Multi-account containers are THE reason I cannot switch away from Firefox (not that I have a desire to do so). Tying in a custom VPN location to a container is very nice but I wish I could specify a different VPN provider per container. For example: to log into my email or MS Teams account for work connect to my employer's VPN; to connect to Gmail use the Mozilla VPN; to connect to favorite "free-range, independently sourced" videos website I would want yet another VPN... and TOR enabled.
That said, what is so hard about Multi-account containers that Chromium doesn't have it?
You can use different VPN providers per-container-type; go to manage containers, select your container type, then click on Advanced proxy settings (last option); there you can input a proxy address.
For testing, you can just type the SOCKS5 address from your VPN provider, but that's not very secure.
In my case, I have a Pi running a few Dockers (with network pairs of OpenVPN/WireGuard + Socks5 proxies); it works decently enough, I can even use streaming services like Netflix / etc. if that's something you care about.
If you use Mullvad VPN, you can configure a different exit node per Firefox container using the SOCKS5 proxy setting. Each Mullvad server provides SOCKS5 proxy access to every other Mullvad server:
These SOCKS5 proxies are only accessible when Mullvad VPN is on, so the security is no worse than not using the proxy.
Mozilla VPN is a rebranded Mullvad, and both VPNs use the same SOCKS5 proxy mechanism to switch your location. The Multi-Account Containers add-on is better integrated with Mozilla VPN, but the feature works well with Mullvad, too.
Very cool! So if I assume that my ISP is recording/selling my browsing history, including which sites I visit, would this setup prevent me from being snooped on? I don't know if DNS goes over the socks5
SOCKS5 does not encrypt traffic, so if you put in a public / internet SOCKS5 server address that won't prevent snooping.
If you have a spare Raspberry Pi (perhaps running PiHole / AdGuard as well which takes care of DNS security and ad-blocking on top), or another server running you can spin up a Docker (or VM/or baremetal) with an OpenVPN / WireGuard client and a SOCKS5 proxy.
For example, in my setup I use the "dperson/openvpn-client" and "serjs/go-socks5-proxy" docker images (set the socks5 container to use the network of the vpn client, and expose the socks5 port out of the vpn container). You should explore whatever option works best for your home and VPN setups.
If you only want to encrypt browser traffic and you have access to a cloud server then you don't need to go full VPN, Firefox has built-in support for SOCKS proxying. Configure it to proxy on localhost:12345, then `ssh -D 12345 example.com` and now your browser traffic will originate from whatever server you've SSH'd into, no need to install anything on the remote server at all.
SOCKS5, the protocol, is not encrypted. Data is sent in clear text across the wire and can be intercepted at any time.
Of course, the data is just TCP and UDP packets, so you could be running a HTTPS connection over it (or DOH for DNS) but from the ISP's point of view SOCKS5 or no SOCKS5 they can see just as much of your traffic.
SOCKS5 to an external server is not solving encryption, you need a VPN for that; at most, it can solve anonymity (by hiding your IP address, presuming you trust the SOCKS5 server operator).
In my case, I'm using SOCKS5 to another machine in my LAN which in turn connects to an external VPN provider over an encrypted channel (OpenVPN or WireGuard).
That is true, however for "personal use" one of the popular uses of a socks proxy is to create a local socks server using ssh. Works on all big desktop platforms (on windows puttys plink.exe works fine, not sure if the inbuilt client has it but I'd guess it does too) and often with already installed tools and only need a server with SSH, and is encrypted.
And that is far more common than having a VPN, and again, might not even need to install anything on the client. So you could quickly configure a friends laptop to ssh+socks inside your own network to stream from a local jellyfin server, or whatever. Or bypass language restrictions on regional services when you are abroad on vacation etc. (all are trivial to do with a VPN of course, but this is quite handy when you normally don't have a need for a VPN and/or just want something quick with tools and accounts you know at the back of your mind).
Needing to go to an internal page or create a custom shortcut to even see the feature exists has always been the problem, combined with the poor profile switching UI once you do know it exists. In Chrome it's an inherent part of the browser UI and the browser not only shows it to you but explains to you how to use them. Remember 2/3 of Firefox users don't even have an extension, expecting them to just accept this as the answer is laughable.
I've always felt Chrome was missing proper containers and Firefox was missing proper profiles.
