Account confirmers, Anti-spam team, Bureaucrats, canmove, Confirmed users, Interface administrators, Module owners and peers, smwadministrator, smwcurator, Administrators, MozillaWiki team, Widget editors
8,401
edits
Security/Contextual Identity Project/Containers: Difference between revisions
Security/Contextual Identity Project/Containers (view source)
Revision as of 06:08, 17 August 2022
, 17 August 2022→Add-ons: Correct typo
Englehardt (talk | contribs) (Minor rewording of first paragraph) |
m (→Add-ons: Correct typo) |
||
| (24 intermediate revisions by 7 users not shown) | |||
| Line 1: | Line 1: | ||
'''''lightweight persistent | '''''lightweight persistent contexts that isolate sites from one another''''' | ||
<b>Containers is now available as a Mozilla created Firefox extension [https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ here]. The extension has added features for improved user experience, beyond what is available in Firefox itself.</b> | |||
==Description== | ==Description== | ||
Individuals behave differently in the world when they are in different contexts. The way they act at work may differ from how they act with their family. Similarly, users have different contexts when they browse the web. They may not want to mix their social network context with their work context. The goal of this project is to allow users to separate these different contexts while browsing the web on Firefox. Each context will have its own local state which is separated from the state of other contexts. | Individuals behave differently in the world when they are in different contexts. The way they act at work may differ from how they act with their family. Similarly, users have different contexts when they browse the web. They may not want to mix their social network context with their work context. The goal of this project is to allow users to separate these different contexts while browsing the web on Firefox. Each context will have its own local state which is separated from the state of other contexts. | ||
[[File:Containers-side-by-side-cropped.png| | [[File:Containers-side-by-side-cropped.png|700px|frameless]] | ||
==How to Use Containers== | |||
The containers feature is enabled in Firefox Nightly 50 by default with the about:config pref `privacy.userContext.enabled` set to true. When enabled, containers will integrate seamlessly into your current browsing experience. You will have the option to open entirely new browsing contexts, which will have their browser storage (such as cookies or localStorage) separated from other containers. Your normal tabs, which we consider to exist in the ''default container'', will still look and act as you'd expect them to before enabling containers. | |||
Container tabs operate just as you would expect a normal tab to, except for the fact that the sites you visit will have access to a separate slice of the browser's storage. This means your site preferences, logged in sessions, and advertising tracking data won't carry over to the new container. Likewise, any browsing you do within the new container will not affect the preferences, logged in sessions, or tracking data of your other containers. | |||
There are several ways to open new containers: | |||
===File Menu=== | |||
In the OS menu bar, click "File" -> "New Container Tab". From here you can choose from one of the four pre-defined containers (Home, Work, Banking, and Shopping). After choosing one of these, you will see a new tab from that container appear in the tab strip. | |||
[[File:Conatiners-file-menu.jpg|700px|frameless]] | |||
===Open links in new tabs and containers=== | |||
It's possible to open links in a new and/or different container. Right click on any link, select "Open link in New Container Tab", and then select the desired container tab. | |||
[[File:Containers-right-click-menu.png|700px|frameless]] | |||
Holding the "Control" key on Windows or Linux (or the "Command" key on Mac) while clicking a link will open it in a new tab. The new tab will open within the same container as the previous tab. This includes both the default container and in any of the predefined containers. | |||
==Benefits and Use Cases== | ==Benefits and Use Cases== | ||
| Line 57: | Line 63: | ||
[[File:Containers-start-page.png|900px|frameless]] | [[File:Containers-start-page.png|900px|frameless]] | ||
<i>(Note that the description text in the above image has not yet been implemented.)</i> | |||
The set of included containers is: | The set of included containers is: | ||
* Personal (to use at home) | * Personal (to use at home) | ||
* Work (to use at the office) | * Work (to use at the office) | ||
* Banking (for accessing sites with financial or sensitive | * Banking (for accessing sites with financial or sensitive information) | ||
* Shopping (for accessing ecommerce sites) | * Shopping (for accessing ecommerce sites) | ||
* Custom | * Custom [available in future versions] | ||
Through naming and onboarding, we gently encourage users to use different containers for different purposes, as the separation is necessary to gain the benefits above. A purpose-specific container can have many sites in it: | Through naming and onboarding, we gently encourage users to use different containers for different purposes, as the separation is necessary to gain the benefits above. A purpose-specific container can have many sites in it: | ||
| Line 70: | Line 78: | ||
* The Shopping container can be a place for Amazon, Alibaba, and other stores | * The Shopping container can be a place for Amazon, Alibaba, and other stores | ||
=== | ==Implementation Details== | ||
===What is (and isn't) separated between Containers=== | |||
Separated by Containers: | |||
* Cookies | |||
* localStorage | |||
* indexedDB | |||
* HTTP data cache | |||
* Image Cache | |||
