The only thing I would love to see for containers is some sort of VPN that lets you connect through a different server on a specific container, and potentially isolated web history between containers. Then if I'm live streaming my browser to online strangers, one of the suggestions should be for anything personal (or if streaming to relatives / co-workers you don't expose your online life, which can be problematic to some), and also due to the container going through a VPN, or maybe even some sort of paid proxy service idk, my IP isn't potentially exposed to internet strangers. Given such an expansion to containers, I would double down and if you open any link from another app, Firefox would ask you which container to open the link through, this way you don't open it under the wrong container.
I know, I know, probably a bit more than containers were intended for, but the containers thus far have been great otherwise. No need to open multiple browsers to test software quickly under multiple accounts, I can just login through all accounts I need to test on multiple containers.
Edit: The more I think about it, the more I feel as though Mozilla could find plenty of VPN (their own underlying provider included) providers to fund support for these changes to make them generic across VPN services and transparent.
Hey there! I'm one of the devs on this project. We made some progress last year on per-container proxy support. Follow this issue for (hopefully soon) progress here:
Probably not exactly what you want but for proxies you can use Container proxy[0] (not affiliated), which allows you to assign different proxies added by yourself to specific containers.
I've used containers with container proxy for well over a year and it works great for segregating work traffic on my home system. I use a container for work traffic that is assigned to an SSH session to my work system that exposes a SOCKS proxy that I make sure is running.
Eventually I moved work browsing to a different browser that I set to run through that proxy explicitly, but I still have the Firefox config set up in case I don't want to launch that, or don't care to copy and paste to the work browser some times (I wish I could find a way to make links launched from Outlook/Teams to open in Chrome but other links to open in Firefox).
I'm not, but just yesterday or the day before I was thinking maybe I'd write a simple application to take the URL and make decisions what to do with it afterwards based on whatever data I decide is relevant (time of day, domain, etc). If I had access to what the source application was that would be ideal, but I doubt Windows 10 supplies that.
If you care about security through compartmentalization that much, you should try Qubes OS. It allows to use different VPNs for different VMs with a pretty good UI.
Basically every new tab is a new temporary container. Isolation all the time, by default. It's an added exercise for the reader, but you have to go into the settings of the extension and modify some of the mouse behavior. Basically if I want a link I click to share the same container as the parent, I Ctrl + Click. Left-clicking or middle-clicking is always a new temporary container.
Containers are so much more than cookie isolation.
The main Firefox Containers extension has a nicer UI but quite a lot of missing features. Mainly the ability to edit the site list directly, and the fact that the way it registers a site against a container means it can't support adding a redirect to a container, nor (related) having separate Google services in separate containers (e.g. a Youtube container and separate Gmail container).
For me a source of some frustration is redirects and subdomains, which I need to visit manually with network switched off in order to add to the right container. This will help a lot for that issue!
The only thing I sometimes have a problem with is when going through a payment flow using PayPal and forgetting to open the site in a persistent container. Many sites will fail to process the payment on the redirect back to the site as it ends up in another container.
I haven't looked recently, but I didn't see an option to open a site in an existing temporary container based on domain if there is one already open which I believe would solve this.
Anon browsing allows max 2 separate simultaneous contexts: the anon session and your tracked session. This allows many different anon sessions. It's also a nicer more consistent integration if you already use (permanent) containers.
It's per tab not per window and they can coexist with trusted containers. It also has a non-automatic mode where you select sites that open in temporary containers instead of selecting sites that don't.
Firefox Containers is a great feature that deserves more credits. This feature allows us to avoid tracking, while at the same time ensuring the convenience of use and does not require the user to change their habits. Do you want to limit facebook? Create the container, set the default facebook.com opening in it, and use the browser as before. This should be a standard feature in any browser.
Not a container user so I hope you don't mind me asking, how is this different to opening facebook in new private tab/window? Is the convenience in the act of automatically opening it in container if you type in facebook.com or follow a link to it?
what you mention is one advantage, another example is that you are not limited to 2 contexts (private tab & non-private tab vs as many containers as you need).
Related to the advantage you mention is also the reverse: clicking a non-facebook link from the facebook container can (if you want) open a non-facebook container
yes, you could describe that use case as "quarantining" websites in short, but I'd say it's a power user feature if managed manually.
If you install the "facebook container" extension, it's zero conf but it's only for facebook.
