Each container inside Firefox has its own set of cookies, indexedDB, localStorage and cache
Working on Twitter simultaneously under work and personal accounts.Photo : Mozilla
Rumor has it that on some sites some users are writing under several accounts at the same time.They allegedly leave similar comments under different nicknames. Players of poker and other online games complain that opponents are playing as if in concert, as if agreeing to ruin the victim.
True or not, in the experimental build of the browser Firefox Nightly has just implemented technology that makes it much easier to work under multiple accounts at the same time. Now you don’t need to have several virtual machines or open several browsers: environment isolation is implemented directly between tabs!
Mozilla developers yesterday presented new feature Contextual Identities for the Firefox 50 Nightly browser.
Technically, environment isolation (containers) in Firefox is designed so that the user can easily separate their accounts by several areas. For example, personal, work, financial, shopping. Accordingly, when opening a new tab, the user immediately chooses which container it will work from.
The developers’ idea is that people can protect their sensitive data if they work on the same sites from different containers. That is, no sensitive data should appear in the search history for work that has to do with a person’s personal life.
Theoretically, this isolation of profiles increases the security of information. For example, all financial data and profiles are stored in a "banking" container. Thus, if you visit a questionable site from a private container, there will be no leakage of financial information through a possible XSS or CSRF attack. Additional isolation wouldn’t hurt at all here.
Each container inside Firefox has its own set of cookies, its own indexedDB, localStorage and cache, its own surfing history, etc. It turns out that if a site is open on a tab from a work container, it won’t be able to access the cookies from the private container. On the other hand, different tabs from the personal container will use the same cookies, cache and local databases.
By default, new tabs in Firefox Nightly open as usual, that is, as "shared" containers. To get an isolated environment, the user must manually open a tab inside an additional container. There are several ways to create a tab in a new container, including through the menu File – New Container Tab Now the developers are thinking of adding more ways to open a new tab inside the container, for example, A long press on the "+" key on the keyboard.
Currently available containers Personal, Work, Banking, Shopping. Each of them is marked with a different color: blue, orange, green and pink, respectively, to avoid confusion. The corresponding color bar is placed above the tab index.
For simultaneous work under several accounts it’s also convenient to give each container a separate IP-address (separate VPN), so that the site would not guess that multiple users belong to the same person. Perhaps future versions of Firefox will implement such a feature, it would be a logical continuation of the idea of Firefox containers.
Containers are sort of a cross between normal and private surfing modes in Firefox. As you know, in Private Mode When you exit the browser or close a tab all cookies, history and cache are completely erased, so that every time you start working from scratch.
Keep in mind that some sites do not allow you to have more than one account. For example, this is indirectly forbidden on "Habrahabr" rules. (revised May 16, 2016).
Here’s a list of things you shouldn’t do on the resource.
Create virtuals It’s always nice to talk to an intelligent person, but it’s not a good idea to create additional accounts for this purpose and scoop karma and votes for posts from them.
As always, any experimental technologies are first tested by Mozilla in Firefox Nightly and then based on the users’ feedback we refine them, fix bugs and very often make them ready for the stable version of the browser.
In this case, a wide public discussion is expected, because the topic of authorization on sites with multiple accounts from one browser has been discussed for a long time : see Mozilla Blog Discussion from 2010 and article from 2013 for the IEEE Technical Committee on Security and Privacy Protection, again from representatives of the Mozilla organization.
There are several problems to be solved, including determining how clearly and reliably users distinguish containers from each other, whether they confuse them. Another question is how to solve situations where a user mixed up their contexts and entered their account from a different container, should we implement a rollback feature for the database and cookies to correct the mistake? Basically, the user’s data has already leaked, so such a rollback only gives a falsesense of security, maybe it shouldn’t need to be implemented.
The third question is whether the browser should tell the user in which context, that is, in which container it is best to move a new tab and a particular site, so that users don’t have to do all the container management work themselves? If the browser is supposed to help, what heuristics should we use to do that work?
Mozilla is hoping for help and tips from the community in discussing these issues.
You can give your opinion about the containers now by filling out short questionnaire
If all goes according to plan, the Contextual Identities containers could appear in the stable version of Firefox 50, which is scheduled for release tentatively fall 2016 But the developers believe the containers should still be further tested. Containers will not be included by default in the next version of Aurora/DevEdition 50. A more detailed study on volunteers is planned for fall 2016 on Test Pilot
In any case, you can always disable containers. Right now in Firefox Nightly this is done in
about:config via the setting
privacy.userContext.enabled (you must set
Mozilla hopes the new feature will be useful to people who used to have to run a second browser or multiple virtual machines. Now they have no reason to quit their favorite Firefox.
It should be kept in mind that it is still possible for sites to identify individual users who use different accounts. For this purpose, fingerprinting techniques are used, i.e. making a "fingerprint" of the system based on a combination of several characteristics: OS version, browser user-agent, set of installed fonts, IP-address and many others. Recently, sites have started using more advanced techniques. to track users : finerprinting by rendering of the Canvas , via Audio API , by revealing the real IP address through WebRTC Local IP Through a list of installed fonts by Canvas-Font The best effect is a combination of all these methods. On the specified links are listed sites from among the most popular sites of the Internet where the corresponding scripts for latent fingerprinting work.
So for more reliable anonymity, it is better to access sites through a network of anonymizers using Tor browser It is also desirable to use Tails operating system , which is originally configured for a secure Internet experience. This particular Linux distribution used to be used by Edward Snowden.