
Contextual Identities on the Web - ronjouch
https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/
======
amluto
If we can get Tor Browser's first party origin feature in as well, this will
be fantastic! I would _love_ to have the ability to type www.facebook.com and
get a context that isn't linked to the rest of my tabs.

I also want ephemeral containers so I could open a tab that forgets its
cookies when I'm done. Think private browsing but without forgetting my
history, requiring a new window, or being limited to one context at a time.

~~~
denis1
Did you try the "Self destructing cookies"[1] extension for Firefox? It is
close to your "forgets cookies" requirement. IIRC it has per domain settings
and allows you to configure the cookies to self destruct after closing the
tab, the browser or never.

[1] [https://addons.mozilla.org/en-US/firefox/addon/self-
destruct...](https://addons.mozilla.org/en-US/firefox/addon/self-destructing-
cookies)

~~~
lucb1e
I use this and am very satisfied with it. It's a very simple thing that anyone
(that knows how cookies work) can fully understand within seconds and it
prevents many, many sorts of tracking. A password manager is a must, of
course.

Every time I use someone else's computer now, I'm horrified to see my settings
from last time on random sites. You don't realize how much tracking is done
until it's not the standard anymore. I even forgot to log out of places, so
I've defaulted to opening private windows instead.

Anyway back in topic, SDC helps a lot but doesn't do everything OP wanted to
do. I too would like to be able to open Facebook without wondering what other
openings tabs might be using it, preventing SDC from removing the cookies. I'm
really really excited Mozilla is doing this. SDC is a good start until it's
out of nightly/beta though.

------
fps
Firefox's clumsy profile support is the one thing that makes me keep switching
back to chrome. I really prefer firefox sync to chrome's implementation, and
some of firefox's tab organization tools are way better than chrome's. But I
use many of the same webapps in my personal life as I do in my work life, and
being able to run two profiles simultaneously, and start them up without
having to launch firefox from the terminal every time, was difficult.

What they've implemented seems to be better than chrome's profiles, in that
it's easier to create a new profile for a specific context (so I don't have to
sort things into a "work" bucket and a "personal" bucket.) It will be
interesting to see how the contexts interact with plugins.

~~~
grimgrin
Doesn't it also just genuinely feel more sluggish to you? Just installed
Nightly to test this feature out, and then took another minute to use the
developer tools to do some debugging, and the whole experience felt less
smooth. Maybe only microseconds of a difference in <my action> and the
<browser's response>, but noticeable nonetheless.

~~~
Sylos
Do you have extensions installed? Nightly has E10s default-enabled, and
there's currently still pretty bad performance problems when using certain
extensions with E10s.

Basically, extension developers can "shim" their add-ons, which, as far as I
understand it, tells Firefox that it has to handle things which are affected
by the extension in a single-threaded way, again. And because the world is a
grim place, this doesn't just get you back to non-E10s performance, but is
actually worse.

Eventually, add-on developers should properly port their extensions to E10s
and then those performance problems will disappear, but at the moment they are
still very frequent and when Mozilla rolls out E10s, they will also only
default-enable it for users without extensions for this exact reason.

If you want to troubleshoot this, I would recommend looking at
about:performance and www.arewee10syet.com. You should probably check how
performance is in a new profile[0] first, though, just to make sure that
you're not trying to replace extensions when it might be caused by something
else.

[0]: [https://support.mozilla.org/en-US/kb/profile-manager-
create-...](https://support.mozilla.org/en-US/kb/profile-manager-create-and-
remove-firefox-profiles)

------
red_admiral
This could not be more welcome at a time when facebook (UK) is displaying a
new bar across the top of its page saying that by using it, I agree:

"By clicking or navigating the site, you agree to allow our collection of
information on and off Facebook through cookies."

I already have a separate chromium "person" set up for facebook; might give
firefox another go when this gets released.

~~~
bjacobel
I don't mean to tell people how they should and shouldn't use the web, but if
you disagree with Facebook's off-platform data-collection practices, consider
sending them a message about it and closing your account. They have no reason
to change their policies unless we give them concrete evidence that it will
hurt their business.

~~~
beagle3
They track out even if you don't have an account. They have no reason to
change their policies, because you cannot hurt their business enough as a user
(you're the product, not the customer).