Another use case I saw users being interested in, is you have 2 (or more) accounts on a website and you can login in both at the same time in 2 separate containers (you cannot quarantine the website to the container in this use case because you need to open it in multiple containers). You can do that with incognito, but the second one is very temporary as closing the browser is going to log you out.
Love seeing mentions of Firefox containers on HN. The native multi-account containers UI isn't able to do things such as container filtering, bulk rename/delete/recollection/etc, so a bit less than a year ago I wrote a lightweight extension to help manage containers here:
Containers are great! But since the recent v.91 update screwed the tabs up so much, there's no quick visual way to scan and see which container-type each tab is.
Great stuff, well done Mozilla! What's the point in being able to customise a container's appearance, including colour, if they're not described on the tab itself?
next to Containers, it is the only reason I still use FF, if FF drops support for either TreeStyleTabs or Containers there will be zero reason for me to continue using it.
Better performance not necessarily, but you can set custom rules for containers. You can set the user agent and proxy settings on a container base which is nice
Made a performance comparison a few weeks ago to compare sidebery with TST (I got a few thousand open tabs, spread over ~50 windows) and didn't get the perfomance penalty I used to.
Side note: some plugins "crashed" when testing TST, sidebery and tab stash at the same time. Sidebery seemed to be the most stable. (had at one time no adblock anymore so that's something)
Side note 2: I really like some things about sidebery for instance the grouping of tabs and the possibility to see your bookmarks. TST needs to be extended through plugins for this, but some functionality is really only available in certain plugins.
Side note 3: The tab handling of sidebery and TST feels quite different... If you are used to the normal tab handling you will be confused with sidebery... a lot (you can reconfigure it to be more vanilla, but I had multiple problems configuring the plugins). The tab switching isn't at all obvious at times.
All in all I would recommend everyone to play around with containers and vertical tabs :) I know this little rant here went on a huge tangent from the article, but I wanted to clarify my experience with the named plugins.
How do I get over the reluctance to grant an extension to "Access your data for all websites"? I would love to have some of these extensions but it feels like a huge security risk.
If you really want an extension that requires that, and if it has a repo, you could vet the code a bit (it's JavaScript, so somewhat accessible), and load it as an extension from a file after packaging it up.
Alternatively, you can install it, look in your profile dir until you find that extension, and look through all the code it's using, and turn off automatically update extensions in Firefox when you're happy you want to keep it.
People can say what they will about the great extension convergence where Firefox switched to Chrome style extensions, but having everything just be JavaScript that you can easily review yourself is pretty nice.
By reading the feature set and realising that some of them cannot work without that permission. For example, you can't have a password manager, a CSS style injector, or an ad-blocker without that access.
After taking a quick look at the add-on from the comment above, I bet it's the snapshots feature that requires it.
If you previously disabled the Proton redesign in about:config then you need to undo that setting. It no longer disables Proton, but it does interfere with the colored line that indicates which container each tab is a part of.
i think tweaking browser.proton in about:config will break this. Saw this on Reddit a while back when looking at why my containers were bugged (for a totally different reason.
Your decision to be a dismissive smartarse really annoyed me, because of course i'm not that much of an idiot.
Turns out that like another respondent here, animesh, I had 'browser.proton.enabled' set to false too from an attempt to fix my tabs last time FF buggered around with things. Setting that to TRUE has got the colours on.
When I see anecdotes like this, I better understand why Mozilla is moving away from about:config. A thousand variables makes issues far more difficult to debug.
Huh? I'm on 91.0.2 and the coloured border is still there. If there's a newer version (nightly?) where it's gone, I'd have to agree that's an egregious UI FU.
Nope. I don't play with userChrome.css at all. I am just using the System theme.
Just found that I had the `browser.proton.enabled` false. Toggling it brought back the border. Wow. I completely forgot about this setting I changed around FF 87 or so.
I am using the System theme and don't see it. Huh. I don't remember trying any about:config fixes as well recently. Wonder what is different between our versions.
Don't forget, you can still use multiple profiles. I have multiple shortcuts setup, each starting FF with a different profile. Within a profile, I use containers to further partition things.
edit: for instance, I have a 'banking' profile with containers for each bank, brokerage, etc. The profile is totally separate from my 'general browsing' profile, so nothing can be sniffed. And the containers allow me to partition off each service
I use profiles and containers together in Firefox, which gives more flexibility than either of these features alone.
