The signing into an account in chrome is the killer feature for me. I have work and a couple of personal accounts that I have signed in in different browser windows. That allows me to keep things separate (extensions, mail, browsing, bookmarks, etc).
The signing into an account in Chrome almost got someone fired at a small customer of mine a few weeks ago. Fortunately they called me first to look into it, I pointed out that the porn bookmarks in question were years old and that since Chrome was signed into a personal account it was pretty likely that the same account had been used by other family members at home.
I also wrote this up for the owners to send to their staff, feel free to reuse if appropriate for you:
We’ve seen at least one situation recently where a user “signed in” to Chrome when prompted, which brought that user’s personal bookmarks and website logins onto their work computer. While Chrome offers this as an option, there are no situations where your personal account should be linked to a browser at work – if you need to be using personal email, etc. please do so from your own phone or other device on your own time. This is for your own privacy and security as well as for the practice – we want to not have your personal data on our systems, and you don’t want your private email, bookmarks, etc. accessible to anyone else who happens to be at your desk while you’ve stepped away.
If you have linked your browser to a personal account, please remove that connection using the instructions below.
You can check whether Chrome is linked to an online account by clicking on the small person icon at the top right corner of the window – just to the left of the “X” to close the window.
• If you click on that and it asks you to sign in, you’re not linked to an account.
• If you click on that and it lists a personal account, click on “Manage People” to open a new window listing connected accounts. On each account there are 3 dots in the top right corner – click those and “Remove this person”
• If you see a name rather than a generic person icon, click on that and use “Manage People” to remove that connected account.
Firefox offers a similar but less-used version of this that would have required creating a Firefox account to use Firefox Sync. If you have done this with Firefox please disconnect it; if you’re not sure then you almost certainly haven’t done this in Firefox and don’t need to worry about it.
I think the idea that you only access personal stuff from your own devices on your own time is unrealistic. There are restricted environments (intelligence agencies and such) where it's necessary, but outside of those I think people commonly expect that if they get their work done and avoid illegal / pornographic / other NSFW content, they can do some personal browsing at work, typically on work-owned hardware. The company can expect otherwise, but it may not work out well for morale / staff retention. I don't know anyone who comes in, maintains 100% focus on work for 8+ hours, and then goes home.
Of course, if someone is signing into their personal account using work hardware, they're basically saying they trust the company not to do any intrusive monitoring, where "intrusive" is something I'm deliberately leaving a bit vague. The company probably has some idea what sites they visit but employees expect that the company is not stealing their credentials or having someone virtually read over their shoulder without a very good reason. If outside intruders get into work device management servers and such, employees' personal stuff is at risk also, but they're willing to accept this for the sake of convenience.
I have, on my work-owned laptop, both work and personal Chrome profiles. (The analogous Firefox feature is multi-account containers.) I might only bring a work laptop when traveling for work. Most of the time, and certainly if I'm presenting during a meeting, I'm using the work profile. I'll use the other only when I'm alone. I lock my screen when I'm not there; I have sensitive access, so this is expected for reasons other than protecting my personal data.
Conversely, work allows me to access my work email and some other internal sites from my personal phone if I agree to certain device management restrictions. I do this rather than carry two phones. Some people choose otherwise.
> I think the idea that you only access personal stuff from your own devices on your own time is unrealistic.
Once upon a time that was the case - "Cyber Monday" as a prime case in point. Some limited amount of non-work browsing is generally still fine at most offices I deal with, most notably checking news, weather, sports scores, etc.
However as a person responsible for making sure there are no breaches (particularly reportable ones) at offices, I'm moving more and more to the "No personal use. Period. No debate." position. I can control the kind of filtering, AV checks and attachments that come into the office via the business email as an example, but if people are checking their personal email on company systems I may not be able to catch the "Huh, I don't remember ordering from them, I wonder what this invoice email is all about?" person. Antivirus is all well and good but it's not 100%, and while I can look at the mail filters and see that there were 400 PDFs with variations of "Delivery Notification" or "Invoice 1234567" blocked in the last half hour to a ton of different addresses, Jane Smith in Billing or Accounts Payable may only see one or two - and on a really bad day, opening just one may be all it takes.
