[stavros]

The Facebook container is great, but I wish there was an option for the built-in Multi-Account containers to work this way. I've been doing what the Facebook Container extension does, but with built-in containers, and the experience is very clunky.

The two biggest issues are that I can't give the container a list of domains beforehand and say "everything under google.com should open here". I have to go to each Google subdomain and set it to "always open in this container" with three or four clicks. The other major issue is that there's no way to have links outside those domains open outside the container, so whenever I click a link on Gmail that goes to Github, Github opens in the Google container and I always have to copy/paste the address to a new tab.

Fixing those two annoyances would make the built-in containers feature amazing. Maybe I should file a feature request.

EDIT: I have filed a feature request: https://bugzilla.mozilla.org/show_bug.cgi?id=1621276

[kiwidrew]

I also wish that the basic container feature worked like this.

In the meantime, I am very happy with the unofficial "Google Container" addon [1], which is just a copy of the Facebook container that works its magic on Google domains instead.

Give it a try. It doesn't interfere with the official Facebook container addon.

[1] https://github.com/containers-everywhere/contain-google

[Fnoord]

To complete GAFAN/GAFAM or whatever it is called there's also one for Amazon [1] and Microsoft [2] (I wouldn't care to avoid tracking by Apple or Netflix).

[1] https://addons.mozilla.org/en-US/firefox/addon/contain-amazo...

[2] https://addons.mozilla.org/en-US/firefox/addon/microsoft-con...

[blahyawnblah]

Why is it OK to be track by Apple or Netflix?

[Fnoord]

> Why is it OK to be track by Apple or Netflix?

That is not what I asserted.

I asserted I don't care about it. I don't believe Netflix tracks me outside of .netflix.com and I don't believe Apple tracks me outside of .apple.com (and the other domains ofc). If they do, you have to convince me it is harming my interests (ie. my privacy or freedom of choice).

I know Google tracks me, I know Facebook tracks me. Their profit model is surrounded by this tracking. I know Amazon and Microsoft track me. Their profit model partly relies on tracking.

[JohnTHaller]

Now that Apple is forcing app developers to use Sign in with Apple -- and developers will have to also allow it on their websites so you can access your account there -- Apple will be able to use the Sign in with Apple javascript they serve to track you around the web just like Facebook and Google do, even if you don't use any Apple products.

[pgoggijr]

While this is true, it is obvious how the other names he listed would benefit from such tracking. It is not clear to me why Apple would do this, as it runs opposite of their product marketing, and their business model does not obviously benefit from tracking the way the others do.

[ycombinator_acc]

But there are thousands big ones out there. Cloudflare, Cloudfront, Baidu, Yandex, Akamai, Tencent, Twitter, Yahoo, Disqus, Uber, Airbnb, Pinterest etc. Why bring up Apple and Netflix specifically?

[Fnoord]

Going for the high trees instead of low hanging fruit. Why? On average, larger impact.

There's Invidation addon to avoid Twitter/YouTube and redirect to Nitter/Invidious, and there's some addons to avoid CDNs such as Cloudflare / Amazon/ Akamai. There's also an addon to remove garbage in URLs such as AMP (I mean, wtf?).

If you want to avoid these completely, plus GAFAM, your internet (browsing) experience isn't annoying; it is broken.

I avoid Uber/Airbnb/Pinterest already (niches I don't care about) and Yandex/Baidu is not meant for my demographics.

[chipperyman573]

netflix is the N and apple is an A in GAFAN

[kelnos]

Probably because there are containerizer addons for Apple and Netflix, specifically, and not for the other sites you mention.

[StavrosK]

That's great, thank you!

[atombender]

Personally, I don't want to micromanage "containers" as a user. I truly don't understand why this is considered a nice feature. Who wants to micromanage anything?

What I want is for every web page to run in its own container by default. Zero configuration.

If it wants to access anything outside of its allowed domain hiearchy (like call an external API), I'd like the browser to ask for permission on its behalf. "Github.com would like to share data with Microsoft.com. Allow/Deny?"

