Security/Contextual Identity Project/Private Session

From MozillaWiki
Jump to: navigation, search

enhancing private browsing to provide some elements of isolation between sites

Warning signWarning: This is just a draft proposal of how contextual identities might be implemented in Firefox
Mock-up of what this might look like


This proposal includes some ideas we have for containers, but completely rely on the existing Private Browsing feature.

The basic idea:

  • Every Private Window opens a new AppID. It becomes a Private Session.
  • A link opened from inside a Private Window opens in the same AppID.

It will not require existing users of Private Window to change their existing behaviours, but it will give users who want multiple sessions the ability to open a new one easily.

There are going to be some UI changes, of course, but they’re going to be minimal. The visual change is this: every new session is visually distinct. It will have a different colour (from purple to orange, blue, green, etc.) and also a little number to further distinguish it from each other. Everything else remains exactly the same.

This visual change solves the invisible state problem:

…it's impossible to tell by looking at windows whether they share cookies or not. Users would have to keep a mental model of the interrelationship of every open incognito window, all of which would look the same, in order to predict what would happen in any of them.

Proposed Behaviour

In normal window/tab

  • Clicking Open Link in New Tab or Open Link in New Window will open content using the current session
  • Clicking File → New Private Session or right-clicking Open Link in New Private Session will open a fresh AppID
  • Every new Private Session opened from a link originating in normal window/tab gets a fresh AppID, even if the link is the same

In private session window/tab

  • Clicking on a link, or right-clicking Open Link in New Tab or Open Link in New Window will open the current AppID
  • Clicking File → New Private Session will open a fresh AppID
  • There is no way to open a fresh AppID by right-clicking a link. We could, perhaps, try a right-click option called Open Link in New Session, but this could be confusing

Possible timeline

Phase 1:

  • Hide Private Session behind a pref.
  • Pref. off by default except on Nightly and Aurora
  • No user-facing interface. No colour coding.
  • Blog about it on Hacks blog. Firefox is the only browser that does this. It’s going to help web developers and make it possible for users to sign into one site with multiple accounts.
  • Measure and observe user behaviour. See how developers and early adopters use it.

Phase 2:

  • Enable pref. for everybody
  • Deploy user-facing component (colour/number coding – this solves the problem of invisible state)
  • Tutorials on Private Session start page
  • Tutorials on SUMO
  • Measure and observe user behaviour
    • How many sessions do a user typically open? How many tabs and windows per session?
    • Do they use it to sign into the same site and keep it open for a long time?

Phase 3:

  • Based on user research, decide whether it’s worth it to turn this feature into containers, or to stick with designing multiple profiles instead.
  • Based on user research, design containers around use cases.

Related Work