Firefox's Multi-Account Containers add-on gets Site Isolation feature

Martin Brinkmann
Jul 12, 2020
Firefox, Firefox add-ons
|
46

Containers is an interesting feature that Mozilla implemented in the Firefox web browser some time ago. It provides users with a way to separate sites from each other, and benefits of doing so are clear: less tracking, improved privacy, and the ability to sign-in to multiple accounts in a single browsing session.

The Mutli-Account Containers add-on adds configuration options to the feature. You use it to create and edit containers, and to assign sites to containers. The extension ships with the four default containers personal, work, banking and shopping, and users may add more containers, rename existing ones, or customize them with different colors or icons.

Up until now, it was possible to assign certain sites to specific containers. An assigned site would always be opened in that particular container in Firefox to separate it from others.

The new major Firefox Multi-Account Containers release that just landed on Mozilla AMO introduces another feature: site isolation. Besides assigning sites to containers, it is now possible to limit containers to particular sites.

firefox containers limit to site

You may use the improved functionality to isolate sites similarly to how standalone extensions such as Facebook Container isolate Facebook from the rest of the browsing session.

Usage is straightforward. Load a site or sites in a particular container in Firefox, e.g. facebook.com. Select the Multi-Account Containers icon in the toolbar and activate the manage containers option in the interface that opens.

Select the container that you added the site or sites to, and check the "limit to designated sites" box on the page that opens.

Last step in the process is to open the sites again in a new tab and check the "always open in container" option to make sure that the site is opened in that container whenever it gets loaded in the browser.

You may use the site isolation feature to limit sites to specific containers, and make sure that only the selected sites do get opened in these containers.

The feature works really well for search engines. Say you assign Google Search or Bing Search to a container and make sure that only the search engine is opened in that container. Run a search and click on a result, and you will notice that the result is opened in a new tab outside the container. The same can be done for sites that post links that point to third-party resources, e.g. Reddit, Facebook, Pinterest, any search engine, or Twitter.

Now You: Do you use Firefox's Containers feature?

Summary
software image
Author Rating
1star1star1star1star1star
4.5 based on 16 votes
Software Name
Multi-Account Containers
Software Category
Browser
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Mike said on August 14, 2021 at 5:05 pm
    Reply

    I have to update my last comment about CSRF.

    You would have to check ‘always open in container’ to get isolation working.

    But when you have site isolation set up and try to open a link outside the isolated container, you are prompted by the extension in a new tab:

    > Open this site in your assigned container?
    >
    > You asked Firefox to always open Test for this site:
    > https://www.google.com/
    >
    > Would you still like to open in this current container?
    >
    > ? Remember my decision for this site
    >
    > Open in Current Container Open in Test Container

    As long as you don’t check ‘Remember my decision for this site’, you could rely on these prompts to avoid forgeries.

    Although, it seems unfortunate this cannot be avoided permanently. As soon as you check the box and ‘Open in Isolated Container’, you’re vulnerable.

  2. Mike said on August 14, 2021 at 4:38 pm
    Reply

    Where it says:

    > Last step in the process is to open the sites again in a new tab and check the “always open in container” option to make sure that the site is opened in that container whenever it gets loaded in the browser.

    I suggest not doing that because it exposes you to CSRF. The default setting keeps links sandboxed in the current container.

    https://jotter.jonathankingston.co.uk/blog/2017/04/04/containers-assignment/

    Manually open sensitive sites in a container. Don’t allow forged requests to automatically open there.

  3. DropZz said on July 14, 2020 at 8:10 am
    Reply

    @DuMuT6p

    > the difference between “First party isolation” and Containers

    If you have 2 Sites in the same Container they could read information about the other (eg. cookies). With FPI enabled every single Site (even in the same Container) is Isolated.

    btw. FPI does also isolate HSTS,OCSP, HPKP and DNS Cache.

    I would recommend using “Firefox Multi-Account Containers”, “Temporary Containers” and FPI enabled at the same time.

