I use Firefox multi-account containers[1] extensively, it's honestly the primary reason I use Firefox these days. The big win for me is that I _hate_ having to use the Google account switcher, so I basically set up a container for each Gmail account (work, personal, old email, etc).
The nice bonus feature is you can have certain sites default to containers. I had a paid YouTube account for a while, for example, so having any YouTube link open in my personal account was nice for not getting hit with ads on initial click due to my default Gmail not being the right one.
There's also a plugin[2] that will make any new tab default to whatever the first tab listed is. Really great for if you want to have a whole browser window dedicated to one container.
Also adding to this - you can set up container-specific proxies with "Container proxy" addon. This is great for when you want to ensure your connection is going over a private network, for instance if you have a regular torrent website (or porn or whatever) - you can configure it to automatically open in a container, like this Facebook addon - but when it opens - it will only connect to the endpoint over a proxy. If you're not connected, it fails.
Works really well with Mullvad which has a SOCKS proxy setup only available when connected.
Great for work connections too, I've setup all work/business websites to auto-open in a "work" container which I've created a local bridge proxy for to ensure my work connections are always over the corporate VPN.
This is also really good if you consult or work with many customers - you can start to build a catalogue of containers with specific settings for those customers.
Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon).
Be careful doing this though, there's a reason Tor Browser exists and it is because it's very hard to do anonimity over Tor right on a default browser.
Granted, Tor tries to upstream as much as it reasonably can to FF, but there's still large differences in defaults that could give away (some bits of) your identity.
"Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon)."
This is my every-six-months wish/rant on this subject ...
What we need is the ability to 'jail' a GUI browser process.
It is too resource intensive to spin up an actual virtual machine to run a browser window/tab. However, a facility like 'jail' (or zones or, perhaps even Docker) that simply chroots a new process with its own network interface, etc., does not have any of that expense.
It really is just a fancy chroot and the expense is limited to the overhead of just the process you're running.
If you could 'jail' a GUI application, you could have a browser window that was not merely its own cookie domain or history domain, but that was on an entirely different network and it's own chroot.
I use the same setup (mullvad + container proxy) and can't praise it enough. I just keep a mullvad connection open on my router and only route the proxy IPs through it.
Great for all kinds of silly GeoIP restrictions, too - in my part of the world, homedepot.com just spits out "access denied", a foodnetwork.com recipe you find in search results just redirects you to the tudiscovery.com homepage, etc.
>"I just keep a mullvad connection open on my router and only route the proxy IPs through it.'
I'm interested in your setup. Do you configure your router to have a point to point tunnel with Mullvad then? I didn't know this was a thing. Do you then just have a separate container proxy for each GeoIP region you want to access?
I have a Unifi USG, which has a third party wireguard addon, though of course OpenWRT could work just fine. You setup a wireguard tunnel normally, but disable the default routing (on a Unifi, set route-allowed-ip false), and then explicitly add a route for 10.124.0.0/16 through the wireguard interface. The mullvad servers page[1] has socks 5 proxy addresses for all of their servers - assign one to a firefox container and you're all set. No reason you couldn't have a container for each geographic region you want.
For Geo-IP, unfortunately unless you have some sort of automation to reconfigure the OpenVPN settings on your router - this will only work with 1 configuration. They may be alluding to using the VPN to connect to another country where they're not getting weird as fuck redirects and shit content.
Although just as I wrote that, I'm expecting a dd-wrt/browser addon will probably support this somewhere - or at least as a script on Linux.
Container proxy plus a putty socks tunnel over SSH through a pinhole firewall rules to my work linux system is my preferred poor man's work VPN. One main benefit being that allowing the non-VPN traffic to handle the video meeting works way better.
I just discovered Mullvad (just a VPN provider) and for some reason, they don't have "English" in the list of languages available for their site.
So they redirected me to the Dutch version because I'm in a nominally Dutch-speaking region, and I had no option to get it in English. I had to go with half-translated French until I noticed that I could replace the "fr" in the URL with "en", and actually get to an English-language website.
