Mozilla advertise their container feature/addon wrongly as a cure against Facebook tracking, in my guide I will explain you in detail why this is wrong and what the Container feature really have to do with ‘increasing your online privacy’.
What are Containers and how can they protect you?
First of all, Containers itself won’t protect you, what it basically does is to use Firefox recently integrated tab/process isolation mechanism in order to separate each new tab/window from each other in order to reduce the attack surface by 90%. This means each Tab gets it’s own resources.
Multi-Account-Containers is an addon which compliments Firefox isolation mechanism. The Container addon indicates which Tabs (or more than one) are running through a special Container which isolates the rest of the Tabs or other Containers from each other, you see each tab or group visual with a color indicator.
So overall spoken you don’t need to open, install or use any other portable Browsers (multi-Browser strategy) in order to isolate your browsing habits.
The following example explains to you how to use Firefox containers alongside temporary containers to increase your privacy while you are browse browsing. In my guide, we’re going to be using the official Firefox Multi-Account Containers addon, as well as the Temporary Containers addon by Stoically. The second addon is in order to remove the tab content after we’re finished automatically, it compliments the Multi-Account Containers addon.
Once installed, go to the Addons page in Firefox and find the Temporary Containers addon, and press its Options button in order to make the needed configuration changes.
Keep in mind that a lot of options are already set to the ‘best’ settings based on your Browser version, I list them anyway in case you want to verify and check those settings e.g. while you upgraded Firefox.
- Automatic Mode: On
- Notifications when Temporary Containers are deleted: Off
- Container Number: Reuse available numbers
- Delete no longer needed Temporary Containers: After the last tab in it closes
- Always open in new Temporary Container: Disabled
- Allow to load in Permanent Containers: Off
All other settings on this page should be set to “Use Global”.
All settings on this page should be set to “If the Navigation Target Domain does not exactly match the active Tabs Domain (Subdomains also get isolated)”.
All other options are a matter of taste and you can configure them like you want.
Open new Temporary Containers if a Permanent Container Tab tries to load a Domain that isn’t assigned to “Always open in” in that container: Disabled
These options among the cookie options/exclusions are optional, I not going to show them here because this is really from user to user different, basically you archive the better result when you work with a whitelist, so disable Cookies globally in Firefox and then allow them on a ‘per-site’ basis, means add exclusions yourself manually.
The context menu options given are also by default, okay and it’s up to you if you like to change that or not.
Configure your Websites + logging
The addon configuration is done and it’s time to go ahead and set your most used websites into their own containers. Look for the container button on the top right of your browser. You see several colors and an option to name each container how you want like eg. Google, or Business, Work, Home etc.
The little addon button allows to quickly access the container tab which allows you to set categories. I suggest you set up a category for each site but you also can create groups, this is not really a big deal. It’s depending if you have multiple accounts, your own preferences or if you like to ‘hide’ each tab from another one.
Once you assign a site to a container, the site will be loaded inside this given container, however, if you leave that site’s domain, a new temporary container will be loaded instead of using the previous container (you’ll see tmp1,tmp2,etc), see below for a short demonstration:
Google and other pages, use a different sub-domain when authenticating users and allowing them to log in. This behavior is because this sub-domain isn’t part of the container of the parent domain, the container doesn’t realize that it’s the same person attempting to log-in and in effect, anyone using containers without adding the subdomain to the appropriate container will be found in a loop. In order to correct this we simply need to add the login sub-domain to the same container we created for the parent domain. You can also (optional) install Google Containers addon.
The second addon we’ve installed correct this behavior, Temporary Containers, in addition, allows you to isolate and deleting your Browser hisotry on an automatic process.
Keep in mind:
- Containers aren’t available in Private Windows.
- There planned features in Container Feature.
- about:preferences#containers gives you several option to tweak Firefox Container function.
- Multi-Account Containers has a bugtracker, ensure you check them out before you report an issue.
- Containers don’t integrate or take care of HSTS or OCSP when you create e.g. Google login containers, this is by design and the reason why you ‘need’ temporary Containers (as explained above).
Why does Chrome have not a similar extension?
Chrome doesn’t offer such an extension even if it comes also with a tab isolation feature because you can work with different profiles (guest profiles). Besides the fact that Containers won’t prevent any tracking by itself they see it as a feature which is not of importance.
SessionBox works in an abstract way like this, it tries to isolate online accounts from each other in order to prevent tracking on other opened tabs but it’s not the same.
Containers are a good function, however, it’s questionable if it prevents anything at the end, just because you delete the cookies and other traces at the end after you close one Tab doesn’t mean you have more control over tracking. It simply reduces the attack surface. It might help if not like to work with multi-Browser strategies or more than one profile at the same time, but you should be warned that it won’t protect you against all things like social engineering, XSS and other well-known attacks and tricks in order to get your logins, etc.
Since the function can be bugged it gets my partial recommendation. It simply takes more work in order to bring this function for everyone on a more stable level. I still suggest using Tor Browser instead in case you need more security or at least a VPN while using the Container function. I moreover see this function as a step into a right direction to avoid cookie leftovers after you’re done Browsing but none of this would be needed in Mozilla would finally decide to kill the useless ‘Private Mode’ and deliver ‘security’ by default on a maximum level for everyone because then every cookie would be anyway deleted after you close each tab but this is sadly somethin which some people don’t understand and a lot of people giving up because it’s ‘too complicated’ for them and this might prevents Mozilla or others to release a better overall secured Browser because mostly you need to configure or re-adjust things in order to not break every site with a login.