Yep, and that alone is enough for it to be too much a PITA to the average user. Modify a shortcut? Oh you mean all of them? Oh the Start Menu is customizable? Well I'm on a Mac. Well sometimes it doesn't work... wait what do you mean other programs can have opened Firefox and I have to reopen it with the right profile? I'm in the other profile now but the wrong stuff is there! (they didn't manually customize the secondary profile to be visually distinct). "just start with the -p flag" avoids the user accessibility issue with the technical answer repeated.
These are obviously answered problems for anyone on HN but not obvious problems for the majority of users that have never even installed an extension (even an adblocker). Chrome avoids all of these by automatically managing the shortcuts (clearly named), providing clear in-browser always visible UI about multiple profiles (also clearly marked), and explaining to the user how to make/manage them in app.
This is before getting into problems Chrome shares with Firefox like not syncing local profiles or issues with the way things work on Android.
I didn't know chrome offer multiple profiles. I wouldn't even know how to use them. Do you mean signing in with different google accounts?
For firefox, you would type it in the run box under windows from the start menu.
Whatever plugins or bookmarks or changes to the toolbar will help me tell this isn't my profile. If I haven't customized why would I care this isn't my profile.
> I didn't know chrome offer multiple profiles. I wouldn't even know how to use them. Do you mean signing in with different google accounts?
It can be a Google account or it can be a local account, both are treated the same.
> For firefox, you would type it in the run box under windows from the start menu.
In Chrome you don't have to know to leave the browser and run a magic command, you just click the profile icon built right in the browser. When you do it has stuff for managing the current profile as well as adding new profiles. If you add a new profile you can switch right from the browser window. It also creates the separate shortcuts to launch straight to the profile on the desktop and names them based on the profile. Part of creating a profile is it gets a unique theme automatically (or you can pick one of course), it's not something the user has to think ahead about or implement manually. This is all pointed out on the initial out of the box experience walkthrough as well as by in browser tooltips and descriptions. It'll also default to the profile selection window on a generic launch (e.g. another app triggers a page load) rather than require you follow any of these special shortcuts manually.
> Whatever plugins or bookmarks or changes to the toolbar will help me tell this isn't my profile. If I haven't customized why would I care this isn't my profile.
Remember most people don't use plugins, on top of the whole "you don't need to do anything for the profile to differentiate itself" difference. The bookmarks bar is also off by default. And even if there are minor differences it's a backwards way of telling which profile a window is in - the window should tell me the profile obviously, not just my memory of the settings for a profile and matching them to a Window. Worth noting profiles are also differentiated with the user profile picture in the taskbar button overlays and any shortcut icons automatically so this integration extends even outside of the browser window without effort of the user.
> If I am an average user am I using this feature?
I'd say most by percentage aren't. The most common use cases are kids with personal and school Google accounts or adults with personal and work Google accounts but even then it won't be every user. The number of multi-profile users on Chrome as a percentage of user population is significantly higher than on Firefox because of all of the above though.
I love Firefox to death but the profile UI is absolute garbage which is just crazy considering they are the ones that made all of the excellent UI around containers.
I share your... Whatever feeling this is. How can you have a feature and not make it accessible. Not even by internal customization, you have to go out there and install an extension "who is not monitored by Mozilla and could present a security issue". This is beyond me. In the meantime I am bracing myself for the next UI total redesign that will make sure no user can ever get used to using Firefox while disappearing features.
Logging into an account to change profiles sounds more like a privacy concern. I would never search google logged in. That's a crazy thing to do in 2022.
However, the UX for Firefox's profiles feature is godawful.
Lately though, I find I prefer not to trust the application to manage this and just launch separate profiles in their own separate app namespaces using things like firecracker, firejail, or similar (depending on need).
No. Firefox is way better. Firefox has profiles & containers. I just wish FF has a better support for PDF.
I keep my NSFW Firefox profile in a veracrypt drive. Using about:profiles I can launch the profile that I want to use, and start from previous session.
I highly recommend the Profile Switcher for Firefox add-on. Its user experience is very similar to Chrome's profile switcher menu. Different profiles must be loaded in different windows (like Chrome), but different containers can be used in different tabs in the same window.