The only reasonable option, if one cares, is to use disconnect/ghostery/abp
with the right lists, etc.

In case you are not aware: Every single web page that has a 'facebook like'
button reports your surfing habits to Facebook, whether you have an account or
not.

------
masklinn
That looks neat. And if it were possible to cheaply create and delete
contextual identities on the fly it would even fix an issue I had today: the
difficulty of multiple _separate_ private browsing sessions in the same
browser.

~~~
TazeTSchnitzel
This is an issue for me, primarily for using Twitter. I sometimes want to use
multiple Twitter accounts at once, and not via TweetDeck. What I end up doing
is having one account in use on normal Firefox, one in Firefox private
browsing, one in Chrome private browsing, one in Safari private browsing, etc.

~~~
lucb1e
Exactly. An account as lucb1e, a professional account, one dedicated tweeting
blog posts on my website... It takes some juggling sometimes.

------
breakingcups
This seems very useful for it's intended use-case. At first glance I would
like to note however that advertisers (and other parties) will probably still
be able to track you across these "containers", due to not isolating HSTS-
flags and similar features.

I also wonder whether a seperate banking container makes a lot of sense when
doing online payments, as in my country we get redirected to our bank to do
payments. This might create confusion among non tech-savy users ("but this
should be in my banking-container, I'll just switch. Why does the webshop give
an error upon returning now?").

Overall a really cool feature though and one that might persuade me to give
Firefox a try as daily driver again.

------
BugsBunnySan
Omg, finally this exists :D

I think this is the actual solution to the problem that 'private browsing' was
trying to fix when it first came out.

~~~
tajen
..."Firefox profiles" fixed it very well. Same as Chrome profiles: I have one
for my work persona, one for my personal persona, another for my sysadmin
persona, and 3 others for... er... nevermind. But it works great.

Besides, 11 FAQ and a long blog post: I'm not sure they narrowed down the most
focussed feature that would provide the most value and be used by the most
number of users.

~~~
BugsBunnySan
Yeah, but afaik, switching those profiles in Firefox is (currently) really
difficult. So much so that it almost feels the same as if you didn't have the
capability to do it...

~~~
sp332
You can edit your shortcut or .desktop file to open "firefox -P" instead of
"firefox". Each time you click it, it will ask which profile you want the new
window to be in.

~~~
lucb1e
Had I known this earlier... I had the same reaction as the person you replied
to, I hadn't thought of using profiles. I knew something called profiles
existed, but I thought it was not in use anymore (at least not properly
supported). I never connected the dots.

Still sounds like a pain to manage though, compared to this new feature.

~~~
sp332
Yeah it's not a great user interface, and it's definitely buried. Aside from
the Developer Edition which uses a different profile by default, it seems to
be ignored by Firefox devs. Probably because they don't want to support all
the people who get confused by the terrible UI!

------
Monkey0x9
This is the way to go for firefox. Instead of copying google chrome, creating
new and usefull features.

~~~
gruez
But chrome had this feature as well, with user switching. The only difference
is that user sessions were bound to windows rather than per tab.

~~~
callahad
I disagree. Chrome user sessions don't share history, saved passwords,
bookmarks, or add-ons. Firefox Contextual Identities do.

~~~
milesokeefe
There are pros and cons to that though. It can be useful to have extensions
unique to each profile.

~~~
Sylos
Firefox has had those kind of profiles for a long time, they just aren't the
most accessible thing in the world. But yeah, you can access them from
about:profiles or also via the command-line with "firefox -P". If you want to
use it more extensively, there's also extensions available for easy switching,
like for example Profilist. [https://addons.mozilla.org/en-
US/firefox/addon/profilist/](https://addons.mozilla.org/en-
US/firefox/addon/profilist/)

------
beagle3
This is a great step in the right direction -- though it is not enough.
Different identities would still be going through the same IP (not much one
can do about that). But some things that can be solved are NOT addressed with
containers:

\- everything panopticlick uses (fonts list, plugin lists, timezone, agent,
etc.)

\- everything panopticlick doesn't use, but the bad guys do (aa font
signatures, ...)

\- plugin abuse - e.g., Flash 'cookies', Silverlight 'isolated storage', Java
JNLP properties

\- see EverCookie[0] for more things that have been known to occur in the wild
(and remember it is outdated). the article mentions cache is not shared, but
e.g. HSTS pinning is. evercookie easily pierces through this system.

Since 2005 or so, I have had different users for different purposes; Not sure
how well it works on Windows these days (it used to not work at all back in
2005) - but on Linux, it's just a "sux - otheruser" or "sudo -u otheruser"
command away, and it is well isolated on the web side[1]

[0] [https://samy.pl/evercookie/](https://samy.pl/evercookie/)

[1] Full X11 isolation requires a lot more effort - but luckily it seems that
recent browsers don't let websites abuse that

------
yAnonymous
Vote-brigading and trolling have never been so easy! All sarcasm aside, it is
a great feature.

