Mozilla plans to add contextual identities to Firefox

Martin Brinkmann
Sep 1, 2015
Firefox
|
24

A recent Mozilla Wiki entry reveals that Mozilla plans to add contextual identities to the Firefox web browser which allow users of the browser to separate certain data types from each other.

This would benefit Firefox users in several ways, for instance by allowing them to sign in to web services at the same time or by using custom identities for select websites only to block the service from tracking users across the Internet.

While this can be done with multiple Firefox profiles as well, one benefit of contextual identities is that they run under a single profile.

What this means is that you can switch between contexts in the same browsing session and window which cannot be done using profiles.

Certain add-ons such as Cookie Swap or Multifox support that as well, but they limit their functionality to cookies while Mozilla's implementation plans to go beyond that to cover other use cases.

Containers file menu

Mozilla plans to separate the following data when containers are used in Firefox:

  • Cookies
  • local Storage
  • indexedDB
  • HTTP data cache
  • All OriginAttributes content

This goes beyond simple cookie swapping as you can see but not as far as different profiles. All containers share the remaining information including add-ons, history, bookmarks, saved passwords and other data, or the image cache.

Containers can be selected from within Firefox. Current plans show it as a new entry under the File menu of the browser. Since the File menu is not displayed by default on Windows, Mozilla wants to add the Container menu to the main Firefox menu icon as well.

A set of default containers -- personal, work, banking and shopping -- are provided by default. These are just names as they are not restricted to certain types of sites. You can, in theory, use the banking container to access a games site or the work container to watch Justin Bieber's latest smash hit video.

There is also an option to create custom containers if you need more. You could create a Gmail container for instance to access Gmail exclusively using it, or two Gmail containers if you want to access two accounts. Since you would name them Gmail, it would be easier to distinguish them from the rest.

Containers comparison

Containers will look different in the Firefox window so that they can be easily distinguished from one another.

It is a bit puzzling that Mozilla goes down that route but decided not to implement private browsing tabs in Firefox because users could confuse private browsing tabs with regular tabs (there is an extension for that though)

Use cases

Apart from allowing users to sign in to multiple accounts of the same service at the same time, containers provide other benefits such as preventing online tracking, retargeting (advertisement that follows you on the web, e.g. you look at cars and everywhere you go you get car ads), and certain attack forms such as cross-site request forgery attacks that rely on existing credentials in the browser.

Different profiles provide these benefits as well and more. It is for instance possible to use specific add-ons in select profiles only, to secure online banking even more or make sure all data is deleted after the browsing session.

Closing Words

Contextual Identities bridge the gap between using different profiles for basic tasks in Firefox and browser extensions that let you do the same.

It makes sense to start with a basic implementation to test the waters. I'd like to see improvements being made to it such as limiting containers to specific sites and running add-ons exclusively in select containers.

Contextual Identities is a work in progress. This means that it may be implemented this way, in a different way or not at all.  You may monitor progress by following the meta bug. (via Sören Hentzschel)

Now you: What's your take on this? How do you handle the use cases currently?

Summary
Mozilla plans to add contextual identities to Firefox
Article Name
Mozilla plans to add contextual identities to Firefox
Description
Mozilla plans to add contextual identities to Firefox which separate certain types of data to improve multi-account handling among other things.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. webfork said on September 3, 2015 at 5:25 pm
    Reply

    I strongly recommend the Multifox add-on that Martin mentioned as well as the toolbar button plugin:

    https://addons.mozilla.org/en-US/firefox/addon/multifox-toolbar-button/

    I don’t know if it’s better than what Mozilla’s contextual identities will create, but this works beautifully for keeping my browsing profiles separate.

  2. anonymous said on September 3, 2015 at 1:56 am
    Reply

    Wouldn’t sandboxed tabs/e10s accomplish the same thing without having “contextual identities”?

  3. a said on September 3, 2015 at 12:51 am
    Reply

    While this looks interesting, profiles already exist.

  4. A. said on September 2, 2015 at 2:12 pm
    Reply

    This is great news. I use Multifox for the same purpose (have tried Priv8 but went back to Multifox) and the only thing I miss is the ability to have per-identity proxies: having custom proxy settings for each identity would allow me to make academic research using my university’s proxy while using other profiles through direct connections (or other proxies), for example

    Martin, do you know if there are plans on this, or if there’s a way to do it already?

  5. Annonn said on September 2, 2015 at 11:48 am
    Reply

    Mozilla have always hidden the profile feature. Its about time they answer with something like this!