There could be some kind of trust standard so that Github.com can prove that they are the same legal entity as Microsoft.com and is therefore authorized to share information without asking. Or perhaps something simpler that is DNS-based, like with email.

[richdougherty]

I use Temporary Containers for getting each web page to run in its own container: https://addons.mozilla.org/en-US/firefox/addon/temporary-con...

When I want to stay logged into anything I self-manage and create a named container. (This requires micromanaging but is at least opt-in.)

But the default of separate temp containers is great.

[cassianoleal]

I do the same. Have been doing it for a while now, and the internet still works but I get less creepy ads (when I do since I also block those as much as possible).

[johnisgood]

Is there a similar extension for Chrome/Chromium?

[richdougherty]

I don't think so.

[rolandog]

I don't want to sound dismissive of your proposal, it'd be great to have a more restrictive set of defaults to prevent tracking...

But just consider the automatic way a regular user clicks at any prompt that gets in their way out of habit...

I am guilty of this sometimes, even though I try to be mindful and always try to opt-out of tracking cookies, etc.

I think the system you're proposing has to have some sort of smart way to whitelist, either by granting temporary whitelisting with varying granularity (e.g. for this session, for 1 hour, forever ... Etc).

I think Privacy Badger (the add-on) has partially solved this (learning through counting how many times a tracker's domain appears on other sites), maybe this could applied in reverse: automatically whitelist after N approvals.

What do you think?

[atombender]

Whatever system is used, it would have to be low-noise, yes.

[sadfklsjlkjwt]

Try umatrix you could use it a little like this.

Sadly most sites use a lot of third party javascript, css etc so it will be a clunkier experience than you are hoping for.

[atombender]

That just sounds like more micromanagement to me?

[dorgo]

What is the difference to answering 10 to 20 "Allow/Deny?" question on each website? The website just won't work until you figure out which 3 of the 15 requests are needed to render the website properly. Most of these domains aren't "microsoft.com" but something like "gibberish123.net". Good luck guessing whether the request is legitime/usefull.

edit: sounds like another addon idea: find the minimal set of 3rd parties needed to render a website.

[mr_toad]

> find the minimal set of 3rd parties needed to render a website.

uMatrix tries to do this already with some third party scripts, but it’s a moving target.

[atombender]

You can eliminate most of those things based on general blacklisting rules for ads and beacons of the kind that adblockers currently rely on.

[groovecoder]

Note: we have an update coming that includes a "Limit to Designated Sites" feature in the base Multi-Account Containers extension: https://github.com/mozilla/multi-account-containers/pull/165...

[cptskippy]

> whenever I click a link on Gmail that goes to Github, Github opens in the Google container

Google intercepts clicks and redirects them through a Google Domain to track clickthru. If you're in Gmail and hover over a link it will show the actual destination but onclick your browser opens a mail.google.com URL that redirects to the destination URL.

[TheKnack]

This extension removes the URL intercept/redirect on Gmail and many other sites:

https://addons.mozilla.org/en-US/firefox/addon/skip-redirect...

This one handles the other situation, tracking parameters added to the URL that are intentionally passed to the target site:

https://addons.mozilla.org/en-US/firefox/addon/neat-url/

[mark_l_watson]

Thanks for the link. I just spent a few minutes looking at this extention’s creator’s github activity. Installing this will be my first todo list activity whenever I first use my laptop today.

That redirect always bugged me.

EDIT: I just noticed on the install page "This is not a Recommended Extension. Make sure you trust it before installing.Learn more" which is annoying.

[j1elo]

ClearURLs by Kevin R. is recommended by Mozilla, so maybe that's a better option:

https://addons.mozilla.org/en-US/firefox/addon/clearurls/

[wackget]

This is the real problem in my opinion. The URL shown in the status bar should always match the URL which is opened after clicking on the link. Anything else is deception.

I don't know how you'd enforce it at the browser level because obviously there are tons of legit uses for modifying a link on click... but it should be enforced somehow.