~~~
yAnonymous-work
Agreed.

~~~
Jordrok
I still think that better support for contextual identities would be a net-
positive across the board for the web, but I have to say that this little
stunt gave me a good chuckle. Bravo!

~~~
eridal
Next step: build a plug in to automate the self vote up!

~~~
yAnonymous
And separate proxy/user agent/other trackable stuff settings for every
context.

My post was not only a joke. This has serious potential to make multi-account
tracking a nightmare... as it should, but not everything about that is good.

------
nickysielicki
This so closely resembles the way that Qubes uses colors to identify your VMs
[1] that I'm surprise they didn't get a mention in the post.

It's a really simple idea that can go a long way for digital identity hygiene.
Can't wait to try it out.

\---

[1] Screenshot of Qubes: [https://www.qubes-
os.org/attachment/wiki/QubesScreenshots/r2...](https://www.qubes-
os.org/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png)

------
james-turner
This looks really promising. The identity problem in browsers is something I
tried to solve by customising the look of different Firefox instances opened
with different profiles[1] (one for personal use, one for work etc). But
having this functionality built in is definitely preferable.

[1] [https://github.com/jamesturner/firefox-profile-
indicator](https://github.com/jamesturner/firefox-profile-indicator)

------
WA
I solved this so far by using two different browsers. But this is cumbersome
and Mozilla now makes sure that I only use their product. This is good,
because I like Firefox.

------
azeirah
Oh that sure does seem really useful :o

I hope they keep going into this direction

------
lucb1e
This is fantastic! I've been wanting this for a few years, but didn't think
anyone else would care enough to get this on a browser's todo list. Awesome to
see Mozilla doing this!

~~~
spiderfarmer
I know a lot of people that use multiple browsers (IE, Chrome, FF) to achieve
the same effect. Especially in internet marketing, where you constantly switch
between Google accounts it's something that's very useful.

------
mark_l_watson
Great idea that makes me glad I use Firefox (settings for maximum privacy and
discard all cookies when browser shuts down; I also use Chrome for Google
properties, Twitter and Facebook).

With Firefox containers I suppose I could drop my two Browser setup, but I
won't, at least for now.

------
notifier2050
Wow, this is insanely cool! I've been thinking to create add-on to be able to
login to multiple Google accounts from different tabs, but they managed to
create it faster!

------
LOSEYOURSELF
Isn't it kind of fucking horrific you have to think about your "browsing
identity" at all?

~~~
lucb1e
You mean in the sense that so many companies and websites seem to be working
against you instead of for you? I agree on that.

------
Nadya
I am always confused by the lack of user customization in features like this.
Why am I limited to four containers? Why can't I rename them?

Four is not enough (personally, though I imagine it would be for most people)
and remembering which identity is under "Work" and which is under "Shopping"
is just an annoyance when _none_ of my identities would be for "Work" or
"Shopping". It would be faster and less annoying to sign out and sign in as
another account. Being able to name my containers after my psuedonyms and have
a container for each psuedonym would make it infinitely more useful and
intuitive for me - rather than a mental burden not worth the hassle of using.