  4. Shadowed said on July 13, 2020 at 11:48 pm
    Reply

    Yes! Finally! To me, this is so needed and so obviously logical feature that at one moment I started analyzing extension code and working on this feature.
    This should be turned on by default.

  5. DuMuT6p said on July 12, 2020 at 11:28 pm
    Reply

    Hello Martin,
    I remember there was a comment here that said the difference between “First party isolation” and Containers – the second becoming absolute with the former enabled. Can you (or somebody else) please explain the interaction?

    The update adds a useful featrue feature, but changes to the interfac makes opening a new container tab take two clicks which is stupid. Mozilla really need some UX experts.

    1. DropZz said on July 14, 2020 at 8:22 am
      Reply

      @DuMuT6p

      > the difference between “First party isolation” and Containers

      If you have 2 Sites in the same Container they could read information about the other (eg. cookies). With FPI enabled every single Site (even in the same Container) is Isolated.

      btw. FPI does also isolate HSTS,OCSP, HPKP and DNS Cache.

      I would recommend using “Firefox Multi-Account Containers”, “Temporary Containers” and FPI enabled at the same time.

      1. DuMuT6p said on July 14, 2020 at 10:51 am
        Reply

        Thank you very much @DropZz.

  6. Abu Abdullah Jabir ibn Haiyan al-Asdi al-Sufi al-Omabi said on July 12, 2020 at 10:51 pm
    Reply

    The first most requested feature was the sync functionality which Mozilla introduced several months ago. This was the 2nd most requested feature. A big thanks to Mozilla.

  7. Mothy said on July 12, 2020 at 8:24 pm
    Reply

    Do you use Firefox’s Containers feature?

    No, I wouldn’t trust it. Instead when I do anything of sensitive nature (ex. requires user credentials especially online banking) I stick to the best security practice of visiting one site at a time via a single browser session. Before the session is even started I ensure the browser is closed and cookies and cache have been cleared. Then when done with the session I always use the site’s log off option then close the browser which again is set to clear cache and cookies. This ensures that no other site can access any cached info or cookies that may contain sensitive info.

    Granted, it’s not very convenient and creates extra work but it’s the ol’ axiom “Security is inversely proportional to convenience.” It also helps limit tracking and enhances privacy which is also assisted by the browser’s built-in blocking of third party cookies as well as a custom hosts file blocking ad networks, trackers and known malicious sites at the OS level.

  8. Paul(us) said on July 12, 2020 at 6:43 pm
    Reply

    Nice upgrade!
    I am loving this add-on. And there may be some problems like Rick A is pointing out before but it’s still doing a great job.

  9. Rick A. said on July 12, 2020 at 5:32 pm
    Reply

    @Rick A. = Myself – i get after reading it again. “limit to designated sites” will prevent other sites from opening in those containers. i shouldn’t speed read.

    Still, it shouldn’t be a Recommended extension until developers that know what they’re doing is working on it.

    And this websites commenting system is shit. i just posted the exact same comment and i get “You are posting comments too quickly. Slow down.”, even though the last comment i left on this site was many hours ago. So i go back and have to type everything again, or did it actually post? Stay tuned until next time on Word Press Bullshit.

  10. Anonymous said on July 12, 2020 at 3:45 pm
    Reply

    Finally! This and sync were holding me back. Now that both features are here – lets get it on!

  11. Esther said on July 12, 2020 at 1:37 pm
    Reply

    This powerful “TabTemporaryContainer” add-on (https://addons.mozilla.org/en-US/firefox/addon/tabcontainer/) is incredible efficient/lightweight, and can do the job! It simple opens every tab in new temporary container. Yeah, many add-ons can do the same, but again: This add-on is more efficient and lightweight.

    Each time the browser is launched, the add-on deletes all temporary containers, so users always will have new fresh temporary containers.

    Also, in same browser session this add-on keeps logged tabs, a very useful function for tab-manager or tab-groups or tab-session manager add-ons. Users can jump from one tab group to another, and this add-on always will keep tabs in same temporary containers.