[roblabla]

What are legit uses for modifying a link on click? I've only seen that used for tracking.

[secabeen]

The classic use is after a site redesign or migration to a new domain, due to organizational name change, or whatever. You don't want to break all of the incoming links that are out there, but you want people to get to the page they were trying to reach.

[extra88]

That's handled by redirects with HTTP 301 messages, not JavaScript hijacking links on the referrer page, which is what Google search pages do.

[roblabla]

I might have badly expressed myself - I'm specifically talking about changing the link target in the link's onclick handler like Google does, such that the link target shown in the browser is different from the actual target.

[StavrosK]

It doesn't matter though, the tracking domain would run in the container and github outside it.

[bluGill]

I don't want google to know that I clicked on the link. That is sensitive.

[StavrosK]

Switch to an email provider that doesn't want to track you. You can be on Fastmail in an hour if you have your own domain.

[freeopinion]

protonmail did the oddest thing to me the other day. It sent an email to my gmail account to inform me that I had received an email at my protonmail address. I was stunned. The main point of having the protonmail account was to keep google out of my business.

Now I have to find a provider that doesn't leak in the dumbest of ways.

[spartas]

In protonmail, Settings → Daily email notifications → Disabled. No, I don't understand why that isn't the default setting either.

[bluGill]

I have used fastmail for ~10 years. However google still has far too many ways to track me.

[StavrosK]

Why are you worried about GMail's outgoing links if you're using Fastmail?

[Freak_NL]

Use a mail client like Thunderbird.

[cptskippy]

The browser have to intercept 302 redirects and javascript .location assignments, open safe locations in a different container. Would that be a new window or the same window but with container change?

In the former scenario you'd basically get 2 new tabs, in the later you'd have a tab represent two different containers based on where you navigate in history.

Either way it sounds unsavory.

[StavrosK]

Firefox already does what you describe. It's a new tab.

[stinos]

Apart from those 2 issues, a smaller annoyance but I really wish 'Reopen in Container' would just reuse the tab. At least I've personally not once felt the need to keep the original tab open.

[IanSanders]

I wish every domain could automatically be opened in an individual container. I don't even need to know about them.

[katet]

Ask and ye shall receive: https://addons.mozilla.org/en-US/firefox/addon/temporary-con...

I use this in combination with "normal" containers and it works a treat

[SAI_Peregrinus]

Same. The mix is IMO the best way to get privacy while keeping usability. It obsoletes things like cookie auto-delete.

There is some annoying UI lag when opening a new tab though, as it takes a fraction of a second to swap from default to a new temporary container.

[xenophonf]

I use this plus Containerise, but with recent updates to Temporary Containers, I don't think I need Containerise any more.

[Yhippa]

Just curious: is there significant overhead to running each domain in it's own container?

[0-_-0]

That's an existing Firefox feature called First Party Isolation. Here's a plugin that toggles it:

https://github.com/mozfreddyb/webext-firstpartyisolation

It sometimes (rarely) breaks payment processors but otherwise works fine

[markosaric]

There's also the privacy.firstparty.isolate in about:config which isolates each site.

[matsemann]

That would break a lot of stuff, though. And then I don't just mean "bad" tracking, but normal auth flows etc

[katet]

You're quite right - I have some trouble with "modal" popup windows and the Atlassian Single Sign On in particular with the temporary extensions tab. But I eventually figured out to copy and paste those URLs and manually whitelist them to a specific container tab

I wouldn't recommend it for family or friends, but I'm happy with the trade off

[pyr0hu]

There is a temp container extension that does exactly this.

[cypressious]

> The other major issue is that there's no way to have links outside those domains open outside the container, so whenever I click a link on Gmail that goes to Github, Github opens in the Google container and I always have to copy/paste the address to a new tab.

I had the same problem so I made a small extension that does that:

https://addons.mozilla.org/de/firefox/addon/container-outgoi...

[skrowl]

With the base multi account container extension https://addons.mozilla.org/en-US/firefox/addon/multi-account... you can right click in any page and have it remember the container for that domain. For example you open abc.com in container "Personal" once, then you can tell it do remember to use that container whenever you go to abc.com.