The region-based redirection was annoying enough, and the half-assed translation job was expected, but not even providing an easy way to get back to English is really idiotic.
I still wish I had some kind of system that would automatically use a connection in the right country for geoblocked content. For now I just use SSH proxies to (my own) strategically located servers combined with Firefox Containers and Container Proxies, but it's all manual.
Just checked it, and English is 4th option in the language switcher on the bottom of the page.
Also, it seems to be using browser's preferred locale, not the IP region. So, it looks like that changed, too.
Google, on the other hand, is just as bad as you described. Geo-based localisation, lots of clicks to change the language (or ?hl=en, once you learn about it).
Looks like you're right, but unfortunately the select is cut for me[0] because my screen is not big enough.
Since the list is not alphabetically ordered (it actually is, but with the English names, not the displayed names) and it shows no scrollbar, it wasn't obvious there would be other countries up there.
As for language, maybe Google itself chose to send me to the Dutch version. Despite all my attempts, I still cannot consistently get Google to use the language I want (apart from manually choosing it by directly visiting Google with the right hl= first, indeed). Right now Google.fr seems to be in English and offering me the three languages of Belgium, for some reason.
What I've been doing was to set up a browser profile (local) for each main context. If I have a set of work accounts (google, github, etc.), I have a 'work' profile for it. This isolates all cookies related to 'work' at once, as well as bookmarks, saved tabs, extensions, and settings. It's a total context switcher.
Profiles definitely have the basic functionality, but I like to keep all my extensions the same across my containers, and it's also easy to set up rules such that a certain site will always open in a certain container. You don't have to think about it at all.
I want my extensions to share the base configuration but have some different settings in different contexts.
Like, allow some tracking & advertising for "shopping" container, but block it otherwise. I don't mind having a special self-curated image where my in-scope browsing is tracked and analyzed. Now, I just have a separate browser (Chrome) for this - because it's more straightforward and less error-prone.
Or a sandbox development & local resource management profile where nothing but localhost and LAN addresses are allowed. And then block such access for any other profile - for security reasons.
Or allow, let's say, Grammarly extension on a few selected websites (like HN), where all I write is public and I would benefit from machines aiding my writing without any privacy concerts, but don't give it any chance to see my private correspondence.
Unfortunately, that's not possible with containers, and profiles are quite cumbersome.
I'm also doing this in chrome. I have about 5 different profiles, aliased to things like `chrome-work`, `chrome-personal`, `chrome-dev', etc. I would love to use FF, but iirc FF doesn't provide something like `firefox --profile=someIdentifier` that opens a new window in my desired profile.
edit: Apparently this is bad info. I'll have to give it a try again.
There's also a firefox-bin. Anyone know what the difference between firefox and firefox-bin is nowadays?
I believe that in the far past firefox-bin was the firefox binary, and firefox was a shell script that would do things like notice you already have a firefox-bin instance open and signal it to open a new window rather than launching a new firefox-bin instance.
But nowadays, firefox and firefox-bin seem almost the same. On the current release version on Mac, for example, both are binaries, with firefox-bin 40320 bytes and firefox just 16 bytes bigger.
Info.plist in /Applications/Firefox.app/Contents gives firefox is the executable to run. I'm not sure what role firefox-bin has now, if any.
Grabbing the source and building it myself results in firefox and firefox-bin matching.
I used to always include `--no-remote` here but it seems `firefox -P <profile>` now works, too, even when another Firefox instance is already running. Is anyone experiencing the same?
Tooting my own horn :). Session Boss [1] saves the container information as part of the session and can restore the tabs in their respective containers. I use it to maintain multiple Gmail accounts and other email accounts in different containers.
The add-on page for this says it was last updated in June 2019. Just wanted to check if it's still compatible and has no issues with all the changes in Firefox for more than a year now.