With both profiles and containers in Firefox, you get different containers per profile, which can be a useful way to organize them.
Because Google doesn't want you to have privacy and avoid tracking. They are in the camp that wants more of it, and they want to control it fully on the entire world wide Web.
Your work’s VPN might have a strict policy against split tunnel VPN clients. Or they might have narrowly defined lists of IP blocks they split for bandwidth purposes (e.g. Microsoft’s O365 blocks to reduce teams bandwidth). If you think about it a split VPN tunnel with a default route to the internet effectively makes your client a bridge between your internal corporate network and the rest of the world. A bridge that browses the web and installs downloaded binaries.
Just something to look into since it could get you spanked by your net or sec team if your company has those.
Except that the behavior of creating a new tab via the + button vs. CMD+T (in Mac) is that one of them creates a tab in the active container and one of them does not. This is a dealbreaker for me and kills the hype.
Check out the "Sticky Windows Container" add-on.. it makes the container of the left most tab the default for that window. It's a pretty decent way to manage multiple default containers.
Containers are plumbed throughout Gecko. It's not trivial to add, but it's not intractable either. Somebody has to be willing to put in the effort, more than anything.
I suspect that account containers in Firefox has very, very low uptake. Why? Because it's a feature that is difficult to understand - it has nuance to it. Just understanding what it does for you requires a pretty sophisticated understanding of how browsers work, and how websites work. If uptake is low, it makes sense that Google would not prioritize the feature. As a happy coincidence, this also keeps the maintstream web in place, a relatively simpler mental model for ad tech software devs working on the web, where your starting point is a user browser capable of moving small strings between origins without the user's knowledge or consent.
Which leads me to the idea that maybe the feature should be better motivated! Perhaps we can show the user a meaningful and well-defined number, comparing for example the sheer size of a normal request vs one made in a container. If necessary, you can dig deeper into the payload, and ask questions of the system like, "What are they saying about me and my activity, using my own browser as a communication channel?" This latter one could be quite fun and take community contributions, small code snippets that know how to parse a request and interpret and display the meaning to the user.
This is where the imagination of a developer can be helpful, to basically characterize as completely as possible the patterns we expect to see. Because so far, that's a very low-level mechanism, and clearly there's more room for protocols - and given the nature of this problem, multiple, overlapping, dynamic protocols that are proprietary in nature. We can imagine origins that just suck everything in, doing unknown processing on that data, but giving us tools to measure aggregate engagement. The need to define an audience on something more than source IP becomes immediately apparent, and permissive 3rd party cookies have enabled a huge ecosystem to arise, and each persistent part of that is specialized in some way. But the money is in showing users ads, and showing them really useful ads. This means measuring the users and trying to anticipate their needs. We can base this on "identity" facts that don't vary much over time, or on "behavior" facts that vary a lot over time, albeit with lots of consistency for most of it. Both are used to predict what a user wants enough to spend money on. In particular, behavior, what are they asking about, learning about? What sorts of tools and supplies - things you can buy - are associated with the subject?
TBH if this happened on the client side, I wouldn't find it creepy at all; I'd find it quite useful. There are really two problems with server side processing of identity and behavior: first, it quickly gets bigoted when people are asked to associate an identity with a consumer demand. Who gets to make this association? Are we okay with this being a self-reenforcing mechanism since we are pushing identities toward the behaviors we associate with their stereo-type? Second, it lets servers split the internet without our knowledge. The incentive to garner as much attention as possible leads inevitably to breaking our shared perception of the world. At least, back in the day, you could argue with someone over a book, and know you have read the same book. But now, the book is a screen, basically a browser, and it is very different for each individual, and no-one is fully aware of this truth.
I'm being utterly serious when I say that these are the kinds of issues, technical and philosophical, that users need to be aware of before they can get excited about a feature like tab containers. Given the level of civic discourse in the wider world, my hope that people would be open to learning about it is slim to none. Heck, even most devs prefer not to think about it, and just make the changes the money wants to make, without regard to the users benefit. Then of course there is the secondary market for this data, law enforcement. You could probably get 80% of a panopticon by just hoovering Google analytics data for "alternative" processing. You get the rest by piggy-backing Cloudflare and the like. The interesting thing about CF and other CDNs is that they can provide an alternate, and unavoidable, surveillance function, since they can use access logs, and you cannot use the software without getting the bytes. This ends up being a strong argument in favor of content-addressable resources, rather than named resources: they would let a client rotate physical access, and these segmented logs would make it hard to recreate a coherent timeline. But not impossible: if enough sources cooperated, the could aggregate their logs and you'd lose your anonymity.