The Conex extension https://github.com/kesselborn/conex goes beyond by (optionally) prompting you for which container you want. The best part of this extension is that it lets you hide tabs that aren't in the same container, effectively giving you tab groups based on container. Once you get used to it, you won't want to go back to having 80 tabs displayed at once.

In addition

[StavrosK]

> you can tell it do remember to use that container whenever you go to abc.com

My problem with that is that, even if I do this, it doesn't remember it for foo.abc.com, and when I'm in the container, links to def.com won't open outside the container.

[untog]

I use Containise for that, it lets you set wildcards: https://addons.mozilla.org/en-US/firefox/addon/containerise/

[StavrosK]

Unfortunately that doesn't open other links outside the container :/

[sjagoe]

Temporary containers will do that https://addons.mozilla.org/en-US/firefox/addon/temporary-con...

All urls that are not "pinned" to a container open in a temporary container.

[addandsubtract]

> whenever I click a link on Gmail that goes to Github, Github opens in the Google container and I always have to copy/paste the address to a new tab.

You can right-click links and open them in a "New Container Tab" (including "No Container").

Edit: You can also right-click on the tabs and select "Reopen in Container"

[StavrosK]

Sure, but it's not as convenient as doing it automatically.

[dmit]

If you specify a catch-all url to open in No Container, would that work?

  !*.google.com , Google
  !* , No Container

[StavrosK]

Oh wow, that did work, thanks! It's odd, because the extension reordered the catch-all URL to the top, so I'm not sure how the specificity goes.

[wexxy]

I feel like that's probably by design. If you were in a session and clicking links, the assumption is if you're in the container already, you'd want to remain in the container. I don't disagree it would be nice for you to be able to specify domains per containers, but yeah, maybe that'll come in the future..

[StavrosK]

It's definitely by design, since the containers are meant to segregate accounts (e.g. a company container and a personal container), but a second mode would be useful since many people are using them for per-site isolation.

[darkwater]

I also miss the option to choose in which container open a new tab by default. I try to not use at all "container-less tabs" and it breaks keyboard-only usage.

[input_sh]

Couldn't agree more. Open default links in separate container + delete all data from this container would make the desktop experience like Focus on mobile.

[pbhjpbhj]

I guess following a link that goes to a different container will break session cookies, and such, which for some/most is going to be annoying.

[sylens]

Do containers sync across devices yet? Having to re-establish all of my container rules on my work and personal computers is tedious

[mozillamaxx]

Yes — We added it last month! (Mozilla Containers dev here.) See this blog post for more info: https://blog.mozilla.org/security/2020/02/06/multi-account-c...

[725686]

Sorry to bomb you like this, but I don't have the time/energy to find where to file a ff container bug: twitter.com never opens in it's designated container for me. That is the only site I always have to "Reopen in container".

[girzel]

Same here: that's the only site that doesn't work. I wonder if it has something to do with the post-login redirects: it's impossible to say "always open this site in this container", because you've already been redirected to a different url.

[extra88]

Works for me, maybe the issue is specific to the site linking to Twitter.

[StavrosK]

I just opened mine and got a notification that they can now sync, so it appears that they added it recently.

[SwiftyBug]

Do you know if there is any way one can configure a container to disable specific extensions?

[itwy]

Why you keep saying "built-in containers", it's not built-in, it's an add-on.

[sfink]

The core functionality is and must be built in. You can't do very much with it in that state, so Multi-Account Containers is an user interface to configure and access most of the user-facing functionality. Some of that can be enabled just by toggling a couple of about:config settings, though. And as far as I know, though, it doesn't have privileged access to container APIs, so you could replace it with other addons.

So whether it's more correct to be referring to the built-in functionality (including some of the UI elements), or the add-on, depends on exactly what you're talking about. And it's hard to distinguish.

[itwy]

I see, thanks for the clarification. I wonder why Mozilla didn't just ship the add-on. It seems far-fetched to think it was to make the add-on replaceable by another.

