracking...](https://developer.mozilla.org/en-
US/Firefox/Privacy/Tracking_Protection)

~~~
482794793792894
That is a privacy feature, which also drove advertisers mad, but technology-
wise, this is completely different.

------
DyslexicAtheist
design (coloring of tabs for banking etc) seems to be heavily borrowed from
QubesOS. For those not running Qubes using isolation like this is a really
great step forward in steering users awareness and training them to properly
isolate. I applaud these decisions by Mozilla since for avg users it can be
daunting to think for themselves about where the trust boundaries are.

~~~
Teever
I'm pretty sure that using colour to distinguish between features is a
fundamental aspect UI design.

------
cJ0th
A question for clarification: Containers don't prevent the browser from
leaking information such as the addons and fonts installed, right? In other
words, the browser fingerprint would still be revealed?

If this is the case then containers might be an okayish first step but may
convey a false sense of security to the user.

~~~
skrowl
You can't (at least currently) allow / block extensions by container.

The security and ease-of-use is simply a separate storage for sessions /
cookies / etc for each container. Nothing more, nothing less.

If you're concerned about privacy and leaking information there are a TON of
tweaks you can do to about:config or via a user.js file such as:
[https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-
fi...](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-
privacy-and-security-settings/)

------
AdmiralAsshat
These look really cool. I've had Self-Destructing Cookies (or Webextension
equivalent) on Firefox for awhile now to try to combat this problem, but it
_is_ a bit annoying that if I inadvertently close HN's tab or navigate away
from it because I followed a URL, I need to log back in. Containers might
eventually give me enough segmentation that I can feel confident with staying
logged into some stuff without being concerned that all the cookies are
talking to each other.

Might still want something that deletes all cookies when the entire container
is closed, though.

~~~
executesorder66
You can whitelist HN (or whichever site) so you don't have to log in each
time.

------
bryanlarsen
They mentioned my main peeve about containers: IMO control-T should open a new
tab in the current container rather than in the default container. They
implied that this could be fixed in an extension and linked some extensions,
but those extensions appear to do other things. Has anybody found an extension
that changes the control-T behaviour? Thanks.

Edit: They've totally got the default right. Pressing control-T from a banking
container should _not_ open a new tab in the banking container. It's just
that's not my use case.

~~~
forgotmypw
One of the few things I like about Chrome more than Firefox is the way it
handles "Personas", a similar feature.

Selecting a new "persona" opens a new window, and pressing C+T opens a new
tab.

~~~
notatoad
The downside with chrome's implementation is that they are completely isolated
instances of chrome - there's no easy way to hop between containers.

Being able to right-click on a link in your personal container and open it in
your work container is pretty slick.

~~~
terinjokes
FYI: This is exists in Chrome, but only for the other profiles open. If a
window for the other profile isn't open, the option to open in that profile
doesn't appear.

------
JosephLark
I really like this! First time I've actually tried it out now that it's an
extension. Seeing an issue with the always open in this container feature
though - clicking on a YouTube link set to always open in a 'Personal'
container, it's opening multiple new container tabs. At first it was just a
duplication with new tabs, but now it seems to be opening three tabs.

Edit: Above is when opening from a default tab. Maybe this is expected, but
the clicked links show as visited in the default tab even when they're opened
in a container tab. Perhaps this is to be expected, but it seems like a type
of information leakage across containers? Actually, seems like links clicked
in the default container show as visited in other containers. Odd as well is
that I'm not seeing the duplicate tab issue when clicking YT links from a non-
default container.

Edit 2: Is there any way to opt-out of "always" opening a specific site in a
given container? Say I configure youtube to always open in a personal
container, but for some reason I now have to test something in a work
container on youtube. Is that possible? Or do I need to go edit out the config
and then replace it when I'm done?

~~~
irishsultan
For your question about opting out: if you are not in the container that the
site "always" opens in it will offer you a choice of opening it in your
current container or in the default container for that site, at least it does
for me.