Also, these days a huge percentage of people not only have smartphones but use those smartphones as their primary devices for Internet access. 5 years ago that wasn't the case, but now? George with the iPhone 7 Plus can quite easily check his email or do plenty of other things that would have been much less pleasant on an iPhone 4.
I dunno. I can see your concern, but it seems to me like a Wal-Mart anti-theft guy saying we need to search all employees before allowing them to leave the store. I'm sure it would solve some problems and reduce your personal headaches, but that doesn't necessarily make it reasonable.
> I can look at the mail filters and see that there were 400 PDFs with variations of "Delivery Notification" or "Invoice 1234567" blocked in the last half hour to a ton of different addresses, Jane Smith in Billing or Accounts Payable may only see one or two
Wouldn't Jane Smith from Accounts Payable anyway open a PDF invoice email, regardless of the address?
I've been going back an forth between Chrome and Firefox for the past couple of months with the number of posts that I've seen on HN. Every time I always realize that Firefox doesn't have workspaces. This comment made me realize that containers are the alternative. Hopefully, I'll be able to switch over to FF more full time now that I have this solution. Thanks for this comment!
> I pointed out that the porn bookmarks in question were years old and that since Chrome was signed into a personal account it was pretty likely that the same account had been used by other family members at home.
So the offence was merely having porn bookmarks in their browser - not visiting porn sites at work? Wow.
This is in an environment with multiple people at a long open desk with patients on the other side of the counter. Someone sat down to check something, or check someone in or out, I don't know the details. They hit the Bookmarks button, and right there on the list was a PornHub link to something about a teen and anal sex. This caused a bit of an uproar about inappropriate use of the computer systems, though it may have stayed behind closed doors.
It wouldn't surprise me a bit if the person whose account it was didn't even know that bookmarks exist in Chrome - it's not like Google makes it obvious these days. I suspect there were some awkward discussions at home that evening, or possibly on the phone with college-age children.
I imagine porn bookmarks showing up in an official screencast, presentation, or live product demo would do wonders to a company's image and reputation.
Firefox containers are awesome. Once you've got a GMail account it's really easy to fall into the trap of letting Google track your everything. GMail, Google searches, Google Maps, You Tube.
Containers splits them out beautifully, with minimal tracking.
With Chrome / Chromium, Google wants you to log-in using a Google account, so you fall into the trap again.
Does Google actually track web activity when logged out whilst logged in to Chrome? By this I mean connecting e.g. searches done on google maps with your account, not just storing the history.
Google of course has all the information server-side to do this; I'm unsure if they actually use it. There's usually a line on tracking that (you think) a company won't cross; e.g. I wouldn't expect Google to use browser fingerprinting to track you when logged out in a different browser, but I'm not sure about web activity in Chrome. Sounds plausible either way.
The use case for this is that you want to leave your gmail/youtube/etc all logged in, but not let Google track you all over the internet. My primary use for this feature is this specific use case. I created a "Google Spyware" container and configured Google-related things to open in there. If I go to google.com outside of that container, I'm a non-logged-in user. If I open it in the container I AM logged in, so I get all the convenience of staying logged in without the downside of all the surveillance. Of course there are other means to track me, but this is a big step in the right direction.
I know. I've been using containers ever since it was an experiment :)
My question is independent of container tabs, it's a question of whether we know the level of tracking Google does on a signed-in chrome where your google account is not signed in in the session (is this even possible?)
You can find pretty much all the data that Google has on you - they allow you to examine the history of it. As far as I know they don't track your entire web browsing history but they do record all uses of their sites with your account.
But personally I certainly don't need to be logged in using any of Googles services except for GMail so I'd rather just not build up the history rather than having to go about deleting it (or not because there's so many other things to get distracted by)
Yeah, I think this is where things start to get fairly pointless with avoiding being tracked. I'm imagining that even at a basic level they can match up any Google searches / GMail you use to your IP address and then follow that via Google Analytics.
I'm happily using DDG as a replacemet for most Google searches. But I guess I need to stop using GMail.
I've been a happy customer of https://www.fastmail.com/ for some years now (and used Gmail before). I highly recommend them for anyone considering leaving Gmail. You pay them with money instead of data.