Firefox lacks a built-in profile switcher menu like the one in Chrome, but the FOSS browser extension called Profile Switcher for Firefox is a similar replacement:
What benefit do you get from starting another Firefox instance with a different profile compared to simply using a different container in the same instance?
The ability to configure browser and extension settings differently for different profiles, plus different history/cookie for each.
This is nice for experimenting with changes to umatrix settings without having results "pollute" my long-lived container storage.
Also nice as a relief valve for when I don't won't to deal with my locked-down default settings, and just want to open up a site with everything enabled in a temporary container that gets blown away when I'm done.
other the copy/paste the url? I'm not aware of one..though, that's not very 'seamless' :-) The whole idea is that profiles are totally separate - separate process, config, etc.
I always wondered why there was no easier way to change profiles in firefox than about:profiles. I am not sure what your solution is though, would you mind going into details ?
Thanks in advance
There is an easier way, if you are willing to install the Profile Switcher for Firefox extension and accompanying connector. See my other comment: https://news.ycombinator.com/item?id=28356472
The problem is that this is the same solution as it was in 2005 and no average user is mucking about with specified shortcuts or command line flags. Chromium has demonstrated the most obvious GUI for this but for whatever reason the FF product team believes we should prefer about:profiles or this solution.
I launch my FF profiles from the terminal using aliases. But I guess some people would find that difficult (though it's not) even if they do happen to be a Linux user.
Personally I love containers and I can't imagine using a browser without them. Though one issue which has been long standing for me is - tab search ('%') only works for current container. This is a big problem if you have 10-15 tabs open in different containers. Switching to tab you want is not easy. I wish mozilla prioritized and fixed - https://bugzilla.mozilla.org/show_bug.cgi?id=1479858
Firefox containers are cool. I do wish though that they were better integrated with the rest of the browser eg. bookmarks , history, downloads etc.
I am aware that I can configure it to open certain sites in certain containers always, but that is not ideal in many cases eg. using github/gmail for both work & personal use.
I currently use an extension [1] that enables support for opening links in specific containers using custom protocol handler. So now I can have a launch-gmail.sh script that invokes
BUT FF only seems to remember the login/password for 1 of these at a time. I had hoped that putting them all in different containers would fix this but it appears that FF only matches based on the base domain name, and not the full sub-domain.
If AWS had the domains structured as:
I have the same issue, but I don't see the same thing.
I have bookmarks set up with URLs like your first set:
company1.sigin.aws.amazon.com
...
But as soon as I click one, it gets redirected to:
signin.aws.amazon.com/oauth?<War and Peace>
Which is interpreted as the same URL for all accounts.
One solution would be to have FF containers tie into the bookmark editing code so we can set the container by bookmark. That is, when I click a bookmark with a container set, that container should be used to open the site regardless of the URL.
Have you considered using a password manager? With 1Password I'm able to save all logins for my AWS accounts and then just select the appropriate one when logging in.
I use pass (password-store). I haven't added any firefox plugin to manage that for me. So I always go back to the terminal for copy/pasting the details.
I use different profiles for that...
basically, I have multiple Firefox shortcuts, each using a different profile. You can also use containers with the profile to segregate things even more.
While Firefox doesn't have WebExtension APIs for browser profiles, the Profile Switcher for Firefox extension uses a separately installed connector binary to add a profile switcher (similar to Chrome's) in Firefox. See my other comment: https://news.ycombinator.com/item?id=28356472
Those are for different things. I use containers to log in to the same website with different accounts without having to switch browsers or open a new window. E.g., since Discord still doesn't support switching accounts in the year of our lord 2021, I have a container set up for the discord account I use for IRL stuff, and my personal account logged into the "vanilla" container. I can keep both discord tabs open side by side and get notifications from both.
Even for websites that allow switching accounts, I prefer to use containers especially if the accounts go across different "domains" of my life. If I must log in to something personal at work or vice versa, I generally use a container for that to keep them separate.
I use containers to only use some google services while signed in. For instance I use gmail signed in but I google search in a separate container to not log that data in my account.
I may be fooling myself and google can identify it anyway through my IP or something but it feels like I get a little extra anonymity.
I use ddg primarily, but I regularly need to use g! to reroute myself to Google when searching for anything that I don’t already have domain-specific knowledge for.
