What are Firefox Containers? How do they help us? - gHacks Tech News

ADVERTISEMENT

What are Firefox Containers?

You may have heard of Firefox Containers. But do you know what they are? How do they help us? To understand the purpose of this feature, you need to understand how web tracking works.

What are Facebook Containers

Let's begin with Facebook.

For e.g. John looks up used cars on a search engine and visits some pages for more information. Later he visits Facebook, and starts seeing recommendations for used cars. John is puzzled because he never searched for these on the social network.

How did this happen? The pages John visited may have contained elements related to Facebook, such as the Share and Like buttons. The site also most likely used Facebook Pixel which is a piece of code from the social network, and I'm quoting the official description here "a snippet of Javascript code that allows you to track visitor activity on your website."

Facebook pixel

The website may have had ads, and/or third-party tracking cookies. The cookies may be used to link activity to a particular computer, and they remain active unless they expire or they are deleted on the local machine.

All these are part of your digital fingerprint which may include personally identifiable details such as your IP address, browser information, location, or operating system. This data is "shared" by the website you visited (through the elements on the page), to the social network. So when John logs into Facebook, the cookies are used to identify him as the one who visited the used cars website.

This is how they track you and display "Relevant Ads", "Recommended Pages", and all that. In case of ads and third-party cookies, it can be worse. The data may be shared with companies affiliated to the advertising network, in other words unknown entities.

Facebook uses different kinds of tracking methods, this example is just one of them. That's the reason why Mozilla has a Facebook Container add-on, an extension dedicated to prevent the tracking atrocities of the network.

I still hear stories of privacy horror like "I was planning a trip with my friends, and began seeing Facebook ads for hotels located there". This was from friend, and he had used Google Maps to look up the distance from his city to the destination. How did Facebook know that? He claims the app was listening. I cannot confirm such theories without evidence, but yes these have happened to me too. Recently I was discussing visiting a book fair with a family member. A few minutes later he handed me his phone and I saw that the phone app was recommending a page about books. That's creepy. I have no explanation for these things.

Note: I don't hate Facebook, I have had clients contact me through the service. It's a pretty good way to stay in touch with friends/family, but the tracking has gone too far. That's why I don't use the app, I login to the mobile website only when required (or when someone texts/calls me to say "Hey Ash, check Facebook"). But that's me, I understand that people need to use messenger for day-to-day communication. You should definitely use the Facebook Container extension to minimize the tracking.

Cookie based tracking

Not all cookies are bad. The ones you used to sign in to your accounts, and stay signed in are helpful. You want to store these.  But some cookies do more than that, they track your internet usage, even when you leave their website, i.e., they can know which website you visited after you left their site. Firefox blocks third-party tracking cookies by default. Some can be even more intrusive and use information from other cookies.

Time for another example.

Let's say you bought some cookies, they are of different kinds. But you have a single cookie jar, so you put them all together. What happens? Bits and pieces, crumbs of cookies get mixed up with one another. It's a mess.

Now, replace the edible cookies with browser cookies. For e.g. Google, Facebook, Shopping sites, Financial sites, etc. Your browser stores these cookies together. That ends up in a digital breadcrumb trail. So they can know what you searched for, or which pages you previously visited etc, all in the name of offering a "personalized browsing experience".

This is the reason why you will see ad banners or pages related to the product you search for or purchased. At what cost, though? Would you be okay with some random company having (parts of) your medical history, insurance or banking information, your home address, or your family information? NO.

What are Firefox Containers?

One unique way of preventing cookie based tracking is to isolate them, sort of like storing them in different jars. But in this case, we use Firefox Containers. Note that you may also block all third-party cookies in the browser, and that should deal with the bulk of cookie-based tracking as well.

Firefox container tabs

You can have a container for Google, another for Twitter, a separate one for Amazon, one for your bank, a different for PayPal, and so on. Each of these act as a digital container, each containing the cookies of the website you want. Your Amazon cookie is restricted to its container, your bank's to its container, etc. Get it? This way, none of the websites have access to the cookies or the history of the other websites. This enhances your privacy greatly.

Firefox containers always open

Another advantages of using Firefox Containers is to use multiple accounts, in case you have more than one on the same service. While you are at it, you should also use uBlock Origin to prevent ad banners and malicious scripts from tracking you.

Firefox containers

Will Firefox Containers guarantee my privacy?

They can minimize the tracking. Nothing can guarantee your privacy, because most services are constantly finding new ways to track users for marketing, advertising, affiliate purposes and some of them have unlimited resources for this. We live in a digital world, we can only do so much. Don't use cloud services for storing personal data, passwords, clear your cookies regularly, avoid shady sites and suspicious URLs, use throw away accounts if you have to. Tor and VPNs can help too, but make sure you don't use them with your regular account's containers.

Summary
What are Firefox Containers?
Article Name
What are Firefox Containers?
Description
What are Firefox Containers? Let's help you understand how websites track you, and how Firefox Containers can help prevent that.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. DropZz said on February 24, 2020 at 8:51 am
    Reply

    Firefox Containers are awesome.
    I recommend using “Multi-Account Containers” in combination with “Temporary Containers” and “First Party Isolation”.
    They are a hassle to setup at first but after that they are great.
    To make it easier you should first enable “Multi-Account Containers” and save all your relevant Accounts in them. After that you can enable the other two.

    https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
    https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/
    https://addons.mozilla.org/en-US/firefox/addon/first-party-isolation/

    1. thebrowser said on February 24, 2020 at 6:38 pm
      Reply

      What exactly is the difference between temporary containers and multi-account containers? I don’t see how they can be combined since they seem to achieve the same goal in the same way.

      First party isolation is a preference that you can disable manually from about:config so you can save one addon installation. Considering that would already make your browser fingerprint more unique and easier to track, which is the whole point of going through this trouble, is a good idea to look to reduce the number of addons like this one.