[sirmoveon]

Do you know of Firefox Multi-Account Containers?

[StavrosK]

Yes, those are the ones I'm talking about.

[sirmoveon]

You are right the user experience is chunky and not self explanatory. But what you are trying to achieve is possible. Play with the settings a bit. I have it in a way that if I type a domain that is assigned to a container, it will ask me first if I want to open it in its default container or a different one.

[Tomte]

That's not what he (and I and many others) are asking for.

The site linked to is not assigned to any container. It opens in the old container, while it should open in the default container.

[sirmoveon]

I'm just trying to help.

The idea of having a link clicked inside a container and expect it to go to a different container as a default setting, seems to contradict web standars. Now, if you've explicitly assigned the clicked domain to a different container, then yes, it should go to its container (which is how it works, to me at least).

[Tomte]

I'm simply explaining something you hadn't understood.

But I'm not aware of any "web standard" codifying container behaviour.

[StavrosK]

> seems to contradict web standars

But if I click a Google link, it already goes to a different container (the Google one), because I've told it to.

> Now, if you've explicitly assigned the clicked domain to a different container, then yes, it should go to its container

I am trying to assign "all non-google.com links" to open in the default container.

[comboy]

I use FF, I don't use FB, but I still think this is wrong. Browser is not a place to decide which companies are good and which are bad. As much as I despise Facebook I still don't think it's fair.

"I disapprove of what you say, but I will defend to the death your right to say it". All companies should have the same access to the technology in user's browser. Favoring Google by Chrome seems no different than blocking Facebook by Firefox. It's the same behavior, just a difference in opinions.

edit: to clarify, I am in agreement with the parent comment, the above is just about Facebook container being a feature

[StavrosK]

It's wrong for the browser to give me a way to containerize whatever domain I want?

[Ohn0]

At first glance, this seems to be pretty opinionated, with a hip 30 second commercial

https://www.mozilla.org/en-US/firefox/facebookcontainer/

[comboy]

Absolutely not, but you should be the one choosing the domain.

[StavrosK]

I am, Firefox doesn't do this by default.

[gpvos]

Facebook Container is an optional extension, not installed by default. And you can write your own extension for different domains. In fact, people have created several such extensions, such as Google Container, Temporary Containers, and others. It's true though that the Facebook Container extension is actively marketed by Mozilla.

[onyva]

Even it were true, which is not, Facebook had been anything but fair to its users (and non users) in case you didn’t get a chance to follow the news. Since Mozilla is all about user’s privacy and safety online and Facebook is such a huge menace than it actually makes sense to offer a targeted solution. But again, it’s just an implementation of a container, nothing specific to Facebook.

[sigzero]

He is not saying for the browser to do it automatically out of the box. He wants to be able to configure the browser with a list of domains. That is perfectly reasonable.

[jakelazaroff]

How is this tantamount to deciding which companies are good and bad? Mozilla have simply identified an extremely common way people are tracked online and are doing their best to contain it.

[comboy]

Same rules should apply to everybody. You should be able to decide some rules, even heuristics that can catch tracking across multiple sites and suggest user to disable it rather than pointing to entity and applying different rules to it than to everybody else.

[hobs]

No, they shouldnt. Everybody isnt the problem, its large scale privacy destroying services that are the problem.

Singling out facebook and google would absolutely be correct actions, and making it more obvious to users how to do that is a net good.

[matsemann]

FYI the facebook container is an addon one has to download and enable, it's not built-in.

[comboy]

That makes perfect sense then.

[majewsky]

You can set up containers for every domain you like. Facebook just comes as a predefined option because 90% of users are going to choose that domain anyway.

[babypuncher]

You realize Facebook Container is not part of Firefox, it's an extension you have to install yourself.

[Ascetik]

Define what you mean by "fair". It is Mozilla's (right) opinion that Facebook is a hugely corrupt corporation and entity, the technology itself doesn't just work on Fedbook, they just use Fedbook as their prime example.