    If users need to duplicate a logged tab (for example when same logged url needs to be opened in different tabs), no problem, this add-on can do that, so no need to login again… everything will be opened in same temporary container. In brief, you can open (for example) Facebook in different tabs with different logins, but also if you need you can open same logged Facebook page in different tabs (always keeping the same logged user).

    It’s worth mentioning that in Firefox, new tabs in new containers cause a kind of tab shaking, because the browse needs to replace the “no container” tab with a new “container” tab. Well, this powerful “TabTemporaryContainer” add-on yesterday was updated with a new feature that reduces this tab shaking, now is almost imperceptible.

    This add-on is an open-source and the Dev is very responsive and fast fixing or updating stuff.

  12. motang said on July 12, 2020 at 1:30 pm
    Reply

    This extension just gets better and better!

  13. tiff said on July 12, 2020 at 12:52 pm
    Reply

    Actually (strict) site isolation has been in chrome for quite a while. It’s a chrome flags option and all or nothing though, not site specific as far as I know.

  14. Rick A. said on July 12, 2020 at 12:45 pm
    Reply

    “Up until now, it was possible to assign certain sites to specific containers. An assigned site would always be opened in that particular container in Firefox to separate it from others.” –

    Yeah, we could always do that, but what does “limit to designated sites” actually do? it sounds the exact same to me. if we don’t check “limit to designated sites”, we can’t assign sites to containers anymore? i haven’t seen anything actually explaining “limit to designated sites” yet.

    i haven’t updated to 7.0.0 because the people who maintain this extension is incompetent.

    Just check the recent reviews, AND here’s my review copy and pasted,

    “How is this a Recommended Extension?

    Mozilla doesn’t have to follow their own rules?

    https://support.mozilla.org/en-US/kb/recommended-extensions-program

    https://github.com/mozilla/multi-account-containers/issues/1768

    https://github.com/mozilla/multi-account-containers/issues/1740

    https://github.com/mozilla/multi-account-containers/issues/1691

    https://github.com/mozilla/multi-account-containers/issues/572

    This problem has existed for so long and apparently no one knows how to fix it.

    And now you got the new Ui problem and new glitches, just check the recent reviews. So glad i knew not to update.”

    Not to mention it doesn’t get updated that often. Recommended, yeah…

  15. Tiff said on July 12, 2020 at 12:16 pm
    Reply

    Sounds like a good idea however 6 steps to setup a site isn’t “straightforward” for average users.

  16. Grundig said on July 12, 2020 at 11:58 am
    Reply

    Or use Temporary Containiers. Isolate every domain in new container and delete all data after 2 Minutes.
    Must have add-on for privacy besides uMatrix+uBlock Origin and also a proper VPN.

  17. Anonymous said on July 12, 2020 at 10:01 am
    Reply

    I use containers a lot to separate my work and personal accounts on the same browser. I have been waiting for this feature for a long time, and tried temporary containers add on, which achieves something similar but it was a bit complicated, so very happy to see this is implemented in the main containers addon.

  18. Tom Hawack said on July 12, 2020 at 9:30 am
    Reply

    I don’t use Firefox’s Containers feature myself. I understand its benefits but my browsing policy goes beyond : sites’ cookies and localStorage are cleaned as soon as I leave them unless exceptions (CookieAutodelete extension) and I’ve set to true Firefox’s built-in FPI (First Party Isolation). Just one profile. I don’t see in these circumstances what Firefox Containers would bring me more and the same applies to so-called Private Browsing. Be mentioned that I never have dozens of tabs opened (and should I, it wouldn’t change my approach). My philosophy has always been to use the browser’s fundamentals, if available for privacy, rejoice when they are improved, rather than rely on what I consider as gadgets intended for an easy set-and-forget approach. But I may be wrong.