      Just my observation, not criticizing, thank you for sharing this!

      1. notanon said on February 25, 2020 at 12:39 am
        Reply

        @thebrowser, disabling first party isolation is stupid.

        First party isolation protects your privacy.

        Read about it here: https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/

        BTW, privacy.firstparty.isolate = “true” is the default of the ghack user.js, so you don’t have to worry about leaving a unique “fingerprint”, you’ll have plenty of company (other user.js also borrow heavily from the ghack user.js).

      2. thebrowser said on February 25, 2020 at 8:26 am
        Reply

        Oops, I didn’t mean disable by toggle it, my bad. But still, what’s the difference between the first two addons? I’m really curious if there’s a benefit in using them separately.

      3. Damien said on February 25, 2020 at 4:06 pm
        Reply

        “But still, what’s the difference between the first two addons?”

        From what I understand, multi-account containers can provide permanent containers while temporary provides only temporary containers.

  2. Mr. Hand said on February 24, 2020 at 8:57 am
    Reply

    Good idea, but many years overdue for me, as I already use 3 different computers for different uses and each of those has at least 2 operating systems and a VM, and I use VPNs and clear/avoid all cookies and block trackers and ads, and I don’t share accounts between systems, and more… Also, I no longer use Firefox, but good info to know, thanks.

    I’m giving you an A+ for this report.

    1. Anon said on February 24, 2020 at 9:54 am
      Reply

      @Mr. Hand: You go on great lengths to play Minecraft, I give you that.

      1. Mr. Hand said on February 25, 2020 at 7:06 am
        Reply

        @Anon

        Well, whatever you gave me, it’s retarded blather.

  3. CraigS26 said on February 24, 2020 at 11:58 am
    Reply

    I use ESET EIS Security Suite with a Banking & Payment Protection feature (Protection against KeyStroke Loggers) and the two don’t seem to mix. The Ext installs for regular FF use BUT (ie) Financial sites setup to open in a Green-bordered BPP Window don’t recognize the Containers Ext and an attempt to Install it netted Install failed-Ext appears to be corrupt.
    I’m valuing Keystroke Logging over Privacy, so I uninstalled the Ext.
    IF anyone knows how to marry the two, much appreciated by a Not-An-IT-Pro.

  4. Anonymous said on February 24, 2020 at 1:27 pm
    Reply

    What about the tracking via Localstorage?

    1. Danniello said on February 24, 2020 at 3:24 pm
      Reply

      Not good.

      Firefox is not supporting removing site localStorage per container – it means that you could remove all localStorage or nothing (for example removing youtube.com localStorage in “Default” container will also remove YouTube settings in “Google YouTube” container).

      https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/Documentation#enable-localstorage-support

    2. Anonymous said on February 24, 2020 at 4:35 pm
      Reply

      Except the type of problems Danniello wrote about, the local storage is supposed to be separated by containers, like cookies, indexedDB, HTTP data cache, image cache, and any other areas supported by originAttributes, according to this source:

      https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers#What_is_.28and_isn.27t.29_separated_between_Containers

      History, bookmarks and Security Exceptions for Invalid TLS Certificates are not separated (yet).

      Saved passwords, saved search and form data, HSTS flags and OCSP responses are not separated, on purpose.

  5. Anonymous said on February 24, 2020 at 2:40 pm
    Reply

    I’ve tried it. It’s useless for me because the history is not isolated to each containers.

    1. skierpage said on February 24, 2020 at 4:50 pm
      Reply

      Why do you need history isolation? Web sites don’t have access to your history.

      1. Jonas said on February 24, 2020 at 11:05 pm
        Reply

        “Web sites don’t have access to your history.”

        Actually, there used to be a hack whereby websites could sometimes infer your history regarding other sites you had previously visited. It was an evil derivation of innocent code that some web developers (including me) had implemented: custom CSS code to change the color or style of a visited link, in a different way from the default style that websites back then used for visited links.

        Unfortunately for me, after I put a lot of work into my snazzy visited-links styling, the browsers all blocked such custom styling because of the evil tracking hacks (which didn’t even exist at the time I wrote my code). I (and other developers) were furious that the browser companies didn’t implement the fix in a more fine-grained way: they should have just blocked that kind of styling on links to _other websites_, but not to links on the same site, since the site owner can log what pages you visited on his own site anyway.

        I’m not aware of any history-sniffing hacks since then, but I wouldn’t bet that it’s not possible in some other way.

      2. Anonymous said on February 25, 2020 at 6:08 am
        Reply

        @skierpage
        read gerdneuman’s comment here
        https://github.com/mozilla/multi-account-containers/issues/47

    2. Anonymous said on February 25, 2020 at 5:35 am
      Reply

      That’s what profiles are for. Containers is about site isolation and for using multiple accounts / cookies of a site in the same profile.

  6. notanon said on February 25, 2020 at 12:56 am
    Reply

    @Ashwin, my reccommendation for your next article is DNS-over-HTTPS (Martin covered it, but he hasn’t used it & reported back about a longer-term user experience).

    IMO, everyone on Firefox should be using it (Chrome promised a general roll-out of DNS-over-HTTPS, but it hasn’t happened due to “technical issues” according to Google).

    You can add ESNI for even better results.

    And use a VPN, although, a good VPN cost money every month (whereas, DNS-over-HTTPS is free on Firefox).

    1. Ashwin said on February 25, 2020 at 8:09 am
      Reply

      Thank you for the suggestion. I’ll add it to my list.

  7. Torin Doyle said on February 29, 2020 at 5:54 pm
    Reply

    Can I have some containers with all/most addons disabled (i.e. as if they were in safe mode) and other containers with addons enabled?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.