No, what the world needs is not just a defensive thing like tab containers, but a more aggressive thing. Rather than isolate an account's data, why not provide all the connectivity it wants, but poison the well. Manipulate the messages sent out by your computer to mislead these trackers: shift identities, access different resources, do different things in those resources. It should look identical to ordinary host lookup traffic, but the messages will be different, noisy, worse than useless. Maybe call them "active defense containers".
> I suspect that account containers in Firefox has very, very low uptake. Why? Because it's a feature that is difficult to understand - it has nuance to it.
Every time I've demonstrated containers to someone they "got it" right away. Some were unimpressed and didn't see how it would benefit them while others were blown away and ran off to install it on their machine, but seeing how I could log into the same website in different containers with different credentials -- without having to spawn new profile windows -- is not that hard of a concept to grasp. Explaining the "why would I want to?" is a different question entirely.
users understand the idea, firefox just makes it hard to use conceptually. I see tons of everyday people using chrome's profiles which are effectively the same thing at the window level and its clear what context you're in.
while firefox's concept is more powerful its also harder to use appropriately.
I don't think users understand the idea. Partly what I wanted with my long post is for someone to say, "Hey, you don't need to understand that to get account containers!", but so far, nothing. I love users, but I'm under no illusions about the extent of their knowledge.
then you're incorrect. ./shrug. I am a user, a developer and I definitely understand the ideas and how the different browsers implement them. containers are just clunky to use in the manner a user actually wants to partition their browser contexts.
they're good for sandboxing one site from others but the way many people want to use profiles is to entirely separate their windows by profiles.
lets say for example I have two gmail accounts one for corporate and one for personal use. switching between them isn't fluid in firefox because containers are site based. and profiles are completely hidden.
firefox doesn't make this easy. I can't whole switch a window from one profile to another when I want to switch from personal -> work contexts.
Even though I'm using Container Proxy myself, you can almost do the same thing with the official plugin (Manage Containers -> Click any Container -> Advanced proxy settings).
Absolutely loving FF containers & their VPN.
Mozilla VPN integration was the reason why I gave their vpn service a try, and so far it’s been an absolute blast. I completely forget that I got an VPN running in the background, that‘s how fast it is.
I made containers for all of the big tech companies. With the VPN settings per container, Google now thinks I moved to Swizerland lol.
This seems a bit weird as containers still share history and other data between them. I get that they're not supposed to replace profiles, but this feature seems more suited to a per-profile basis than per-container because of said leakage. Of course, you can already do per-profile VPNs via split tunneling and a --profile specifier on startup, but it'd be nice to have a better UI within Firefox itself for the idea.
I also wish the UI was better. Adding domains and containers is awkward.
Not to mention that with some sites like Google, it's difficult to make containers work, for example of you want to use Gmail and google search without being logged in to Google search. Same with YouTube. It will switch to a new container because of a different login domain.
I gave up on containers in Firefox a while ago. They didn't really support subdomains, which made using some services (e.g., AWS) extremely painful. Any site with a different subdomain for the login page, the auth flow, the dashboard, etc., became unusable. Don't know if they ever fixed it to allow for grouping subdomains.
I didn't find that unusable...you just have to add all the sub domains to the same container. Usually it isn't very many.
I use the "no container" default for work stuff, which means everything just works normally. Anything that isn't a tool for work, that gets a container.
You can achieve pretty much the same result for the use cases described in the blog post today with the SPN (https://safing.io/spn/) - using any browser:
The SPN automatically routes every connection individually over multiple hops through the onion-encrypting network, resulting in many exit servers being used simultaneously.
Disclaimer: I’m Co-Founder/CTO of Safing, the company behind the SPN. You can ask me questions here - I have notifications enabled.
I need to use them almost daily for work. AWS SSO and often need access to multiple accounts at once. Without multi containers this would be a serious PITA
You could already do this with Mullvad. Use an extension such as Sideberry which allows different proxies for different containers. Then use Mullvad's socks5 set of endpoints.