    1. Rnk said on July 13, 2020 at 3:44 am
      Reply

      Sites can still track you using using Service Workers, Databases and Cache… Clearing Cookies and localStorage while leaving the more persistent data above does little for privacy. Unless you clear all browser data on restart, then Temporary Containers is the only solution until extensions can reliably manage all of that data per domain (First Party Isolation doesn’t help with repeated visits to a site, First party data isn’t cleared). I think FF78 gave extensions the ability to deal with that data per domain so they might actually be a decent alternative to the more robust containers soon. We’ll see.

      1. Tom Hawack said on July 13, 2020 at 9:56 am
        Reply

        @Rnk, I’d like to emphasize on what you wrote because this is essential IMO and, concerning myself, could possibly mean I’m missing something about a browser’s privacy, Firefox in this scenario. I personnaly clear all browser data on Firefox exit but let’s assume I didn’t and consider tracking data within a browsing session. Besides cookies and localStorage we do have indeed :

        – Cache : disk and memory. I recall the developer of an ancestor legacy add-on similar ro ‘Cookie Autodelete’ who had told me that disk cache included a lot of accessible data for tracking and when I asked him if this was true for memory cache (I don’t use disk cache myself) answered that memory cache was also accessible for trackers (hence as mentioned above by Zeta cleaning browsing data during a session (which will wipe cache as well) is a good idea.

        – IndexedDB unless controlled can contain a lot of data, maintained after exit unless the user has chosen to clean all on exit. For this purpose an extension such as ‘API-KIller-IndexedDB’ is welcomed.

        – Service Workers : there is a main switch in Firefox called ‘dom.serviceWorkers.enabled’ which, set to false, is meant to disable service workers. This is only one element amid the so-called ‘Web workers” which, I admit, entertain uncertainty in my mind. We may mention as well, ‘dom.push.enabled’ (false), ‘dom.push.userAgentID’ (“”), ‘dom.push.connection.enabled’ (false) and ‘dom.push.serverURL’ (“”).

        What I mean to say is this : if a user adds to what was previously mentioned (deleting cookies and localStorage) the above (plus maybe more settings, those included in the excellent Ghacks-user.js file) can we possibly imagine this as sufficient to aim a comparable anti-tracking environment as that proposed by Containers? Now I do realize that even if the answer is ‘yes’ one may wonder why bother to complicate things with settings when containers may handle it all? For the sake of curiosity? :=)

        Whatever, tracking is nowadays a ‘normalized’ approach among the GAFAM not to mention sites themselves, it’s considered as part of the deal. I, and many of us, just don’t consider this deal to be fair and remain aware, even if mistakes in the very conception of the arsenal of tracking tools may not include them all and especially their interaction (we see the left camera and forget the other one, on the right).

      2. DropZz said on July 13, 2020 at 3:06 pm
        Reply

        IMO: Using Container (Multi-Account Containers + Temporary Containers) with ghacks-user.js makes every other Data Wipe/Management Add-on redundant.

        The Addons you should use for the maximum Security/Privacy are these:

        Container (Multi-Account Containers + Temporary Containers)
        uMatrix (Whitelist mode/Block all)
        uBlock Origin (For Filter Lists and other Functions in the Settings)
        Noscript(Allow all JS; only used for XSS, ABE and Clickjacking protection)

      3. Anonymous said on July 14, 2020 at 1:14 am
        Reply

        Using NoScript with all JS allowed, for the additional protection, is a remarkable idea.

        I reinstalled NoScript and allowed all JS to test if browsing did not become hampered.
        However whatever I check-mark to be allowed, my streaming TV-site won’t start and the NoScript-icon marks 1 blocked item. When I click to temporarily-allow nothing improves, and I can not find what is blocked.

        So how did you set NoScript?

      4. DropZz said on July 14, 2020 at 7:49 am
        Reply

        @Anonymous

        >So how did you set NoScript?