Why wouldn't they? Judging from the RLZ related files I had to clean off of my Mac, Google is bundling RLZ (Google's tracking library) with Chrome on all OSes. I'd be shocked if they're deploying but not using something like that.
It is possible, but it's messy in terms of which one is the default (clicking on links outside of the browser), taskbar/launcher buttons (OS- and DE-dependent, some configurations have issues e.g. with pinning) etc. I think there was something else - minor and just slightly inconvenient - but I forgot.
Compared to ProfileManager, Container Tabs are absolutely awesome. Completely different experience, smooth and nice.
ProfileManager is a bit awkward indeed. You can pass `-p primaryprofile` and `-p secondaryprofile -no-remote` to make sure that links from OS are not opened in the 2nd instance, but then, when you close Firefox and click an external link, it will open Firefox with the last opened profile, which might be `secondaryprofile`.
The solution for me was to use one Firefox installation per profile: primary = stable, secondary = nightly.
Container tabs are way nicer than this, but since I open lots of tabs, I still like the distinction between stable and nightly (stable = regular browsing, nightly = FB).
Thanks to you I found something really useful. With this I can finally have the convenient replacement for the good old private window which gets overused for logging in to multiple accounts simultaneously.
It's not clear to me what exactly you expect to Sync.
Container settings (names, colors, icons, assignments) should be synced (if not, please file a bug). Open tabs will be synced, not sure how they will open on another machine (considering URL-to-Container assignments should be synced, they should open in the respective containers – maybe there's a possible improvement here).
I expect the different Cookie stores to be synced as well, if not, that's a bug.
Please describe the behaviour you're seeing vs. expecting. Is the session not restoring the URLs in the right container? That sounds like a bug to me. The container names (if you change from default) should be stored in the settings – if not, something is wrong on your machine. If you want to always open some specific URLs on start, pin those tabs.
I updated the container names, colors, and icons. Opened a few tabs here and there. Installed a user agent switching plugin. Restarted to enable said plugin. While the session was restored, including the containers, the non-default container names/meta info were not. Tabs in non-default containers showed up with no labels, and there was no apparent way to open up a new tab in one of the custom containers.
Also, changing a container's color does not change the color shown on existing tabs.
But now that Google has fundamentally broken users' trust by locking people out of their own Google Docs through automated machine learning algorithm, can't you see why people are wanting to protect themselves from a corporate culture that allows those kinds of zealous and intrusive policies?
It was locking out journalists drafting stories!
How can you trust Google anymore? There's something rotten festering in Mountain View.
People seem to have the laughable idea that somehow only government censorship is bad, or that corporations aren't capable of censorship in the first place because they're private entities. I mean, yes, the world will look like that if you reduce everything to contractual relationships like libertarians seem to do, but personally I hope we could hold corporations accountable for actions like these. Like it or not, we've become extremely reliant on cloud services; Google closing someone's account without the possibility of appeal may not be politically motivated censorship, but it's still arbitrary censorship (even if you did click on the "agree" button on the EULA nobody ever reads).
Why shouldn't we hold corporations to the same standards as governments? If we don't want the government arbitrarily censoring people, why are we OK with corporations doing it?
> If we don't want the government arbitrarily censoring people, why are we OK with corporations doing it?
Because the "opt-out" process is orders of magnitude easier. You don't have to use Google. Microsoft has online document creation applications, as does Apple, assuming iWork still exists. Or you can just write documents offline using any of several thousand tools.
Corporate censorship is entirely under your control. You can always stop the censorship by simply not saying it using that corporation's tools. Corporations can control how you say something, but not what you say. Governments can control the act of saying it. One is far worse than the other.
I'm sorry but in most areas of online life the system monopolies of Google, Amazon, Facebook, Apple, and Microsoft are crushing our freedom and choice in tons of ways. You DO have to use Google Docs(for your PTA, your kids soccer team, your communication with your accountant or your church), because everyone else does. Most people won't be running their own mail server or Diaspora. There are many many examples of this by now, and this technolibertarian babble among many of my colleagues in Tech is getting pretty old.