    Just like the others said though, I hope they can integrate this without removing the classic profile system, or improving it at the very least.

  6. Gonzo said on September 2, 2015 at 2:10 am
    Reply

    This new half-measure “feature” seems aimed at the lazy/uninitiated. It should be an Extension. I’m now worried that this is the first step to removing profilemanager. I’m regretting the move from Pale Moon back to Firefox.

    When I begin my full-time transition from Windows to Linux next month, I think I’ll go back to Pale Moon. I’ll just use a Windows/Firefox user-agent (shell script to update it every 6 weeks) for compatibility and anonymity.

  7. insanelyapple said on September 1, 2015 at 11:46 pm
    Reply

    Sounds like a mix of profile within Fx’s profile plus themed-privacy mode with Session Saver extension.

    It’s an interesting concept but if it’s going be added as feature, I really hope they won’t ditch classic profiles.

  8. ams said on September 1, 2015 at 7:54 pm
    Reply

    Kids, along with full-grown sheeple are easily duped. They naively accept representations at “face value”.
    Please look beyond the “happy, feelgood representation” of the proposed menchanism:

    wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

    Containerization is a “wonderful notion”… but mozilla is proposing a “half a solution” approach.
    Saved passwords will not be containerized.
    Saved search and form data will not be containerized.
    The image cache will not be containerized.
    (nor bookmarks, nor STS flags)

    The presence of these by-design holes in the dike are… they are par for the (mozillian dev mentality) course.
    Given the privacy/security implications of the (proposed) shared cache, why even bother?

    1. archie said on September 1, 2015 at 8:51 pm
      Reply

      That seems a bit harsh. I find the concept interestings and promising, very well worth exploring. This could mean that I can stop using an empty default browser and one dedicated for emails, both I don’t trust with my browsing activity: IE and chromium. With a single browser, so compartimentalized, I might be able to gain some comfort and productivity. Or not….

      My firefox profile is a VERY valuable resource to me; It dates back to FF1.x… easy to manage, store in a vhd file, encrypt when needed, mount and unmount at will, backup, hide, lock, port, clone, sync, tweak, repair … the list goes on and on. Even open in virtualized, heavily secured environments. The program can be portable too. That makes for the most impressive usability and securable browser you can find, by a wide margin, if you know what you’re doing. Applying the same tricks to chromium never did it for me. IE I don’t even try.

      Bottom line, this experience with containers might prove a worthy addition. Only trials will tell.

      One thing for sure: the gap widens with the competition, for my particular application.

  9. Dan82 said on September 1, 2015 at 6:21 pm
    Reply

    This is quite a smart idea, frankly. The idea to “undock” differently themed websites from your default browsing profile is a desirable feature. Although I would never recommend for people to do their online banking and shopping in the same browser-session they do everything else with – there are quite a number of browser extensions which I don’t feel entirely comfortable with in that regard – this container concept would at least provide additional privacy if not more security.

    One has to wonder though, how this works with in practice. What happens when I change the container of an existing window which has already some opened tabs? Will they be closed automatically or will they be retained even in the new container? Will there be an option to open one or more default tabs when a container is activated? Or do I need to a) close all existing tabs or create a new window, b) change the container and c) open the desired link(s) instead? Right now, working with private windows, I only need to right-click on a link and open it in a private window in one simple step.

  10. anon said on September 1, 2015 at 5:12 pm
    Reply

    An idea that’s actually good! From Mozilla?!

    Wonder if tomorrow’s snowing here in the tropical land…

  11. wybo said on September 1, 2015 at 3:34 pm
    Reply

    That sounds like an interesting move by Mozilla. I would certainly use it.
    Currently I use the FF add-on Priv8 for all my different identities.

    1. Maelish said on September 1, 2015 at 4:44 pm
      Reply

      I agree, it’s been puzzling how they have been shooting themselves in the foot with some of their design decisions. This one is brilliant in comparison.

  12. archie said on September 1, 2015 at 3:22 pm
    Reply

    I’m so glad to find that out. Following the recent move from Microsoft towards heavy profiling, I felt like I should amp-up my game with privacy. This could provide yet another string to my bow. Get ready for some off-topic commenting (apologizing).

    Up to yesterday, this bow had a few somewhat weak strings, including several specialized browers, header spoofing in Firefox and cookie management in all. A hefty hosts file would tighten things up, updated with common advertisement and other nefarious domains.