Still works fine. I have a large pending change which is risky and I want to do more testing before releasing, but got busy with other stuff and no update has been pushed out for a while.
Along with the Facebook Container I use multi-account containers to keep a Google, Microsoft, and Amazon container as well. I included all of their children companies in the parent containers (like GitHub in Microsoft, YouTube in Google). It's sobering seeing how much of the internet shows up in one of these four containers.
Temporary containers has a plethora of settings for when to open a new container. For example, I have a rule enabled that will open links in a new temporary container when they leave the current one. That's a terrible explanation, so let me give an example to make it clear:
- I have a GitHub container
- github.com and gist.github.com are set to always open in the GitHub container
- Say I am currently browsing github.com in the GitHub container.
- If I click a link to a domain other than [gist.]github.com, instead of navigating my current tab to that url, the url will open in a new tab & new temporary container
This is more powerful than simply persisting cookies from github.com -- I'm keeping GitHub's cookies, but only in the github container. It's almost like first party isolation, but a little weaker (unless you enable the setting where any link to a different domain will open in a new container), and I have the ability to group sites that would break with 1st party isolation by opening them in the same container.
I agree, your description is more why I like it -- the only websites that get to save any state are the ones I pick to open in specific named containers and which I also specifically granted permissions to with uMatrix (RIP).
Everything else opens links in a new container with the hope to make it as close as possible to looking like a different person clicked that link. I know it won't work that well since the IP doesn't change nor the user-agent, but at least it helps with the most lazy tracking.
I share the same goals; thanks for the succinct description.
Discussion upthread made me interested to see whether I can route temporary containers through tor, to make this protection stronger — see https://news.ycombinator.com/item?id=24853320
It's not super high on my list of priorities though, probably won't get to it for a month or two.
Oh, that'd be very neat if it made separate container tabs look like different tor sessions. Very clever! I suppose there's little short of that which would stand a real chance of working...
I used to have 4 or 5 profiles for firefox for various accounts and situations and containers let me leave all that mess behind. It's pretty awesome and I wish more people knew about it. It's one of the things I bring up to privacy oriented and people who need a lot of different logins.
I run big fleets, 100s of hosts 1000s of containers in most AWS regions. Most of the control plane is automated, but when that breaks, or there are issues in the data plane, I might log into read logs, look at metrics, force scaling actions, or just general investigation tasks.
I also use different accounts for permissions boundaries. Data shared between multiple teams might go in one account. The apps can access the data but maybe the interns can only access the app account while the SR. Eng(s) + current oncall have full read only access to the data for investigation. A second RW-Data oncall might have access to the DB account in each region. Ever data storage account also has a limited access cross account Data replication/backup account.
+ I help people out. 'Can you look at this? . . .'
In the end, there are account specific errors that can be caused in your infra, IAM rolls, keys, throttling, malicious access that are easily prevented with least access in per account buckets. So I end up with multiple accounts in each region.
It's not that unusual to use separate AWS accounts as blast-barriers. I.e. they contain the damage that might occur due to a leak etc. I typically use 2 (prod & non-prod) for each major product/offering, plus a centralised one to manage policies, billing etc for all the sub accounts. They add up pretty quickly.
Similar to OP you're replying to, I use Firefox Containers to open separate accounts to open independent windows from my Identity Provider when I need to be in more than one account at a time.
AWS credits? You can get a bunch of free credits for each account, and then build an abstraction around boto3 to make 20 accounts look like 1 account to you.
meh, compute cost almost always costs less than dev time. I use multiple accounts for separation of duties, cost, access, and blast radius. Most services I run blow through the free tier in minutes.
I do have scripts that spin up accounts as needed and I just have a bucket for 'free Tier account access ending' emails.
All tabs opened in private windows share the same "container", which gets cleared once you close the last private tab. With temporary containers, all your tabs are in independent containers.
Private tab? Do you mean private window? Or is there some other feature/extension?
The temporary containers extension is creating a temporary container with each newly opened tab. It uses same container for tabs opened from existing tabs.