I'm no libertarian; I'm just pointing out the difference between legal force and social pressure. You do not have to use Google Docs. You may really really need to, but there's no literal threat of imprisonment hanging over your head if you don't.
Again, by all means, protest Google/Amazon/Facebook. I'd love to see the state of affairs change too. Just don't pretend like missing your church bulletin is equivalent to actual imprisonment.
There used to be phonebooks on the Internet where you could put in your personal information and if everyone else did so too then you had this giant database of contact info where you could look people up. These of course had to make money somehow, but when you're sitting on a giant pile of personal information that's quite valuable in itself. It's a pity most uses of personal information for financial gain is morally dubious, but as long as you stay cash flow positive you don't have to turn evil.
Everybody understood implicitly that you only put in your own information. Giving away other people's personal information to a some company for which it is clearly valuable is not considered nice. It's simply not yours to give away. For the few who didn't understand this most companies had this in their terms of service anyway, as there could be legal risks involved.
All those companies are gone now. They are out-competed by a select few very large companies who did everything possible to make it very easy for people to input everyone else's contact information in their database, including making that behaviour default in the software that ships with your phone. In the beginning you could ask people nicely not to input all your personal info in third party phone book services. That's not really possible anymore.
The days when you could practically opt out of these companies are long gone.
Until all the big corps start censoring the same kinds of contents and behaviour by an unspoken consensus. At that point it becomes effectively as easy to live without all the major online services as it would be to live as an outlaw.
Easier or more difficult to get by without shouldn't distract us from the core point GP made, that corporate (arbitrary) censorship, with no redress, should be taken as seriously as govt censorship. These days they are just two arms on the same chimera.
Consider this: imagine the guy sat next to you at work starts yelling at you with a loudhailer all day. Every day. And he never ever shuts up. (Alternatively, imagine that he just whispers "fuck santosh" all day.) Would you expect him to be free to continue doing it? Would you expect the government to stop him? Or would you expect your employer to stop him?
The answer is: groups of people (and corporations are groups of people) are free to limit speech according to whatever rules the group decides upon. What you're proposing is that certain large corporations be treated as quasi-governmental entities. Which is a _free-speech restriction_.
Not saying it's a bad idea, necessarily. But I'd rather my freedom to say that certain types of speech are unacceptable was guaranteed.
In which case there needs to be easy to employ mechanisms to redress grievances, which tech corps currently don't have. For example, account lockouts and DMCA takedowns (when done by error or if the user thinks is unfair) are pretty much permanent. Your best option is to accept the data loss, move on and create another account.
My point is censorship is a huge responsibility and power, especially when it is done at the scale govts and multi-national corps do, and therefore it needs serious transparency and checks and balances, in both cases.
I don't see this happening to satisfaction. Instances of regrettable censorship stay regrettable, and keep recurring.
I'm with you for almost all of that journey. Companies should be held accountable for their actions. There are consumer protection laws, and I think it's reasonable for those laws to include protection against things like automated takedowns with no appeal process.
I just can't quite go as far as to say that Google or Facebook should be treated as governmental entities. The bill of rights restricts what government can do. It has never been interpreted as restricting what an individual person can do, even if that person heads a giant corporation.
Solve these problems another way, not by literally nationalizing social media.
Telling companies that they can't terminate user accounts without a redress or data recovery mechanism (which is what my original point was) isn't a restriction on free speech any more than us telling corporations they can't sell you poisonous food is. This sort of American "reductio ad free speachum" is really peculiar, especially when it's stretched to fit corporate actions like this that aren't even remotely related to anything anybody would classify as speech
This argument doesn't apply if you are suddenly locked out of your account. Then your option to switch still incurs the tremendous costs of the loss of possibly years of work. The original provider must still be accountable.
> Why shouldn't we hold corporations to the same standards as governments?
Because one of these organizations can throw you into a cage to be raped and tortured for the rest of your life, and the other can deny you access to some fairly useful web apps.
Denying someone's access to his own email inbox can have dramatic consequences on his life. Not as dramatic as being detained and tortured obviously, but still pretty serious.
There is already a case where private companies can't shut down their service to you as they wish, it's utilities (water, electricity, gas). I hope we can recognize at some point that Internet access should count as a utility too, and some core services like email service too.