    That was my setup for the last years, up to Windows 8.1. Going to Windows 10, I was amazed at the amount of undesirable activity and then horrified when I found that Microsoft would conspicuously ignore the …/drivers/etc/hosts file and access some seamingly blocked domains anyway. That would be “home”, for the time being, but who’s to say that the scope won’t widden when it becomes a commodity for sale ? compromising this ultimate wall was a nasty move. One that grants a drastic, end-it-all move on my part I reckon. Firefox couldn’t be enough any more, hence the off-topic’ness (apologizing again)

    Yesterday night, I jumped in and setup a virtual machine with pfSense. In a matter of minutes, litterally, I was able to disable ipv4 and ipv6 on the wan side of the Windows network card, moving them to the Microsoft loopback (there’s a flaw) that talks only to the new machine..A few hours then went into configuring a new domain blocklist (since windows’ hosts file has been compromised) and figuring out a way to keep it updated.

    That’s not part of pfsense default configuration and requires getting introduced with such as sftp, the unix shell, freebsd package handling, perl, cron and other stupid-powerful tools I was happy to more or less avoid up to now.

    pfSense is a powerful tool; that’s one router, one powerful firewall with extensions and the mighty power of FeeBSD at your fingertips. All in a feather-light package: for now, the vbox machines has a mere 2gb disk and a measly 256mb Ram on one core. My pentium cpu barely feels it. Its installation and configuration is surprisingly trivial and could possibly be handled by moderate geeks, seeing as I was online minutes after cutting Windows access. Logging the Microsoft alias I created for a firewall rule, rather than local redirection, I found (with charts), that thousands of blocks had occured. That should make for some interesting analysis…

    Martin, I have read your blog for years and I considere it a most valuable news ressource. While I rarely comment and never thought of anything worth suggesting to you, I felt like today, with this new entry on Firefox privacy and the recent W10 oopla, could be the day for a rather off topic comment (sorry about that, again) and a suggestion: would you considere looking into this and tell us what you think ?

    As it was a nice find for me, I suspect a good chunk of your readers would be intrigued. Obviously, you might have found more elegant alternatives, which I’d be happy to read about..

    Did I say that the tiny machine obviously will handle the whole local network as well as VPN’s among other things ? If I was a daddy or a small business (maybe not so small), I would certainly be intrigued.

    Again, sorry for the long, potentially polluting, feel-free-to-delete entry; but that firefox move hit it right on the head for me today… Have a nice day.

    Roger.

  13. Yuliya said on September 1, 2015 at 3:14 pm
    Reply

    I like this. I always wanted to separate two sessions with one logged in and one guest or two accounts that I don’t want to associate. Until now (and for the time being until this becomes real) I used private window for such :)

    1. Connie Duttry said on September 1, 2015 at 7:37 pm
      Reply

      Shouldn’t Mozilla fix the problems with Flash Player before they they venture off to places unknown?

      1. Yuliya said on September 2, 2015 at 12:36 am
        Reply

        My only issue with Flash was uploading on imgur – I was getting an error that I could not dismiss. Now it seems fixed, not sure whether a Firefox update or a Flash update had fixed it, though.

      2. Andy said on September 2, 2015 at 12:26 am
        Reply

        Uh, fixing Flash Player *is* places unknown. Highly unknown. Probably unfixable-in-the-long-run kind of unknown.

  14. michal said on September 1, 2015 at 2:46 pm
    Reply

    It seems like really usefull feature, isn’t it? As for now I use one additional “identity” – private browsing for banking purposes. And thats basicly all you can do in a few mouseclicks. This feature would allow for something that was available from around 2010 in old Opera – private TABS, opened via RMB on tab bar “new private tab”. By the way, does anyone know if there is an extension that provides such thing?

    How about other use cases – pr0n mode;), FB?

    Not to troll, but I challange anyone to say that it’s the next one of Mozilla’s bad decision against userbase…

    1. Jhon said on June 8, 2016 at 7:11 pm
      Reply
    2. Robert said on September 1, 2015 at 6:10 pm
      Reply

      Well they could put this feature in the plugin department instead of the bloatware department for users to choose.

    3. abcdef said on September 1, 2015 at 3:42 pm
      Reply

      > By the way, does anyone know if there is an extension that provides such thing?

      “Private Tab” Addon which is linked in the article.

  15. juju said on September 1, 2015 at 2:07 pm
    Reply

    divide and conquer

    1. juju said on September 1, 2015 at 2:08 pm
      Reply

      didn’t mean in a sense as tackling problems. more like in warfare sense.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.