I just recently discovered a tip that finally made Firefox multiple windows usable. When you want to restart the browser and save tabs across all windows, you use Quit command from menu (or Ctrl+Q) and not the window X button (Alt+F4).
Ctrl-shift-n will reopen a closed window (with all the tabs it had) just like ctrl-shift-n will reopen a closed tab. Try it a few times after closing multiple firefox windows with multiple tabs each if they don't come up automatically on start.
Yes, my mistake. That's pretty obvious in context what I meant to someone that already knew it, but that doesn't help those that didn't know about that feature, so thanks. :)
Where I'm contracting now didn't want my account added to their org because it's not a profile picture of me. As the public facing stuff of the account is my personal stuff, I don't want someone else to tell me how it should be. So a new account for this customer it is..
We actually discussed this for quite a while at work when I pushed us to start contributing to open-source. Mostly it came down to the fact that TfL wished me to keep my work-life and personal-life separate to keep things simple. Reading that back, it doesn't sound so crazy.
I wish they didn’t do that. Or preferably, I wish they had native “containers” for work and personal repos.
Explore is one of my favorite features and now it’s crowded with work related suggestions. It makes it harder to separate the personal/professional persona and interests. This problem also manifests in notifications. I want a clear separation so I can focus on my personal life after work.
I’ve thought many times about creating a separate account.
Do you use windows? I found that having multiple GitHub account is infuriating on windows because it forces you to go into an obscure security manager to delete a record in order to switch which account your using. Never found a way around it.
I had never heard of this so I just tried to reproduce this - I have no trouble logging into two separate GitHub accounts in different Chrome profiles. What makes Firefox profiles different?
I think he means when using git from the command line. Trying to push to your repo will trigger a github sign in process, which will then save the credentials to Windows Credential Manager. Git will then ALWAYS use those from that point on credentials unless you go into the manager and delete them, which is a massive pain if you use multiple github accounts.
Damn I also hate the Google accounts mayhem. I will look into those containers.
Right now I manually type ?authuser=1 into my URLs to have Google Docs open in the right account, but this breaks when I restart the browser and the page reloads with the wrong account... Why Google removes this parameter from URLs after loading is beyond me.
It feels like multi-user management with google is a feature which was not really considered from the start and never become important enough to refactor the whole thing.
I have no idea how the product is structured, but I do know that many other services have a similar issue.
Heck, we’re using outlook at one of my customers and I can’t even open a second tab in 2020. It will just block the UI telling me there is another tab open.
The worst thing about the Google account switcher is logging into some third party sites sometimes just uses the first logged in account instead of showing the account switcher, so I can't log into the correct account without logging out of all the Google accounts.
Is the Firefox implementation different from Chrome? I don't think Chrome allows you to default links to specific profiles but I have used this feature in Chrome for a while to separate work and personal profiles to sandbox Chrome instances.
I do all my shopping in the shopping container. I have the deals website I frequent set to the shopping container so if I open slickdeals.net in any tab, I get to the shopping container.
One quality of life change I encourage is go to manage containers and select "Select a container for each new tab". Then you can pretend the firefox tab without a container even exists (caveat: does not work with ctrl + t shortcut for new tab)
> The nice bonus feature is you can have certain sites default to containers. I had a paid YouTube account for a while, for example, so having any YouTube link open in my personal account was nice for not getting hit with ads on initial click due to my default Gmail not being the right one.
I use Chrome on Windows 10 at work because we're a gsuite shop and that's just what we do (I don't do personal things on company resources). I use Firefox on Debian everywhere else because Fuck Google.
Why do you hate the Google account switched for Gmail? It keeps all of my Gmail-attached sites isolated in Chrome and is easy to use on desktop (non-existent on Android Chrome unfortunately).
I tried it but it doesn't seem to work. I clicked a new "Work" container, then went to mail.google.com, and it instantly took me out of the container.