~~~
laported
This is a complex feature to implement and they "don't have all the
answers...yet, but hope to start uncovering some of them with user research
and feedback." If customization is important to you, you can let them know:
"We hope to gather feedback on this basic experience to see how we can iterate
on the design to make it more convenient, elegant, and usable for our users.
Try it out and share your feedback by filling out this quick form or writing
to containers@mozilla.com."

~~~
Nadya
My post was more of a mini-rant about how UX of otherwise useful/good features
always seems to be an afterthought. The UX ends up being poor resulting in an
underused and often later abandoned feature.

Although it is likely my social niche - I know more people with multiple
personal or social accounts who will find this feature useful but have a
terrible UX due to the container names.

"Hand me the long, blue screwdriver - by which I mean the short, red hammer."
\- terrible UX

I'll be providing concern this as feedback via email when I get home and have
access to my personal email.

------
Pxtl
I'm not sure about Firefox's implementation of it, but throughout computing
I'm seeing more and more need for this kind of thing, not to mention something
softer than full user-account switching for handing a device between family
members or teammates. As everything gets more personalized and more tightly
bound to the user by learning their habits and typing and voice and all that,
and simultaneously in a social networking context we broadcast stuff about
ourselves incidentally (like Youtube learning your viewing preferences and
likes) that the ability to switch context neatly and quickly is becoming more
important.

------
greggman
Very cool.

I think I'd love to be able to define which domains open in which contexts so
if I click a link that happens to be to something I want in other context ...

But that got me thinking just how effective will this be? If someone sends me
a link in fb and I click it. Even if it opens in a new context it seems like
it's only a matter of time before all the links are changed to
[https://destsite.com/path/to/resource#fbtrackingid](https://destsite.com/path/to/resource#fbtrackingid)
or something similar which then adds the cookie across contexts?

~~~
johnp_
Well, there's an Add-on to prevent the latter:

[https://addons.mozilla.org/en-US/firefox/addon/clean-
links/](https://addons.mozilla.org/en-US/firefox/addon/clean-links/)

------
eximius
This is a _huge_ step in the right direction.

However, my personal vision is taking this one step further with an 'identity
management' daemon running on your computer or a hardware token which acts a
cryptographic agent on behalf of your identities. So firefox, chrome, or
whatever application could request a credential for some service and your
daemon would pop up and ask you which identity's credentials to use or if
you'd like to make a new one (U2F or some other system).

------
arenaninja
Very cool feature! I remember a friend of mine having a use for this as far
back as 8 years ago. I hope you're happy now Richard!

~~~
lucb1e
Same here, although I'm not sure I can beat 8 years!

------
darkroasted
This is really neat, although it does not look slick enough to replace my own
hacky word-around:

What I have been doing is creating a separate Chrome application launcher for
my different life contexts -- [http://lifehacker.com/5611711/create-
application-shortcuts-i...](http://lifehacker.com/5611711/create-application-
shortcuts-in-google-chrome-for-mac-with-a-shell-script) I have one for
anonymous browsing, one for work, one for personal-real-name, and one for
pseudonymous browsing. I renamed the application so I can launch by typing
"WorkChrome" or "PersonalChrome" in spotlight search. Each Chrome app then
runs with a separate profile, separate cookies, etc. I have a different icon
and colored theme for each one, so that I never make a mistake with regards to
which I am browsing in. I can have multiple open at the same time and tab
switch between them.

------
ars
This reminds of tabgroups for some reason - but they got rid of tabgroups.

I think this feature would have made tabgroups much more useful.

------
nixpulvis
I literally just read the paper [1] a few days ago, pretty interesting. It
lays out a lot of work and thought to be done.

[1] [http://www.ieee-
security.org/TC/W2SP/2013/papers/s1p2.pdf](http://www.ieee-
security.org/TC/W2SP/2013/papers/s1p2.pdf)

------
eliaspro
This is like a match made in heaven for Activities in KDE Plasma.

[http://cukic.co/2016/02/08/heavy-activities-
setup/](http://cukic.co/2016/02/08/heavy-activities-setup/)

Now if only Firefox AddOns/Extensions would be able to properly access DBus,
this would allow for a so much better Linux integration (storing passwords
through org.freedesktop.Secret, opening URLs in the appropriate container from
KDE Plasma sessions instead of random switches to another activity where a
Firefox window is found, global media playback states/control for web
video/audio as org.mpris.MediaPlayer2, powermanagement inhibitors through
org.freedesktop.login1, etc)

------
Grue3
The idea is good, but what's with the identities they chose? "Personal",
"Work", "Banking", "Shopping"? Is "Shopping" supposed to be an euphemism for
"Porn"? As far as I can tell, nobody has a "shopping" Twitter account.