It's not mentioned in their post, but Mozilla VPN is a brand/browser integration of Mullvad, which is excellent, so that's what they're using underneath the branding.
Ok, but where the hell are my Android extensions? It's been years, what possible excuse is there? Either admit you just don't care about extensions so I stop wasting my time, or stop wasting resources on pointless vanity projects and get your shit together. Every new random thing like this is an insult to longstanding users who are still wanting for the baseline experience they had years ago.
It's nice that iOS 15 added WebExtensions support to Safari. It's not so nice that the feature only works with Safari, and that other browsers like Firefox are excluded even though Apple mandates that they use Safari's browser engine and does not allow them to "download, install, or execute code which introduces or changes features or functionality of the app".* It's also not so nice that a developer must pay Apple's $99/year developer fee to keep a browser extension for Safari in the App Store, the only way to publish browser extensions on iOS.
Kagi was last updated in September 2020. If it manages to get an update approved by Apple and set a precedent in the App Store, I'll be glad to see it.
Yep, that's the provided workaround. If you don't want to use Firefox Nightly, these Firefox forks based on the stable channel have access to all of https://addons.mozilla.org through the same steps:
Firefox for Android does support (proper) browser extensions. I have uBlock Origin, for example. The problem is that by default Mozilla only allows a small number of extensions since the redesign/new Firefox.
There's a way to use the other extensions, but it requires FF nightly and our own list of extensions:
> It's just that you can't use all extensions on it as of now.
This is so incredibly misleading I struggle to take it seriously. They had _thousands_ of add-ons on firefox and any remotely popular add-on had a firefox-for-android release. If I open Nightly right now and disable custom add-ons I see a woping _18_ add-ons available and this is _3_ years after the first release with GeckoView.
They made the design decision to change to GeckoView engine in firefox 79.
They made this decision with the awareness that it would break all of these add-ons. They have made a very low design effort in the last 3 years to resolve this.
Users went went from hundreds of add-ons and stabilished workflows to 18 add-ons after 3 years of rolling updates.
Power users won't be stopped by this, as Celso mentioned you can add your custom collection on AMO, but it speaks volumes about how much lack of focus there is in FF and the lack of user voice in the current design decisions.
Another Mozilla PR piece regarding "privacy"... let me see, did they finally bundle (or reimplement) uBlock Origin as a standard feature of the browser? No. Did they make telemetry opt-in as required per the GDPR? No. Did they stop opening Mozilla webpages on first run which contain Google Analytics (also in breach of the GDPR)? No.
Snark aside, this change (for once!) does have some benefits. Tracking using IP address & user-agent alone is pretty strong regardless of cookies/etc and can't be completely blocked client-side when you do need to load the requested resource (such as browsing the malicious website, or third-party websites using Google Fonts/ReCaptcha/etc), so containing these within their own VPN, separate from other browsing activity is an effective countermeasure.
While I agree with most of your points, I don't want Firefox to implement uBlock Origin.
Should Firefox prioritize compatibility with it? Yes. Should the uBlock Origin developers have the personal cell phone of Mozilla's CTO? Also yes. But there's nothing to be gained from absorbing it, and all we'll get is more bureaucracy.
If anything, I'd like Firefox to focus more on their core product, not less.
My argument is that Firefox should have functionality equivalent to uBlock Origin by default, so that less tech-savvy users who install the "privacy" focused browser actually get some without having to browse for extra add-ons and potentially install an inferior or outright malicious option.
That'll cause Firefox to get blacklisted by a large number of websites.
It doesn't take much for a website to determine that the Firefox user agent (or detectable fingerprint) results in zero advertising ROI. They'll block it outright and ask you to use Chrome.
They derive nearly 90% of their revenue from allowing Google to be the default search engine. Default uBlock is an impossibility. If you’d like Firefox with that feature, try the LibreWolf fork.
That doesn't prevent me from calling them out on their bullshit. You want to make money from ads? Fine, but don't go around shouting "PRIVACY" at every possible opportunity and giving people a false sense of security.
Maybe not integrating it, but allowing uBlock Origin to use Firefox Sync and sync filter lists and other settings would be very useful on Firefox for Android:
That said, what is so hard about Multi-account containers that Chromium doesn't have it?