And then when I click back to the work container and try to access mail.google.com I get:
"400. That’s an error.
The server cannot process the request because it is malformed. It should not be retried. That’s all we know."
Bug? It seems like a really messy UI. Why can't they make Multi-Account Containers work just like Facebook Container? Or have make 1 window == 1 container?
Yes, I use it at home but also a lot at work. Opening personal account and admin accounts in a bunch of different tabs for a bunch of different sites. Makes it super easy, no need to log in and out throughout the day. I have users that also will have our O365/Okta accounts as well as client O365/Okta accounts. Containers make it a cinch to keep everything separate and logged in at the same time.
I was asking about Chrome profiles, not Firefox containers. I use dozens of Firefox containers already, and it's my understanding that Chrome profiles aren't a good substitute because you can only use one at a time.
Multi-Account Containers with Containerize is an unbeatable combo. Until Chrome gets something like this (I doubt it), I'm never leaving Firefox because of it.
In my experience that had better support for per-eTLD temporary containers, so that each site can have its own, and the data can be discarded relatively soon. I also have more permanent containers for things that I want to be able to persist (e.g. work uses SSO so I need to link multiple sites together to log in).
When I used it I found the management in Multi-Account Containers to be onerous (I don't believe it could do automatic containers based on eTLD).
Oh wow, okay this makes things a little easier. I've always struggled with logging in as the SSO-flow has domains that I haven't added to the "Always open in X tab". Hopefully the functionality gets incorporated into the MAC addon eventually!
.. I say hopefully, man I feel guilty getting so much use out of these addons when I could be actively contributing. Fuck it, donating.. https://donate.mozilla.org/en-US/
This is going to take care of my biggest gripe with Multi-Account Containers; it leaks cookies to the default container if you open the site management list because it looks up favicons each time. I just tested Containerise and multi-container cookie jars, it does not leak cookies with this.
Finally, painless container management!
Does this work with Firefox Sync? I'd love to have different bookmarks/cookies/accounts/etc. for work and home but use the same sync account - sometimes I work from home and want to use my work profile, but also don't want my home bookmarks showing up when I share my screen at work.
The Facebook Container extension is special, it does a bunch of work to put all of Facebook and only Facebook inside the Facebook Container. Bits of Facebook trying to peak through outside Facebook (e.g. tracking pixels) are elided entirely. Which is exactly what I want. But ordinarily that's not the behaviour you get from a Firefox container.
e.g. I have that Facebook Container, and I also have a Slack container I just put together in the usual way by opening my Slack session (it's for the main social group I hang out with, during the pandemic) inside a Container with a pink theme and icon.
Suppose three friends send me a funny Youtube video of kittens, one sends it on Slack, one on Facebook, one literally sends me a postcard with the URL on it.
In Facebook, it's inside the Facebook container. Since the Facebook Container has no idea who I am, Youtube presents adverts and of course there's no way to add the video to my "Fun kitten videos" list. But if I tell Youtube to open this now the tab is not Facebook, a no-referrer link opens with the URL and now in my default context which has Youtube Premium, so there are no adverts and I can add this to my lists. As far as Facebook is concerned I apparently just left. Unless Google tells them I watched that video they are none the wiser.
Slack is inside the Slack container. So again, no Youtube account, adverts. But if I open the Youtube page that's still inside the Slack container, so still no Youtube account. I need to explicitly get the URL and paste it into a not Slack tab to get my default context.
The link from the postcard obviously I get to choose which context to type it into the URL bar, although maybe the UX of typing random Youtube URLs in isn't great.
> In Facebook, it's inside the Facebook container. Since the Facebook Container has no idea who I am,
wouldn't they know exactly who you are with every request sent to any of their servers and any facebook page you load either by your facebook account, IP address, or by browser fingerprinting.
I mean, sure they can be entirely confident that I'm the Facebook user who signed up for that account, and so in that sense they know exactly who I am.