So if that risk is so scary, build an e-mail service that protects someone's access to their inbox by contractual or technical means, and try to convince them to switch.
Any power that you take away from (comparatively weak, subject to competition) Google by giving it to (already terrifyingly powerful and monopolistic) USG is not a move in the right direction.
I think you're getting downvoted mostly because of calling Google "comparatively weak", but I think your point and your comparison is correct. Google is weak in comparison to the U.S. Government and, importantly, is subject to competition.
There are other email services which offer what people want. Want people are proposing is imposing their will on Google and the people that run it, even though there is competition out there that people could use instead and get what they want. Gmail and Google Apps are far from the only options people have, and far from the only free options people have. But if it is so important that people have an email address, then the USG could actually offer that (I've long thought the USPS should offer verified email addresses with strict spam protection by aggressively pursuing violators). Otherwise, let people pay what they want for the level of assurance they want.
The other side of this argument is that there are some things we do want to enforce companies do, such as offer a base level of health care in a package. I support this as well, because that solves an endemic problem where people have restricted choice and it also hurts society as a whole. That is, I think Hobby Lobby should have to provide birth control in their health plans because of the reasons outlined above, but I don't think any non governmental service provider that isn't a monopoly (and Google isn't a monopoly in cloud apps, even if there is an argument that can be made about them being one in search) should have to adhere to dictates about what what content they must allow on their service. That's a pretty slippery slope in my view.
> Why shouldn't we hold corporations to the same standards as governments?
Because you have choice of what to use. You don't always (or even often) have choice of what country to live in, and there's not a lot of unclaimed land that's hospitable. Some people may want a service they know the operators of will be proactive about keeping certain content off. Others will want a service that makes it their goal to not do that and protect everything on it. Choice is key here, and the government stipulating what needs to be done is actually restrictive, not freeing (you're just imposing your own views on others systematically). When there isn't a choice of what service/product to use, that's when other laws may come into effect. Anti-trust laws.
But weren't they locking those users because their algorithm thought it saw malware? It's not like Google said "You're writing a story about bombs or some other inappropriate subject so we're locking you out".
This sounds like one of those "damned if you do, damned if you don't" no-win solutions for Google. Users (and Google) don't want Google to allow people to use Google Docs to distribute malware and harvest passwords, they don't want someone at Google to look at their documents to see if they are "safe"
(which Google couldn't realistically do even if they wanted to), so then people got upset when the automated software Google uses to look for these problems did a bad job for some people.
While it'd be nice if every system and process worked well 100% of the time and had no bugs, that's just not a realistic expectation.
Firefox containers[1] are new, but you could always do this with Firefox profiles. If you're on Linux or Mac, open a terminal and type:
firefox -ProfileManager -no-remote &
(I alias it to `ff`.)
Create different profiles[2] for each separate browser you need, and then make shortcuts to launch them.[3] Each Firefox profile will work like a completely separate browser.
Firefox has supported multiple profiles for ages. Just run it with -P. It allows you to have separate history, extensions, bookmarks, everything.
The new panel containers are also handy. They allow you to have shared history and bookmarks but separate cookies and sessions. You can be logged into the same site on different accounts in two tabs in the same window.
There's no easy way of switching between them, starting a new firefox instance requires running from a command interpreter with -P specified, even the selection window isn't great. The containers feature is the alternative you want to propose here.
I went deeply into trying to use containers as a profile replacement, replacing Chrome with the new Firefox beta for one month, and I can report that it is not the right direction to go in:
- New tabs do not inherit current container
- No way to make Ctrl-T do this by customization (I investigated extensions (can't remap Ctrl-T) and even system-wide Ctrl-T remapping with Karibiner; neither gives you what you want)
- History is shared across containers. So e.g. work URLs mixed up with personal. That's contra to one of the main purposes of Profiles.
- External applications do not open a tab in the current container. So e.g. clicking in a link in work slack will fail because it will not open in a tab which has work cookies / google account etc.
Evidently Containers are not designed as a Profile replacement. I'm not sure what they are for but I don't think it's a need that I have.