What I would like is the option to assign a site to two different containers,
so mail.google.com would not offer me to switch when in in Personal or in
Work, but would give me the choice to open it in either when I'm in a default
container.

~~~
JosephLark
I did get that as well. I'm confused why this is the default. I imagine it's
just the learning curve of this feature, I totally understand why they have
the need to spin off certain expected-default behavior to further extensions.

So I just told you to always open a site in a specific container, and then
you're going to ask me when I next load that site starting from another
container whether to open in the container I've asked the site to always be
opened in. Why would my choice be anything except 'Open in <Preference>
Container' and 'Remember my decision for this site'. Isn't that what I already
asked you to do?

Why am I setting the same preference twice? It seems like the opt-out is there
by default when I don't want it, and not there when I do.

------
grandpoobah
Here's what I've just done -

* Cleared all cookies for Facebook and Google

* Created a new container called "No tracking"

* Set facebook, gmail, analytics, youtube and all google services other than Search to always open in "No tracking"

Now in theory Facebook and Google can't track me across the web (at least not
in a way that it's linked to my real identity), and I don't have to do
anything to maintain this.

Anybody see any faults in my logic?

~~~
Sujan
Yes: IP address.

~~~
y4mi
and so many more datapoints such as screen & window resolution/size, installed
plugins…

even if you're splitting your browsing between sessions manually, they still
only need to match them once.

------
sitepodmatt
Can I memory limit them, e.g. when slack exceeds 300mb kill and restart
container?

------
lucideer
For me, the most significant part of this announcement is the breaking out of
this feature into an extension. Some interesting questions

\- Does this represent a deprioritisation of the feature by Mozilla (it would
seem not, since there's an explicit WebExtensions API just for this, but I'm
curious to see how the level of maintenance of the extension UI keeps up with
browser changes going forward)

\- This seems like the first major WebExtensions API that Firefox has added
post 57 (though it was available with a flag before) that no other browser
supports[0]. Does the represent Mozilla's future policy w.r.t. WebExtensions
in general - i.e. building out the API with Firefox-specific features? This
could be good for differentiating Firefox again, but probably more work for
devs creating cross-browser extensions.

[0] [https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/AP...](https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/API/contextualIdentities#Browser_compatibility)

~~~
aembleton
Personally I don't want this feature. Because it is an extension, I don't have
to have it and my browser can be lighter. This is exactly what should happen,
move as much as possible into extensions.

If WebExtensions doesn't allow for this, then yes, Firefox should extend it.
That way, other extensions can make use of it. You might not be able to port
it to Chrome because it is using specific Firefox APIs but the alternative is
not to have this feature. I expect to see other extensions in the future like
the ability to hide the tab bar.

~~~
lucideer
I have to agree with Vinni here, particularly as a former Opera user which is
a browser that took the polar opposite of this approach and yet remained by
far the lightest, most performant of the main browsers up until version 12.

It is absolutely possible to have your cake and eat it here, and the main
reason for this is that extensibility - from an engineering perspective - is
complex. Providing extension APIs necessitates generalised code, that fits a
range of use-cases and is parameterised in a generic manner. Providing
specific browser features on the other hand requires specific code, which can
be written in a targetted fashion for the single feature, and therefore can be
made much leaner and optimised.

This is absolutely not always the case - you can of course have the worst of
both worlds (inflexible non-extensible apps with inefficient badly written
code), but I would not underestimate the heaviness of extensibility, nor the
potential "lightness" of built-in features.

\---

That said - I'm impressed with the performance of 57 and the ease of writing
WebExtensions, so I'm pro this move personally.

------
gyger
I am still missing a sync between different computers of the containers.

------
sanbor
I would like to have an incognito container so I dont have to open a new
window in private mode.

~~~
kodablah
Agreed, or a container with no JS or a container without uBlock.

------
thesimp
I just installed the container add-on and I miss a basic function: how do I
open a bookmark in a container? The "open link in new container tab" seems to
be missing if I right click on a bookmark.

------
newscracker
The improvements are very nice, even though some limitations exist. I hope
Containers becomes part of Firefox core in the near future.

For anyone wondering about the extension and what’s built into Firefox, here’s
a comment on the blog post:

> Graham Perrin wrote on October 3rd, 2017 at 6:22 pm:

>> Containers is now available as a Firefox Extension, …

> Also worth noting: the essentials do not require an extension.

