We live in a connected world where we have multiple online accounts that are often segregated between our personal and work lives. Being able to use all of them at the same time while still keeping them separated isn’t always possible, yet Mozilla is attempting to change that with a brand new feature in the Nightly release of Firefox 50.
Dubbed Containers, the new feature is meant to allow people use different browser tabs for different contexts, including work, banking, shopping, or personal. Basically, as Tanvi Vyas, Mozilla Security Engineer, explains in a blog post, Containers allows individuals portray the different characteristics of themselves in different situations.
With the help of Containers, one’s identities are segregated in such a way that their browsing behaviors don’t overlap, allowing people to keep their personal and work lives separated while using a single browser. According to Vyas, these identities are truly separated, courtesy of a fully segregated cookie jar, which ensures that the cookies, indexeddb, localStorage, and cache of sites are kept in different Containers for each context: one for Work, one for Personal, etc.
Vyas explains that, with Containers, users can log into a work account and a personal account on the same social platform and can also use two email accounts in side-by-side tabs simultaneously. The Containers feature eliminates the need to use multiple browsers, an account switcher, or to constantly log in and out to switch between accounts.
What Containers aims to achieve is increased user privacy when browsing the Internet, providing people with some control over the techniques websites can use to track them. Since tracking cookies are stored separately, websites won’t be able to track users over multiple containers. To associate the tracking information from multiple containers, websites would have to use device fingerprinting techniques.
“Containers also offers the user a way to compartmentalize sensitive information. For example, users could be careful to only use their Banking Container to log into banking sites, protecting themselves from potential XSS and CSRF attacks on these sites. Assume a user visits attacker.com in an non-banking-container. The malicious site may try to use a vulnerability in a banking site to obtain the user’s financial data, but wouldn’t be able to since the user’s bank’s authentication cookies are shielded off in a separate container that the malicious site can’t touch,” Vyas explains.
For the time being, however, the Containers implementations in Firefox Nightly is a basic one, allowing users to manage identities from a minimal interface. However, the feature is expected to receive improvements as users test it and provide feedback on it. Mozilla expects to make the design more convenient, elegant, and usable.
In fact, Vyas notes that one of the main issues that has been long discussed is the inability to efficiently use “Contextual Identities” on the web, because it’s difficult to determine the right user experience. Some questions that need to be answered in this regard include users’ ability to determine the context they are operating in, how to recover if they make a mistake and use the wrong context. Moreover, it remains to be determined if the browser can assist by automatically assigning websites to Containers so that users don’t have to manage their identities by themselves and what heuristics would the browser use for such assignments.
In Nightly Firefox 50, users can start using the new feature by opening a New Container Tab from the File Menu (on Windows, the File Menu becomes accessible after hitting the Alt key) and choosing between the available Personal, Work, Shopping, and Banking options. Each tab has a different decoration, so that users know which context they are browsing in, while the regular browsing context, or default container, has no such decoration.
“The right side of the url bar specifies the name of the Container you are in along with an icon. The very top of the tab has a slight border that uses the same color as the icon and Container name. The border lets you know what container a tab is open in, even when it is not the active tab,” Vyas explains.
The normal browsing experience that users receive when launching a New Tab or a New Window remains unchanged, as normal tabs continue to access all of the site data that the browser has already stored in the past. The user interface of normal tabs isn’t changed either, and all site data read or written will be put in the default container when browsing in the normal context.
When the Containers feature is used, however, the Container tabs won’t have access to the site date stored in the default container. Similarly, normal tabs don’t have access to site data stored for a different Container tab. The feature was also designed in a way that allows users to browse the Internet via normal tabs alongside other Containers.
For the time being, Containers remains an experimental feature, aimed for Nightly Firefox only, meaning that it will be disabled when the browser moves to Aurora/DevEdition 50. The stable Firefox release, currently at version 47, won’t include it either. Nightly users also have the option to disable Containers altogether, from about:config.
Related: Firefox Warns of Password Requests Over HTTP
Related: Critical, High Severity Flaws Patched in Firefox