Like if I want to just check syntax for a new programming language, ddg can handle the search just fine, but if I am doing initial research for a problem I don’t understand well, I need Google to get consistently relevant results.
But the search is not as good. Or good might be subjective in this case. But I tried using DDG mutliple times, but every time I end up just doing the same search on google becouse it is much better at giving me the result I want.
Earlier this year when PS5's were really hard to get, I used Firefox Containers to help get one. One of the tracking services would tweet that some retailer had them for sale. I would use containers to open a dozen connections to the server. A couple containers would get through and eventually I was able to complete the purchase transaction.
It took about a week of trying and I was successful at Walmart and BestBuy.
I wrote up a quick email to friends/family at the beginning of the pandemic about Firefox containers in regards to the vaccine signups that were occurring. Since there was site isolation you could get as many “slots” as you were willing to solve capchas. Most of my friends and family were vaccinated because of this feature. A bunch say they use it now a days for normal site isolation but I did at least convert some people off chrome that way.
You would think but no. Open a private window and log into a site. Then open another and it’ll be logged in. Incognito windows share cookies. They are deleted once incognito mode is turned off but that doesn’t help us in our “open 100 windows at the same time to get a bunch of slots” use case here.
One issue I have when using containers is that if I have a non-containerised tab and I click a link in it that leads to Twitter, which I have a container for, a new tab opens in the container, but the current tab also switches to a Twitter tab with the click, clobbering my session/history.
Is this a bug or conflict with another setting or add-on?
I have things like CanvasBlocker, uBlock Origin, Tree Style Tabs, etc, and disabled third-party cookies. But nothing that should actively interfere with it. wrt containers, I have Multi-Account Containers, Containerise, and Temporary Containers. It happens every time I go to a URL that has an associated container I've made (YouTube, Twitter, Facebook etc).
I might try resetting my container plugins to see if I can clear it.
Fixed it. Containerise has a separate "Keep old tabs" setting that is different to the Multi-Account Containers "Replace tab" functionality. It works as intended now. Horray!
I've been using Firefox Containers for over half a year now (I use it with the Temporary Containers[1] extension). For most parts, it's working great.
However, whenever I encounter pop-up sign-in pages, such as for older websites and some Firefox extensions, the resulting user session cannot be accessed by the original page or extension. This is even if I open the pop-up with the same container, or with the 'No container' option.
The problem here comes in when you have things like SSO where many sites auth to Google, or AzureAD, etc.
With Continers I can login to the same site with mutiple accounts, for example one common use it where you have a Admin Account, and a Regular Account. You can use FireFox Containers to access the same site(s) using different accounts
I also do this with Amazon, so I can have my Work Amazon, and my personal Amazon separated with out having to use the "Change Account" feature which I find to be annoying
Yeah, I agree there are definitely usecases containers address that FPI doesn't. However, if your use case is just "I don't want Facebook and friends to track me across websites", you should give FPI a try!
One of the unexpected benefits for me has been that I can lock any OAuth enabled app to a container for the OAuth provider I use. To login, I check which container I'm in and click the associated button.
Before this I'd always forget which OAuth provider I previously used. Did I Login with Google to DigitalOcean or did I use GitHub? Worse, I'd often click the wrong button and get logged into a new/empty account. I never came up with a good rule for which OAuth provider I should use, so it's a guessing game.
Locking the app to the container means I don't really need to think.
There's a petition on ideas@mozilla for implementing containers in the mobile version of Firefox, if you'd like to vote for it: https://mozilla.crowdicity.com/post/721603
The last times I looked at the Firefox Multi-Account Containers addon, the story for managing persisted data and cookies per-container was abysmal. Is it now possible to seperately manage each account's persisted data?
The free and open source Profile Switcher for Firefox extension, paired with the connector app, adds a browser profile menu to Firefox similar to the one on Chrome. See my other comment: https://news.ycombinator.com/item?id=28356472
I know, I know, probably a bit more than containers were intended for, but the containers thus far have been great otherwise. No need to open multiple browsers to test software quickly under multiple accounts, I can just login through all accounts I need to test on multiple containers.
Edit: The more I think about it, the more I feel as though Mozilla could find plenty of VPN (their own underlying provider included) providers to fund support for these changes to make them generic across VPN services and transparent.