> about:config privacy.userContext.enabled change to true

> privacy.userContext.longPressBehavior change from 0 to 2

> privacy.userContext.ui.enabled change to true

------
colemickens
So is "Containers" being removed from Firefox? Or it will only live in Nightly
ever? So confusing.

edit: From some experimenting, it looks like "Firefox Multi-Account
Containers" extension extends the "Container Tabs" feature in Firefox. (This
is an assumption based on the fact that the Options/Preferences now tell me I
can't disable "Container Tabs" since "Ff MA Containers" is using it.

~~~
cpeterso
The container functionality is exposed in a WebExtension API called
"Contextual Identities" (in Firefox 53+). Designing a user-friendly UI/UX for
containers will take time, so the API enables extension developers to
experiment with new ideas before Mozilla commits to something.

[https://developer.mozilla.org/Add-
ons/WebExtensions/API/cont...](https://developer.mozilla.org/Add-
ons/WebExtensions/API/contextualIdentities)

------
clairity
i _love_ containers, but keyboard usage is still not ideal (i had submitted a
feature request for this via github a while back).

they landed on using ctrl-. (control-period) to open the containers dropdown
and then you have to tab to the container you want. not only does this require
two hands, but even tanvi in the blog post admits this is not discoverable at
all.

ideally, you could have a single hand command (like cmd-shft-1, cmd-shft-2,
etc) that would open blank containers of the corresponding type, with the
(awesome?) address bar auto-focused. then for discoverabilty, you could put
the corresponding number next to each menu item with a mouseover tooltip
providing the full keyboard shortcut.

even without the single-hand shortcut, the numbering could be useful for
selecting a container: ctrl-. then "2" for a personal container or what have
you.

but at the very least, let us also use the up and down arrows to select
conainers. tabbing is one of the least obvious options here.

(yes, i've spent entirely too much time thinking about this! =)

~~~
newscracker
This was exactly the feedback I had provided on a previous HN post a few weeks
ago. At that time, one of the developers suggested filing an issue for it. I
didn’t get around to doing that at all. Maybe you could consider doing that,
or I’ll do it in about a couple of weeks.

------
cname
The one problem I have with this is that I want `mail.example.com` to always
open in my work container, but `mail.example.com` redirects to
`mail.google.com` and the latter is what ends up being saved, so it's not
possible to assign to different Gmail accounts to different containers. I wish
I could edit the URLs for sites assigned to a given container.

------
trey-jones
I gave it a shot for about 3 weeks, the last time container tabs popped up on
HN, but I'm back on Chrome now. Containers are awesome! But Ctl + T not doing
what I want it to, combined with FF still just not being as responsive and
stable as Chrome did it in for me.

------
godelski
Is there a way I can convert a current tab to a container? I press <C-t> by
default and maybe I want to sort it later. That is, without opening a new
container and copy pasting the address.

~~~
godelski
Update: I looked around and it does not seem there is a way, they seem not to
want to do it either. The flow of copy, open new container tab, paste, seems
pretty cumbersome to me. Especially if you want to move a tab to a different
container or into one. If it weren't for this issue I'd love to use them.

I do like that you can hide containers or manipulate them as a group. This has
great organizational benefits.

------
hprotagonist
excellent news! Containers have become a really convenient part of my work-
flow, if for no other reason than all of my reddit accounts can be logged in
next to each other..

------
jokoon
What happened to the private browsing by default in Firefox?

------
rossdavidh
You know, it's great that they're doing this, but I'm still going to just use
multiple browsers.

~~~
supermdguy
I've just created multiple chrome people. You can create a chrome person, even
without signing in, so you don't necessarily need a google account for each
person.

------
slitaz
This pollutes the term container, which up to now they were assisted by kernel
security features.

~~~
wongarsu
Containers are also an abstract data type who's primary purpose is to contain
other data [1], Containers are a concept in type theory related to collections
[2]. Web Containers are the parts of a web server that interact with Java
Servlets [3]. OLE Containers are a technology for embedding content in editors
such as Word [4]. AVI is a multimedia container format that can contain audio
and video encoded in various codecs (as is MP4) [5].

Operating-system-level virtualization never had a monopoly on the word
container, and as long as there's no potential for confusion I don't see why
it should.

1:
[https://en.wikipedia.org/wiki/Container_(abstract_data_type)](https://en.wikipedia.org/wiki/Container_\(abstract_data_type\))
2:
[https://en.wikipedia.org/wiki/Container_(type_theory)](https://en.wikipedia.org/wiki/Container_\(type_theory\))
3:
[https://en.wikipedia.org/wiki/Web_container](https://en.wikipedia.org/wiki/Web_container)
4:
[https://en.wikipedia.org/wiki/Object_Linking_and_Embedding](https://en.wikipedia.org/wiki/Object_Linking_and_Embedding)
5:
[https://en.wikipedia.org/wiki/Audio_Video_Interleave](https://en.wikipedia.org/wiki/Audio_Video_Interleave)