As I understand it using the long-standing Firefox profiles feature is the way to go, but personally I switched back to Chrome after a month of the new Firefox Beta because of the convenience of Chrome profiles. I should try Firefox profiles, but I exhausted my experimentation energy on Containers.
Middle-clicking or Ctrl+clicking the New Tab button does inherit the current container. It also opens the new tab to the right of the current tab instead of at the far right of the tab strip. These actions are one in the same, so any extension that opens a tab to the right of the current tab (like Always Right or All Tabs Helper) also make the tab inherit the current container.
It's strange that such a useful feature is barely advertised at all in the UI, but it's there.
But your other criticisms of using containers as profiles are spot-on.
You can make OS links (e.g. different shortcuts on the desktop to different profiles) to start with different -p [profilename] then starting different profile is just a click away. I do it all the time using such configurations.
Also don't forget to add -no-remote option to each of the links to enable starting such browsers in parallel. Sadly it's not mentioned behind the URL above.
This works fine, but the problem is that it is not near as layman friendly as Chrome's "Switch User" feature that is available a click away on every Chrome window. Only tech aware people will fiddle with command-line switches and create shortcuts, yet even an average user would like to use multiple simultaneous profiles/users.
Firefox needs to improve on Chrome here. The erstwhile "Profile Switcher" addon provided a nice UI but is sadly gone after the WebExtensions transition and I cannot find an equivalent so far.
exactly. i cant believe nobody here seems to know about profiles or about:profiles. its the perfect solution. my setup is tree-style tabs (recently made to work with 57) and a different profile for each task (one profile for each language im learning, one for music, and one for each research topic i might be pursuing). whats your setup like?
But does about:profiles work bug-free for you? From my experience it has had a long standing bug: when you select a different profile to the one you're currently using and click the "Open profile in new window" button, it actually loads the current profile again in another window. I read on a forum somewhere (forget the link) that this was an acknowledged problem and would be fixed sometime in future.
So at least until then, about:profiles is no replacement for using the -P command-line switch to start the profile manager.
Using multiple profiles seamlessly is one area Firefox can and should seriously improve, or Chrome's "User" feature will always have the edge.
Yes, as other people have said containers does this magically. I even have Facebook, Instagram and WhatsApp sign-ins in their own container. Everything is separate and I honestly feel safer on the net because of it.
I've been using Pinboard for bookmarks since before browsers started offering sync. I can create and search those bookmarks in any browser, and since I use multiple browsers on multile machines, that's handy. My webmail is also accessible from any browser.
Syncing extensions and browsing history is not something I feel I need.
Pinboard seems to be minimally maintained. I've tried contacting the developer (it is just one guy) and have had no response. A bit concerning, if you ask me.
I have seen him being very responsive to paying customers and his charges are reasonable. However, it seems he did get deluged with delicious users whining at him after he saved that service, and you wouldn't reasonably expect a one-man business to be able to handle that.
You could always try tweeting him. He's also on HN.
Firefox 58 has "persona" tabs. Coloured tabs that keep their own sessions. You can just configure multiple personas and work on them all simultaneously from the same window (or you can use different windows, if you prefer).
It's good even for creating fake accounts, test accounts, testing apps from the perspective of different user sessions etc.
> I have work and a couple of personal accounts that I have signed in in different browser windows.
Don't do that. On one hand you mix work and personal related issues (not recommended) on the other hand it makes it easier to track you (as your accounts can be correlated). As a dev I have my own (personal, work, ...) users/accounts even at home (if I do remote) to separate the stuff - maybe that's paranoid, but for me it was great to improve work-life balance.
Yes, it's paranoid, but I respect your decision to do it. However the imperative mood used in your first sentence is totally inappropriate. That's exactly what Profiles are for; the vast majority of people are going to want to process personal issues and work issues without signing in as a different user.
For most Google SPAs I use an appify tool, that contains the site in a single app webview with no shared cookie store. Then in my main FF browser I have cookie crushing on, so that when I navigate away from a domain, all cookies that were created are destroyed.
Ok, I spend my life filling in captchas, but to me that’s a signal that it is working and Google aren’t overly sure who I am.
How do FF users do this?