        General Tab: uncheck “Disable restrictions globally (dangerous)” (Block js in uMatrix).
        Advanced Tab: check “Sanitize cross-site suspicious requests”

      5. Pants said on July 13, 2020 at 6:12 pm
        Reply

        @DropZz

        > makes every other Data Wipe/Management Add-on redundant

        Awww, what about my setup: block all cookies by default. The cookie permission controls all persistent web storage (cookies, localStorage, sessionStorage, IDB, service worker cache: appCache is disabled). Only allow cookies for sites you log into. Which for me is about 4 sites (and I would only ever want to use them when logged in). I don’t need to do any sanitizing.

        That said, a handful (five?) of other sites I use need a cookie to function, so I allow a session cookie exception and then block it being read back via header in uMatrix (not perfect, JS can bypass this), but I don’t generally have long lived sessions: and I have the usual suspects working: uBO/uMatrix in very tight configs, prefs on like FPI etc.

        Still, TC in hardened mode is superb and offers way more flexibility (and solves cross domain logins if not using FPI)

      6. Iron Heart said on July 14, 2020 at 3:27 pm
        Reply

        @Pants

        So, I agree that blocking all cookies would be best in theory, but this is not workable in real life setups, because blocking cookies breaks login forms especially. Maintaining a cookie whitelist is also tiresome, and is not better than Tom Hawack’s approach (which I do agree on), which is to delete cookies upon closing tabs. Now, I know that Cookie AutoDelete cannot clear all persistent data, even though the dev would like to (say browsers lack certain APIs), but it’s definitely more workable.

        First Party Isolation is also known to still break stuff.

      7. Pants said on July 15, 2020 at 8:13 pm
        Reply

        > First Party Isolation is also known to still break stuff

        FPI was developed for Tor Browser. It’s not even forward facing in Firefox: there’s no GUI for it. There is no way Firefox could ever introduce FPI to users because of the cross-domain login flows that get broken: like google which is not an insignificant number of users.

        The thing about Tor Browser it’s not really an issue, I’m guessing given the nature of the users and OpSec etc: we know this because we haven’t heard much about it being a problem for them. Some breakage was reduced behind a pref, but ultimately it only fixed a handful of sites that we know of.

        If you can use FPI in Firefox, great. Otherwise TC in a hardened mode does most of what FPI does: FPI covers a lot: web content, persistent/session web storage, OCSP, shared workers, SSL session caches, media cache, HSTS, HPKP, HTTP Alt Services, HTTP2, DNS cache, blob URIs, IP addresses, IPv6, site permissions and more. TC covers almost all of those

        The way some sites use their cross domain login flows is not something that is easily solvable, if at all. All browsers face this issue: as in, if you’re not going to login it’s good (e.g. tracker blocked or FPI used as it’s not first party), but if you’re are then you it’s broken. Kind of a chicken and egg thing IMO

        The best that can be done is to minimize the breakage, which is what dFPI is. dFPI is what will be front facing for Firefox users. It’s already in the GUI and enabled in Nightly. But it will take a little while to get properly sorted out. dFPI will have the same parity as FPI but is slightly more relaxed: how they do that is, I think, some allowlisting with maybe some other criteria: such configs of postMessage and origin attributes (that earlier pref option I mentioned), maybe user interaction detection with the site, I’m not sure

        Tor Browser will continue to use FPI. If you use FPI in Firefox, the dFPI setting is ignored (so most strict so to speak)

      8. Tom Hawack said on July 15, 2020 at 11:57 am
        Reply

        Blocking all cookies by default is a real problem only when First Party Isolation (FPI) is enabled. Why?

        With FPI the user can change a site’s cookie authorization (let’s say as an exception to defaut=block all cookies) ONLY from Firefox’s ‘Page Info’. The change will appear in about:preferences#privacy / Cookies and Site Data / Manage Permissions > [https://searx.info^FirstPartyDomain=searx.info] (I add the brackets here). With FPI it is not possible to add manually an entry such as searx.info .. Allow.

        The problem is that if cookies are all blocked by default, FPI is enabled and you need to login to a site, from Firefox’s ‘Page Info’ you’ll make an Allow exception for that site, but it’ll include only that site and not its subdomains. Example : I need to login to example.com, I allow example.com from The Page Info, OK. But I’m likely to encounter a login issue if that site will need to set a cookie for, say, one.example.com. I’d have to open one.example.com myself if it doesn’t appear in the login process but one.example.com may not be directly accessible by the user : I’m stuck then.