~~~
hardmath123
I think one thing that bothers people is when they look up "Samsung
Smartphone" or "children's stroller" on Amazon and are suddenly bombarded with
advertisements about these things all over the web.

People are also paranoid about online shopping sites changing prices based on
tracking information. Here are two articles related to this:
[http://lifehacker.com/5973689/how-web-sites-vary-prices-
base...](http://lifehacker.com/5973689/how-web-sites-vary-prices-based-on-
your-information-and-what-you-can-do-about-it) and
[http://www.wisebread.com/6-ways-to-avoid-sneaky-online-
price...](http://www.wisebread.com/6-ways-to-avoid-sneaky-online-price-
changes)

------
dubcanada
This actually looks awesome.

------
pc2g4d
Digital marketing companies are moving to reduce or eliminate their dependence
on cookies for identifying users, so unless they add some Tor-like
functionality to this tool that makes you appear to be connecting from a
different IP address, I don't see this having much of a long-term privacy
impact.

That said, no need to volunteer any more information than necessary to use
online services.

If you haven't seen it, you should definitely check out
[https://panopticlick.eff.org/](https://panopticlick.eff.org/)

------
MzHN
Ah yes, thank you, finally!

I can't emphasize enough how much I've been waiting for this.

I've even tried pushing it via the dev-tools uservoice as a developer tool
instead of a privacy tool, since you often need to test with multiple sessions
at the same time. No reaction.

There is still the very real issue of fingerprinting across containers, which
they point at towards the end of the article, but this might just be enough
for me to drop Chrome completely and get my Firefox set up again the way I
like it.

------
natrius
This sounds better than my current solution of multiple Chrome profiles, but
how does this interact with extensions? So many extensions require broad
permissions that give them nearly as much power as the browser vendor
themselves. With separate Chrome profiles, I can keep sketchy extensions away
from sensitive credentials. I hope these containers do something similar,
because I think the UX of per-tab containers might be superior to per-window
profiles.

------
mtgx
If they're going to use per-tab containers, doesn't it make sense to have per-
tab sandboxing as well, to ensure there's no data leakage?

~~~
sp332
They just barely separated the chrome process from the rendering process. All
tab content is rendered in the same process for now. Eventually they will
separate it further but it's not done yet.

~~~
pietroalbini
In Nightly you can enable one process per tab by changing dom.ipc.processCount
to something like 1000.

It currently has some delay when you open a new tab, and a few quirks here and
there, but it's mostly working.

~~~
sp332
It has a lot of bugs left.
[https://bugzilla.mozilla.org/showdependencytree.cgi?id=e10s-...](https://bugzilla.mozilla.org/showdependencytree.cgi?id=e10s-multi&hide_resolved=1)
And they haven't even started adding sandboxing between processes.

------
danbruc
Supported at least since IE 8 (2009) [1], not sure how multiple instances
behaved before.

[1] [https://blogs.msdn.microsoft.com/ie/2009/05/06/session-
cooki...](https://blogs.msdn.microsoft.com/ie/2009/05/06/session-cookies-
sessionstorage-and-ie8-or-how-can-i-log-into-two-webmail-accounts-at-the-same-
time/)

------
pmontra
Wonderful. I'm looking forward to a feature to automatically create a
container for every new tab, unless explicitly told to open a tab in the
existing container. Example: two tabs for the same site, right click, Open
Link in New Tab (same container). The browser default could be opening in the
same container. An about:config switch would be ok, we'll find it.

------
kirkdouglas
It seems that Firefox is becoming relevant again.

~~~
lucb1e
It has always been relevant for me. Chrome has nowhere near as powerful
customization and privacy features, and Opera has nowhere near as much
support. Firefox has always been the best browser for both power users and
privacy conscious people.

If you were going for something minimalistic and good for business/home usage,
Chrome might be a better choice indeed. I can definitely see the advantages
and I've installed it for my family back when it was substantially faster than
Firefox (by now Chrome got a _lot_ heavier and Firefox, uh, I guess they must
have become a bit lighter but I don't know). I guess I should switch them back
to Firefox again, but it might not be worth the learning curve.