* Any other areas supported by originAttributes [https://bugzilla.mozilla.org/show_bug.cgi?id=1179985 Bug 1179985] | |||
Not separated by Containers (Yet): | |||
* History - [https://bugzilla.mozilla.org/show_bug.cgi?id=1283320 Bug 1283320] | |||
* Bookmarks - [https://bugzilla.mozilla.org/show_bug.cgi?id=1213290 Bug 1213290] | |||
* Security Exceptions for Invalid TLS Certificates [https://bugzilla.mozilla.org/show_bug.cgi?id=1249348 Bug 1249348] | |||
Not separated by Containers (On Purpose): | |||
* Saved Passwords | |||
* Saved Search and Form data | |||
* HSTS Flags - (Supported by OA: [https://bugzilla.mozilla.org/show_bug.cgi?id=1253006 Bug 1253006]) | |||
* OCSP Responses - (OA Supported: [https://bugzilla.mozilla.org/show_bug.cgi?id=1264562 Bug 1264562]) | |||
You can find more information on the implementation of the project by looking through the Contextual Identity / Containers meta-bug, [https://bugzilla.mozilla.org/show_bug.cgi?id=1191418 Bug 1191418]. | |||
===An extended origin=== | |||
An origin is defined as a combination of a scheme, host and port. Browsers make numerous security decisions based off of the origin of a resource using the same-origin-policy. Various features can be re-imagined as simply adding another key to the origin check. These include the Tor Browser’s work on [https://bugzilla.mozilla.org/show_bug.cgi?id=1260931 First Party Isolation], Private Browsing Mode, the [https://w3c.github.io/webappsec-suborigins/ SubOrigin Proposal], and Containers. | |||
Hence, Gecko has added additional attributes to the origin called OriginAttributes. When trying to determine if two origins are same-origin, Gecko will not only check if they have matching schemes, hosts, and ports, but now also check if all their OriginAttributes match. | |||
Containers adds a userContextId OriginAttribute. Each container has a unique userContextId. Stored site data (like cookies) is now stored with a scheme, host, port, and userContextId. So if a user has example.com cookies for the Shopping userContextId, they will not be accessible by example.com in the Banking Container. | |||
Note that one of the motivations in enabling this feature in Nightly is to help ensure that we iron out any bugs that may exist in our OriginAttribute implementation before features that depend on it are rolled out to users. | |||
===More information=== | |||
* OriginAttributes implementation [https://bugzilla.mozilla.org/show_bug.cgi?id=1179985 meta-bug] | |||
* Containers implementation [https://bugzilla.mozilla.org/show_bug.cgi?id=1191418 meta-bug] | |||
==Making containers look different== | ==Making containers look different== | ||
[[File:Containers- | [[File:Containers-tabs-stacked.png|900px|frameless]] | ||
Each container | Each container has several visual indicators: | ||
* Name: On the | * Name: On the location bar | ||
* Icon: On the | * Icon: On the location bar | ||
* Color: On the tab and location bar | * Color: On the tab and location bar | ||
==Discovering the feature== | ==Discovering the feature== | ||
For the initial version, this feature is discoverable via the File menu and hamburger icon menu as discussed above. This makes the feature accessible for those who want to use it, and have no impact on the browsing experience of those who don't. Through user research, we’ve found that many people have only one account per website, and that they don’t currently separate their online selves into work/home/banking/etc. Containers is not a feature for those users. | |||
For the initial version, this feature is discoverable via the File menu and | |||
However, we can hook into several user actions and present onboarding messages to encourage container use for users who can benefit from them. We can detect users logging in and out of a service like Twitter that doesn't have support for multiple logins, and offer the feature to them. We can also offer the feature to users when they first try to access their online banking after the feature has been enabled. | However, we can hook into several user actions and present onboarding messages to encourage container use for users who can benefit from them. We can detect users logging in and out of a service like Twitter that doesn't have support for multiple logins, and offer the feature to them. We can also offer the feature to users when they first try to access their online banking after the feature has been enabled. | ||
| Line 132: | Line 159: | ||
* Some sites may require that the user interact with multiple top-level origins during a session, or may require cookies from multiple origins. | * Some sites may require that the user interact with multiple top-level origins during a session, or may require cookies from multiple origins. | ||
== | ==Add-ons== | ||
<span style="color:#ff0000"> [As of 17th August 2022, all of the following add-ons appear to be no longer available or supported. Information has been retained for historical interest only.] </span> | |||
* Firefox add-ons: | * Firefox add-ons: | ||
** [https:// | ** [https://bugzilla.mozilla.org/show_bug.cgi?id=sessionperwindow "One session per window"] | ||
** [https:// | ** [https://addons.mozilla.org/en-US/firefox/addon/priv8/ Priv8] | ||
** [https://addons.mozilla.org/en- | ** [https://addons.mozilla.org/en-GB/firefox/addon/private-tab/ Private Tab] | ||
** [https://addons.mozilla.org/en-US/firefox/addon/cookieswap/ CookieSwap] | ** Cookies | ||
* | *** [https://addons.mozilla.org/en-US/firefox/addon/cookieswap/ CookieSwap] | ||
*** [https://addons.mozilla.org/en-US/firefox/addon/multifox/ Multifox] (abandoned) | |||
** Profile managment | |||
** [https:// | *** [https://addons.mozilla.org/en-US/firefox/addon/profilist/ Profilist] | ||
* | *** [https://addons.mozilla.org/en-US/firefox/addon/profileswitcher/ ProfileSwitcher] | ||
** [https:// | *** [https://addons.mozilla.org/en-US/firefox/addon/switchy/ Switchy] | ||
** [ | |||
** [https:// | |||