[danShumway]

Firefox containers aren't meant to be a substitute for profiles, they're a middle layer of security between profiles and private windows. This is exactly what GP was talking about with "layers" of isolation.

Firefox also supports profiles; they have the same isolation as Chrome profiles with the added benefit that they can be stored anywhere on your harddrive, meaning that you can even encrypt a Firefox profile on an external drive and have your history/settings only loaded when that drive is mounted and unencrypted. I will agree that the UI could be a bit better (switching between profiles is cumbersome), but it's a somewhat minor complaint in the same vein as my complaint that containers require an extension to be user-accessible.

Firefox containers are for when you do want to share history/settings, particularly privacy extensions and browser settings, but you want to isolate data between tabs in a way that goes beyond total cookie protection (funnily enough also a feature that Chrome doesn't support) -- containers allow you to isolate cookies between multiple "instances" of the same site, set rules for when site information should be cleared, and they allow extensions to hook into that API in a way that cookie containers don't (to the best of my knowledge) support.

I'm not saying that I wouldn't like having the option to isolate more data with containers (extension settings would be welcome), but that's not really an issue with containers as much as it's just that I'd like Firefox to go even further with offering more granularity. It's annoying to make a profile and need to synchronize settings and extensions from my previous profiles.

> Chrome's extensions in general still have superior security (e.g., activate on click or only for certain websites), so sometimes different profiles aren't even needed.

I also want to throw out a quick objection here: Firefox supports Manifest V3 (extended to include adblocking power-features that Chrome has been removing) including website-specific permissions, optional permissions, and click-to-activate. It does not (as of now) require using Manifest V3, but I think their recent announcement about mobile extensions does require V3, so the writing is on the wall.

The lack of requirements is an issue, but if you're trying to build a sandboxed/secure extension, I'm not aware of any extension security APIs or settings that Chrome has that Firefox doesn't support. Site-specific activation I think works the exact same way. Short-lived background scripts are in there. I'd be curious to hear if there's anything missing. And of course Firefox allows users to disable auto-updating extensions as well.

[bad_user]

Firefox's profiles are next to unusable for me.

They are a hidden feature, and switching isn't easy (I know of about:profiles). On macOS, they also have window management issues, as the operating system regards different profiles as being entirely different apps, so quickly switching between windows doesn't work (and setting specific app icons isn't easy).

On extensions, everything that has to do with Firefox's profiles requires separate programs to be installed on the user's computer. For example, PWA SSB support, which is cool, but barely works: https://addons.mozilla.org/en-US/firefox/addon/pwas-for-fire...

---

On site-specific activation of extensions, I sure hope to see the option in Firefox. For the extensions that I have installed, it doesn't seem to work yet, but you're probably right that they'll implement it eventually.

[danShumway]

> On macOS, they also have window management issues, as the operating system regards different profiles as being entirely different apps, so quickly switching between windows doesn't work (and setting specific app icons isn't easy).

I understand the complaint but this is also sort of intended, right? Profiles are completely separate, they are effectively separate programs. They shouldn't be treated as shared context, they are effectively separate installations of the same program they can even be stored in different places on disk. So this seems like correct behavior?

Like, I get what you're saying, but it doesn't sound like your complaint is that profiles aren't encapsulated enough, it sounds like you want something less encapsulated and isolated than Firefox profiles. Of course you can't have an extension that manages your profiles without a separate application, extensions are completely isolated between profiles. Of course you can't share extension information between them, if Chrome allows that that's a weakness of their implementation.

I totally agree that the UX for profiles should be surfaced more (and I think that would be easy for Mozilla to do, a dropdown menu like Chrome offers would be enough). Containers themselves are hidden features in Firefox and I think that's a problem. I agree that profiles should be manageable without going to about:profiles. I'd be open for more isolation tools that sit between containers and profiles too.

But to argue that Chrome is offering more security here when from the sound of things Chrome has less profile isolation than Firefox sort of feels backwards to me. I doesn't sound like you want full isolation, what you want is a less secure version of Firefox profiles that sits between containers and profiles. That's fine, I think that's a completely reasonable ask -- but we should acknowledge that this is not the same as Firefox not offering isolation tools. Firefox does offer isolation tools, they work just as well if not (from the sound of your description) better than Chrome's tools do at actually fully isolating from each other. But it turns out that many users want profile-like tools that trade off some of that isolation and security in favor of greater usability.

The usability is an extremely reasonable complaint. But it just annoys me a little bit to hear someone saying that Chrome has more secure isolation for profiles if their complaints boil down to "Firefox isolates too well, and my OS doesn't ignore that isolation, and extension helpers don't ignore that isolation."