        So, as I see it, blocking all cookies with Allow exceptions is OK without FPI only.
        Which is why, with the ‘Cookie Autodelete’ extension I manage to set cookies for session by default and have the site’s cookies AND localStorage (option) removed when either the Domain is either closed or changed (option). Domain Change means that it’s cookies will be removed if the user opens a new site in the same tab, and I advise to avoid that. Domain Leave means its cookies are removed once the site has been EXITED. This distinction between Domain Change and Domain Closed is available in ‘Cookie AutoDelete’ but not in a similar extension I used before, ‘ForgetMeNot’ which has only a ‘Snooze Mode’ (stop temporarily removing cookies) which one must remember to initiate when in a chained scheme which opens a page after another in the same tab…).

        To be noted : I’ve discovered two things,

        1-
        Firefox 77 supports learing IndexDB by hostname : https://bugzilla.mozilla.org/show_bug.cgi?id=1551301.
        Firefox 77 also supports clearing ServiceWorkers by hostname: https://bugzilla.mozilla.org/show_bug.cgi?id=1632990.
        Firefox 78 supports clearing cache and pluginData by hostname: https://bugzilla.mozilla.org/show_bug.cgi?id=1636784.

        2- The ‘Cookie AutoDelete’ above mentioned extension will handle these changes in upcoming version 3.5.0.

        Again, I’m not an expert to put it mildly, just trying to get the best to defeat the beast :)

      9. Tom Hawack said on July 15, 2020 at 12:03 pm
        Reply

        End of my comment has been truncated, again (happens once in a while). I had wrritten :

        To be noted : I’ve discovered two things,

        1-
        Firefox 77 supports learing IndexDB by hostname : https://bugzilla.mozilla.org/show_bug.cgi?id=1551301.
        Firefox 77 also supports clearing ServiceWorkers by hostname: https://bugzilla.mozilla.org/show_bug.cgi?id=1632990.
        Firefox 78 supports clearing cache and pluginData by hostname: https://bugzilla.mozilla.org/show_bug.cgi?id=1636784.

        2- The ‘Cookie AutoDelete’ above mentioned extension will handle these changes in upcoming version 3.5.0.

        Again, I’m not an expert to put it mildly, just trying to get the best to defeat the beast :)

      10. Iron Heart said on July 15, 2020 at 2:44 pm
        Reply

        @Tom Hawack

        Okay, so this is what I do: I have set Brave to block known cross-site tracking cookies, these cookies aren’t being set in the first place. That leaves mostly first party cookies and cross-site cookies that are legitimate. I allow those because I want to avoid site breakage as much as possible. These cookies will be set, but they will be deleted via Cookie AutoDelete immediately after the related tab was closed. Of course I also clear the IndexedDB storage at the same time, needless to say. Last but not least, I have set Brave to delete cookies + cache upon closing the browser, this will get rid of all cookies that are left from the last session tabs. So my method is: The cookie can be set, it allows the website to work correctly while I use it, and I get rid of the cookie once the tab is closed – best solution IMHO.

        To be honest, I was never really tempted to whitelist any cookie, except for the cookie YouTube uses to remember the autoplay status (I hate YouTube’s autoplay with a passion). Since there was no way in hell I would whitelist a YouTube (Google) cookie, especially if I don’t know what else the cookie might do, I had to find another solution. I made use of an option in Enhancer for YouTube (extension developed by MaximeRF) that allowed me to disable autoplay via a separate script run by the extension. This way I disabled YouTube’s autoplay without having had to whitelist the cookie. As said, apart from that occasion, I never felt inclined to whitelist any cookie, I prefer the Cookie AutoDelete + blocking cross-site tracking cookies method.

