Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What do Firefox containers do that Safari doesn’t?
4 points by iamdamian on June 23, 2019 | hide | past | favorite | 9 comments
I haven’t found any answer to this online but figure HN is the place to find out.

If I use Safari out of the box with third-party cookie blocking, default uBlock settings, and Pi-hole, what do Firefox containers add to the picture from a privacy perspective? Which specific types of tracking would be covered by containers and not these other tools?

Note: I’m not asking about UX or security unless it also has direct implications for privacy.




It lets you sandbox your activity - for instance, preventing google from linking your activity for a work account with that from a personal account.

It also adds some confidence that vulnerabilities won’t be used to track or crack sensitive interactions. For instance, if I log into my bank only in one container and browse untrusted sites only in another, I can be more confident that my bank account won’t be subjected to a XSS attack.

And then, some sites (AWS, I’m looking at you) make it really really difficult to manage multiple accounts from a single browser.

Finally, Safari’s extension ecosystem and developer tools kind of suck. This way I’ve got access to Firefox’s.


What I can discern from your answer is that the specific type of tracking stopped is based on XSS and nothing else, is that right?

And if that’s the case, then if I am someone who is primary worried about being tracked by ad networks, then I don’t really need Firefox containers. Is that fair?


Only if you’re confident your ad blocker blocks them effectively. Also, it isolates cookies (so for instance, Facebook can’t tell you’ve visited sites that embed its share script if you visit them in a container where you never open Facebook).

But yeah, containers are about isolation more than privacy. It’s like having multiple independent browser instances (each of which has a name and remembers your state and logins and such for just its own instance, even through restarts) at once.


That makes sense, thanks.

So a concrete example would be that a container would block a Google Analytics script from setting a first-party tracking cookie if, for some reason, my ad blocker weren’t already blocking that script.

(My understanding is that, with third-party cookie blocking, cookies are already isolated, but not if a site has set up first-party cookie tracking. That tracking can only be blocked at the script level.)

Is that about right?


Containers don’t block cookies.

But a cookie set in one container is available only in that container, not in other containers.


That is true, although that says nothing about the ability of whoever provided the cookie to track you across containers through said cookie. I believe this is the basis for all cookie-based tracking.

What I am gathering from this discussion is that containers are really not targeted at privacy as a use case, unless you have an ad blockers that isn't effectively blocking specific scripts from setting tracking cookies.


How would it track you across containers with the cookie when the cookie set in one container doesn’t even exist in another?


I am not completely sure, but I would guess that first-party cookies for third-party ad/analytics services have this ability.


They don’t. You need to be able to read a cookie in order to track the user.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: