Hacker News new | past | comments | ask | show | jobs | submit login

> I’m not sure whether that is because Mozilla consider it unsafe, unpractical, or don’t want to commit to maintain the feature in future releases.

I imagine it was implemented for the container tabs.

The main problem I see with account containers — still — is that you can't say "this container can only have certain websites in it". For example, if you put reddit in a "social" container, but click on links to the stories, then you have all of your cookies and stuff polluting the social container.

The Facebook Container Extension does this. The maintainers hard code the list, but it really makes me think that someone can make an extension to let a user manage a list themselves. As an early adopter of Facebook Container, I had to live through when I couldn't log into messenger.com (the only part of facebook I really used). For that specific project, they maintainers wanted to control the list of domains as opposed to allowing users to maintain their own list and "dilute" the effectiveness of the container for "everyone else". Ie, if something was missing, they wanted to fix it upstream and push it down.

I would like to see an extension like this for google. I do use google and I have set the various google apps I use to only open in the google container. But the main google.com/search domain does open in any container. I have to be careful if google prompts me to login to not login.



I feel like the cause is most likely that there are just too many darn websites for a user to be willing to specify them all. Solving this would seem to require some global database of "all sites run by company X" that undergoes constant maintenance.

How far would the WHOIS records go toward providing that info?

Not sure... sounds to me like you'd at least need a cache of all WHOIS records in the world to be able to invert the mappings from an org to its domains.

The Temporary Containers plugin is very nice. It can be configured to keep all tabs completely isolated, as if they were their own browser.

And you can set it to isolate subdomains or not, which is very useful when you need multiple tabs and want the same session in them.

FPI was implemented (and enabled by default) in the Tor project and ported upstream back into Firefox. Container tabs is a side-product from that effort.

Not quite, it's a different axis. Security tokens in firefox contain the domain of the actual request/resource they are related to (e.g. the domain of an iframe) and a bag of data called originAttributes. Containers are one value in that bag. The top level window domain (1st-party) is added as another value if you enable FPI.

If you enable FPI, is there any benefit to also using container tabs? That is, assuming that you aren't using containers to allow you to log in to the same website with different accounts, but rather to keep data from different websites separate?

FPI is intended to stop tracking between domains. Containers are designed for the other use case you just described. You can use them both at the same time if you want to achieve both.

It could be off by default because, in Tor-strict form as imported, it breaks the web for too many users to make the value it provides worth a default-on. That’s a common consideration for preffed-off features in many browsers.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact