Hacker News new | ask | show | jobs
by ravenstine 1010 days ago
Cool idea! I don't really picture myself using this, but I think this add-on is a great example of how great a browser Firefox is. I'd be the first to critique Mozilla, and there are definitely things about Firefox I don't like (ex. Pocket, telemetry on by default), but overall I think it's an amazing product in that it allows for multiple levels of isolation (profiles, containers, private mode) and a level of control over them that Chromium either doesn't do as cleanly or doesn't do at all. As an aside, the only thing I think Chromium does better is the debugging experience; I don't truly understand why Firefox thinks it shouldn't support debugging Node.js like Chromium does.
1 comments
matusfaro 1010 days ago
> it allows for multiple levels of isolation

Yes! Chrome has a visually similar functionality to Firefox Containers hidden away behind a feature flag [1] at the moment. BUT under the hood it's simply just tab grouping with no isolation. I presume isolation is against Google's interests so we will never see this kind of feature.

As for Firefox's API, the Contextual Identities API [2] that allows you to create/delete containers is amazing and easy to work with as a dev. And it works out-of-the-box, it doesn't need the companion addon Multi-Account Containers (MAC) [3] which really should've been part of Firefox in my opinion.

1. chrome://flags/#tab-groups-save

2. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

3. https://addons.mozilla.org/en-US/firefox/addon/multi-account...

link
bad_user 1010 days ago
Firefox's containers are useless for privacy, given other enhancements of Firefox (e.g., Total Cookie Protection). And as far as "isolation", privacy or security are concerned, Chrome's profiles are actually superior due to ability to have different extensions and history per profile. Chrome's extensions in general still have superior security (e.g., activate on click or only for certain websites), so sometimes different profiles aren't even needed.

Chrome's Profiles are also remembered when you "install an app" (SSB/PWA), so you could have "apps" started in their own profiles.

Firefox's containers are only useful if you want multiple logins to the same service in the same browser window. But I never found that usecase to be very compelling.

Firefox's containers are an often lauded feature, and I don't understand why, given the integration issues or general awkwardness. It's probably a reminiscence of the "Facebook container" extension, which was a bandaid until better site isolation was implemented.

link
roldie 1010 days ago
A counter anecdote is that I have the exact opposite use case. I don't share my computer with other users, so I've never needed something like profiles. Firefox containers are great for keeping different sites, especially those notorious for tracking (e.g. Amazon, Google, LinkedIn) completely isolated from each other or from general browsing. Plus, the extension that allows for creating temporary containers is great for one-off visits to e-commerce sites without needing to switch to a new private/incognito window. I'm not sure I've ever wanted my extensions isolated by container/profile, that seems like it would hinder productivity. Same for history. It's great having all my history commingled, especially if I want to find something from 30 tabs ago.
link
bad_user 1009 days ago
> Firefox containers are great for keeping different sites, especially those notorious for tracking (e.g. Amazon, Google, LinkedIn) completely isolated from each other or from general browsing.

That was exactly my point; you're using Firefox's containers for privacy, and it actually doesn't help, at least since they deployed "Total Cookie Protection" by default:

https://blog.mozilla.org/en/products/firefox/firefox-rolls-o...

Note that other browsers have implemented similar strategies, notably Safari and Brave:

https://brave.com/privacy-updates/7-ephemeral-storage/

Also, blocking 3rd party cookies in Chrome is decent enough, as Chrome also does cache and network partitioning. The problem with blocking 3rd party cookies is that it breaks some websites, which is why something like "Total Cookie Protection" is a better strategy.

link
danShumway 1009 days ago
> That was exactly my point; you're using Firefox's containers for privacy, and it actually doesn't help, at least since they deployed "Total Cookie Protection" by default:

It does. Total cookie protection isolates per-site. What containers allow is for you to say, open a single review site in two different containers, and click on an Amazon link on that review site and not have the same Amazon cookies shared when you do so. It also allows you to very easily set per-site clearing settings for those 3rd-party cookies rather than relying on more cumbersome browser settings.

Total cookie isolation is a great feature but it's a very passive feature with very defined boundaries. Yes, your FB tracking cookies get isolated to the 3rd-party site requesting them. But when do those cookies get cleared, how do they get shared when browsing the same site? It's not just about saying "I want multiple Facbook logins at the same time", it's also about saying "I want this browsing session to be isolated even if I'm revisiting a site that has 1st-party cookies set, even if I'm loading 3rd-party cookies via a domain I've already visited."

By the logic you're supposing, private browsing windows themselves didn't have a purpose after total cookie protection was launched. But being able to fully segment site data by an arbitrary boundary beyond just domain boundaries is useful, and being able to set custom rules including (as this extension demonstrates) even custom proxy rules for how data within that boundary gets treated is even more useful.

link
stonogo 1010 days ago
Firefox has profiles too. Containers are for use within a profile. You keep saying that containers aren't useful but you don't elucidate on how they are useless for privacy or what integration issues exist. I don't know how to interpret 'general awkwardness.' Can you fill in some details?
link
bad_user 1009 days ago
On the usefulness of containers for privacy, I wrote another comment here: https://news.ycombinator.com/item?id=37477425

A problem I have with containers is one of usability, as they have integration issues. For example, when searching for open tabs (`%`), the container-enabled tabs don't get displayed.

link
madacol 1009 days ago
Agree, though different profiles are a pain to use, I have to rely on the shell

   firefox -P profile2
link
remram 1009 days ago
You can use about:profiles to open profiles in new windows by simply clicking a button.
link
matusfaro 1010 days ago
> Chrome's profiles are actually superior due to ability to have different extensions and history per profile

Interesting attack vector I haven't thought about which could leak information out of a network-locked Firefox Container. It would be under an assumption you have either:

1. A malicious extension installed (you have a much worse problem in this case)

2. A side-effect of an existing extension that leaks information to the outside world. (e.g. translate a part of a page, lookup a word in a dictionary, pre-fetch some images...)

> Firefox's containers are only useful if you want multiple logins

I think there are valid use cases for both Containers and Profiles. You can go down the list to have more and more isolation as needed:

- Grouping tabs to stay organized, no isolation

- Firefox containers, same browser window, shared history & extensions

- Chrome profiles, almost complete isolation within same browser (different processes)

- Separate browser instances

- Separate devices

link
bad_user 1009 days ago
On extensions, for example, I use LanguageTool [1], which is similar to Grammarly. It could be configured with a local server, although I have a “premium” account which sends data to a 3rd party server. I trust this extension to verify my messages on HN, but I can't trust it to have access to my banking account. This is an example of a really useful extension that I'll never be able to fully trust because it has access to all websites, and it sends all that I write to another server.

In fairness, Firefox's advantage has been that Mozilla has a trustworthy manual review process for the “recommended” extensions.

[1] https://languagetool.org/

link
danShumway 1009 days ago
Note that languagetool doesn't need to request <all_urls> as a required permission, it could request hosts in optional_permissions (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...) or (likely better) it could use activeTab permissions since it really shouldn't have access to your HN page until you invoke it anyway. The MDN docs even bring this up as an example scenario:

> The extension may need host permissions, but not know at install time which host permissions it needs. For example, the list of hosts may be a user setting. In this scenario, asking for a more specific range of hosts at runtime, can be an alternative to asking for "<all_urls>" at install time.

What we're waiting on I think is for Mozilla to get rid of the ability for extensions to opt out of this system, because I think one thing we've learned from extension permissions is that most devs are lazy and will just request the broadest permissions allowed if they have the option to do so.

One thing I'd really like to see extended is for "trusted extensions" that have gone through manual review to have a harsher standard applied to them by reviewers about what permissions they really need to request. I would love to see Mozilla pushing back a little on extensions like Languagetool and having reviewers ask "why aren't these permissions optional?" I feel like it's a little bit irresponsible for Mozilla to put its signal of approval on extensions that are over-requesting access beyond what's necessary even if those extensions aren't currently abusing that access.

link
danShumway 1010 days ago
Firefox containers aren't meant to be a substitute for profiles, they're a middle layer of security between profiles and private windows. This is exactly what GP was talking about with "layers" of isolation.

Firefox also supports profiles; they have the same isolation as Chrome profiles with the added benefit that they can be stored anywhere on your harddrive, meaning that you can even encrypt a Firefox profile on an external drive and have your history/settings only loaded when that drive is mounted and unencrypted. I will agree that the UI could be a bit better (switching between profiles is cumbersome), but it's a somewhat minor complaint in the same vein as my complaint that containers require an extension to be user-accessible.

Firefox containers are for when you do want to share history/settings, particularly privacy extensions and browser settings, but you want to isolate data between tabs in a way that goes beyond total cookie protection (funnily enough also a feature that Chrome doesn't support) -- containers allow you to isolate cookies between multiple "instances" of the same site, set rules for when site information should be cleared, and they allow extensions to hook into that API in a way that cookie containers don't (to the best of my knowledge) support.

I'm not saying that I wouldn't like having the option to isolate more data with containers (extension settings would be welcome), but that's not really an issue with containers as much as it's just that I'd like Firefox to go even further with offering more granularity. It's annoying to make a profile and need to synchronize settings and extensions from my previous profiles.

> Chrome's extensions in general still have superior security (e.g., activate on click or only for certain websites), so sometimes different profiles aren't even needed.

I also want to throw out a quick objection here: Firefox supports Manifest V3 (extended to include adblocking power-features that Chrome has been removing) including website-specific permissions, optional permissions, and click-to-activate. It does not (as of now) require using Manifest V3, but I think their recent announcement about mobile extensions does require V3, so the writing is on the wall.

The lack of requirements is an issue, but if you're trying to build a sandboxed/secure extension, I'm not aware of any extension security APIs or settings that Chrome has that Firefox doesn't support. Site-specific activation I think works the exact same way. Short-lived background scripts are in there. I'd be curious to hear if there's anything missing. And of course Firefox allows users to disable auto-updating extensions as well.

link
bad_user 1009 days ago
Firefox's profiles are next to unusable for me.

They are a hidden feature, and switching isn't easy (I know of about:profiles). On macOS, they also have window management issues, as the operating system regards different profiles as being entirely different apps, so quickly switching between windows doesn't work (and setting specific app icons isn't easy).

On extensions, everything that has to do with Firefox's profiles requires separate programs to be installed on the user's computer. For example, PWA SSB support, which is cool, but barely works: https://addons.mozilla.org/en-US/firefox/addon/pwas-for-fire...

---

On site-specific activation of extensions, I sure hope to see the option in Firefox. For the extensions that I have installed, it doesn't seem to work yet, but you're probably right that they'll implement it eventually.

link
danShumway 1009 days ago
> On macOS, they also have window management issues, as the operating system regards different profiles as being entirely different apps, so quickly switching between windows doesn't work (and setting specific app icons isn't easy).

I understand the complaint but this is also sort of intended, right? Profiles are completely separate, they are effectively separate programs. They shouldn't be treated as shared context, they are effectively separate installations of the same program they can even be stored in different places on disk. So this seems like correct behavior?

Like, I get what you're saying, but it doesn't sound like your complaint is that profiles aren't encapsulated enough, it sounds like you want something less encapsulated and isolated than Firefox profiles. Of course you can't have an extension that manages your profiles without a separate application, extensions are completely isolated between profiles. Of course you can't share extension information between them, if Chrome allows that that's a weakness of their implementation.

I totally agree that the UX for profiles should be surfaced more (and I think that would be easy for Mozilla to do, a dropdown menu like Chrome offers would be enough). Containers themselves are hidden features in Firefox and I think that's a problem. I agree that profiles should be manageable without going to about:profiles. I'd be open for more isolation tools that sit between containers and profiles too.

But to argue that Chrome is offering more security here when from the sound of things Chrome has less profile isolation than Firefox sort of feels backwards to me. I doesn't sound like you want full isolation, what you want is a less secure version of Firefox profiles that sits between containers and profiles. That's fine, I think that's a completely reasonable ask -- but we should acknowledge that this is not the same as Firefox not offering isolation tools. Firefox does offer isolation tools, they work just as well if not (from the sound of your description) better than Chrome's tools do at actually fully isolating from each other. But it turns out that many users want profile-like tools that trade off some of that isolation and security in favor of greater usability.

The usability is an extremely reasonable complaint. But it just annoys me a little bit to hear someone saying that Chrome has more secure isolation for profiles if their complaints boil down to "Firefox isolates too well, and my OS doesn't ignore that isolation, and extension helpers don't ignore that isolation."

link
throwaway67743 1010 days ago
Umm, yes, yes it does - they're also called profiles and work the same way.
link
vorticalbox 1010 days ago
Firefox really needs to release containers for mobile.
link
matusfaro 1010 days ago
The Contextual Identity API indicates that it's supported [1] in Firefox for Android so will need see how usable it is. I was planning on testing my extension on Android soon.

Looking into it more, there is an open request to complete the work in Android Firefox [2] and also to make the MAC extension for Android too [3]

1. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

2. https://bugzilla.mozilla.org/show_bug.cgi?id=1807456

3. https://connect.mozilla.org/t5/ideas/multi-account-container...

link