------
siscia
I am wondering what will happen to all the web ads company if this feature get
deployed and use wildly.

~~~
lucb1e
Revenue will go down even further, that'll happen. Same as with ad blockers,
except they cannot detect it this time around (at least not easily, it would
be a bug if they could).

Nothing changes really, ad revenue should already have been going down for
years with how many ads we see every day. Almost everyone should automatically
block them out mentally by now, and I think I recently heard this is starting
to happen more and more now.

------
return0
I prefer to use separate browser instances with different --user-data-dir (in
chrome, i dont know the equivalent in firefox). Adding a different color theme
helps to immediately discriminate betwen them.

Having tabs from different contexts in the same window is confusing.

------
kevinSuttle
This is pretty much spot on what Edward Snowden described for his vision of
digital identity.

[https://gist.github.com/mnot/382aca0b23b6bf082116](https://gist.github.com/mnot/382aca0b23b6bf082116)

------
skybrian
I'm pretty happy with Chrome's support for multiple profiles in separate
windows - for example I have one for work and one just for Facebook. I wonder
why Firefox is using tabs? What other differences are there between these
approaches?

~~~
Sylos
Well, because some users will prefer to use them in tabs. If you rather want
separate windows, then you can put those tabs into different windows yourself.
No need to limit what users can choose to do...

------
tener
Cool addition, but I can easily see how people will make costly mistakes by
using different account than intended.

I prefer to use different devices entirely.

When need arises to have multiple logins to the same page I simply open new
private window.

------
enscr
Is it like the Chrome "People" (or profiles or user) feature ? Suggesting that
"user won’t need to use multiple browsers" seems like a problem that didn't
exist if you used chrome.

~~~
olalonde
One notable difference is that those identities are tied to tabs instead of
windows. Chrome doesn't let you mix tabs from different "profiles" within the
same browser window.

------
hammock
So this is like profiles but tab-level instead of window level?

~~~
sp332
Profiles separate your history, bookmarks, and add-ons. This shares all of
those things between Containers.

------
digi_owl
Perhaps they should have called it something other than containers? Or is the
term a buzzword these days for anything that separates A from B?

------
ComodoHacker
Funny side thought. Privacy movement has one additional benefit besides all
others: it pushes machine learning research further and further.

------
srrge
As a developer I see a lot of use for this feature.

------
neves
Great for paywalls that just allow me to read X articles. Now if I create 5
profiles in the site, I can read 10*X!

~~~
yxhuvud
Sure, until they start to tie it to IP instead.

~~~
neves
So all my company will be blocked at once.

------
rolandukor
I think this is fantastic. In hindsight, it is a no-brainer. Good for mozilla
and hoping the others will catch up

------
nikolay
Nice! Google Chrome has profiles, which are kinda similar, but this looks
better!

------
nomi137
this will be awesome.. and watch out google chrome :)

------
mxuribe
Pretty cool!

------
ronjouch
@HN @dang why the post de-rename?

When submitting, I intentionally editorialized the title from something
unclear out of mozilla's blog context ( _" Contextual Identities on the Web"_)
to a more explicit title that speaks by itself ( _" Firefox 50 nightly new
feature: Contextual Identities"_).

Isn't this considered valuable here?

~~~
dfc
I cant speak for dang but the guidelines make it pretty clear that you should
use the original title:

is[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
ronjouch
Alright, thanks for pointing to them.

\- This guideline feels a wee bit sad, because editorializing can be valuable
(a title might be crystal clear in context but nonsensical once pulled out of
it).

\- But I understand how we generally don't want it as it might lead to
linkbaiting and misrepresenting the original title.

~~~
k__
Also, didn't they change some titels to less click-baity titles in the past?

~~~
spiderfarmer
Still happens, I saw it happen the day before yesterday. I kind of like the
fact that the title on HN is specific and to the point.

------
janan11
This is genuinely super! I've already configured my firefox so that fb exists
best within the non-public context. This means i will visit any website which
uses fb monitoring, and so forth, and that i won't be logged in!

------
aestetix
Mozilla and Contextual Identities.... hmm.... did they just forget about
Persona?

~~~
lucb1e
Not the same thing, I guess that's why you're being downvoted (and the snarky
remark) but the person didn't comment so we'll never know...