But in another very real sense they've got no idea who that is. It would suit them very well to be able to reliably tie it to other information (hence all the tracking pixels and so on) but the Container prevents that.
I mean, one of my Facebook friends is named say "Norman Le Plum". I'm very confident that isn't what it says on his birth certificate, and indeed when his friend request arrived I actually ignored it until I found someone out of band to tell me who "Norman" was, but in a sense Facebook know exactly who Norman is, he's a disembodied red skull who is still really into skateboarding and Steamed Hams.
What use that is,isn't clear, and presumably one day advertisers might conclude the answer is "No use whatsoever" and Facebook will go out of business. Meanwhile I read funny Steamed Hams variants, people complain about their jobs, and while I'd rather it didn't exist at all, if it must exist at least it's trapped in a little box where it can't taint everything else.
Now Google probably knows way too much about me, but that's quite a different problem.
I wouldn't count on a fake name being any kind of problem for facebook assuming they're actively using the profile.
Not providing them any data at all won't spare you, but if you're using the account they can easily analyze photos and comments (including those on other people's profiles), use facial recognition, use friend/activity patterns, match IP addresses/browsers (including any instances where the same IP address/browser was used to sign into non-facebook services found in records purchased by facebook from data brokers), and if he ever uses his phone or chrome to look at facebook there's a handy unique ID sent to facebook as well which can be matched with countless other recorded activities.
Facebook devotes a huge amount of time and money to collecting data and using it to associate people to a real identity to the extent that even people who never signed up for an account at all have hidden profiles created for them by facebook which contain the intimate details of their life including what they buy at the grocery store.
As far as I can tell, a container won't protect your identity but it will limit the amount of information they have on your browsing history (unless your ISP decides to sell them that information or they obtain some of it from a 3rd party data broker)
Older accounts may have fake names but newer ones require identification documents, even selfie videos to prove you are a human. It wouldn't surprise me if they start combing through older accounts eventually.
Ok so my point is that you specifically don't put any Google sites into "a" container but rather let them fall where there are, and if you have a Work container and open something Google, you only ever log into the Work-related Google account?
For work stuff my habit for maybe a decade or more has been to have work buy me hardware and the work hardware does work stuff, so this conflict never arises. The closest is maybe a previous employer paid me a retainer and obviously they didn't buy me a special laptop just for like one conference call a year on retainer, so I did that from my PC.
But yes, in a Foo container, all the various Google things (Docs, GMail, their Cloud offering, Youtube...) are either not logged in at all or they're logged in from some Foo context.
Last I checked, I'd have to enumerate every Google domain and subdomain, which just seemed like too much work. But if others have already done this, itd be easy to just use theirs.
It’s not the same. All my uMatrix anc cookie auto delete rules are container specific. Private windows are like very simple containers that destroy themselves once closed.
AFAICT private Firefox windows are also part of the same container so you don’t get true separation (can’t open multiple Firefox private windows and log into different google accounts — does that work in Safari?)
Didn't know you could do this with Firefox. Thanks for the tip! Curious — have you ever heard of Shift (tryshift.com)? It pretty much does the same thing, but with everything (Gmail, Facebook, YouTube, WhatsApp, etc.). I use it at work so that I don't have to sign in and out of all my Google accounts. It's pretty unreal.
Welcome to HN. Is this you?[1] You should disclose your job is promoting the company you mentioned if it is. I hope it isn't or you just forgot. Astroturfing erodes trust between people and makes the world worse.
The nice bonus feature is you can have certain sites default to containers. I had a paid YouTube account for a while, for example, so having any YouTube link open in my personal account was nice for not getting hit with ads on initial click due to my default Gmail not being the right one.
There's also a plugin[2] that will make any new tab default to whatever the first tab listed is. Really great for if you want to have a whole browser window dedicated to one container.
[1] https://addons.mozilla.org/en-US/firefox/addon/multi-account...
[2] https://addons.mozilla.org/en-US/firefox/addon/sticky-window...