        It’s an urban myth, by the way, that Chromium cannot isolate website data. You can have extremely strong isolation in Chromium (or Brave in my case) if you use multiple browser profiles for different activities. Trying to isolate things within the same profile, like Firefox attempts to do, causes problems that you simply do not have if you just use multiple (full) profiles for different activities. But to be honest with you, I doubt many people bother would to do that, and for most people the Cookie AutoDelete approach would suffice, cookies don’t survive long with that method anyway.

      11. Rnk said on July 15, 2020 at 8:33 pm
        Reply

        @Iron Heart

        It’s no myth, it’s a fact that chromium cannot isolate data. Using multiple profiles is kind of a workaround, but you have to deal with the downsides of, you know, using multiple profiles, and still you don’t have the option to isolate first party data within those profiles. I really don’t see how that setup is any better or less problematic (?) than Firefox Containers, which are set and forget. I’m interested to see how the Brave team repurposes profiles to achieve actual containers though.

      12. Iron Heart said on July 16, 2020 at 7:11 am
        Reply

        @Rnk

        The number of profiles you can create in Chromium is unlimited, you can also rename them (perhaps name them after you activities) if you so wish. I can also quickly access them via the “Profile” entry in Chromium’s menu bar (Chromium, like any other application, uses a menu bar on macOS), so access is convenient as well. Cookie AutoDelete, if it’s present in all those profiles, will also get rid of website data after you have closed the related tab. I find this to be highly workable.

        Plus, Brave has a Tor mode, which is not exactly a replacement for Tor browser simply because it doesn’t produce the same fingerprint, but it works well enough for just isolating data from your main profile – the Tor mode is a separate profile already, and it does only retain the data private mode would also retain – which is to say not much at all.

      13. Tom Hawack said on July 15, 2020 at 8:07 pm
        Reply

        @Iron Heart, I’m proceeding the same way (or almost) but with Firefox.

        3rd-party cookies are blocked : network.cookie.cookieBehavior = 1
        Cookies lifetime set to session : network.cookie.lifetimePolicy = 2

        Whitelisting cookies (the very few I prefer to keep) means setting their lifetime to ‘until they expire’ :
        From Firefox’s ‘Page Info’ I’ll allow cookies for its site (rather than default=session)
        In ‘Cookie AutoDelete’ I’ll whitelist the domain or sub-domain

        As you I’ve set Firefox to clean all on exit, except Cookies and Site Preferences (session cookies are always removed on exit, others are those i’ve allowed as above mentioned). Cleaning all cache included though cleaning cache here means peanuts given i’ve disbled disk cache and have it all in memory set to 1GB.

        About YouTube : you must know that many scripts are YouTube dedicated, GreasyFork is the best grocery I know, I run several scripts found there. I used to block YouTube together with a few other sites of which Google. I don’t anymore and my policy is to block cookies only for sites that feed my IndexedDB folder (even if their data is cleaned at Firefox exit unless they have cookie allowed) for an irrational reason : data storage in a user’s profile is getting on my nerves. Too much. A cookie should be the only data from there to here. Even localStorage is a joke, shouldn’t exist; I know sites that use it instead of plain cookies -> you wipe your cookies, return to those sites and find out your settings remained : localStorage, all in webappstore.sqlite here on Firefox : what the heck? Many years ago took me an afternoon to find out why settings remained whilst I had deleted the cookies! A PAIN.

        Anyway, to get back to my first comment, the idea remains that, on Firefox, FPI, most valuable it may be, is not a no-cookie policy’s friend. Either enable FPI and find work-arounds with session-only cookies — either disable FPI, set cookies’ policy to block all and then perform exceptions from Firefox’s dedicated Options section where a allow example.com will allow its subdomains and make things easier. The idea is that FPI is obviously not yet properly handled by Firefox.

        About Brave, your friend as Firefox is mine, I don’t use it, never tried it; all I can say is that if, for one reason or another (a very good reason) I was to abandon my cherished browser I’d most likely opt for Brave, despite some users’ insistance (lol) and because of what I read about that browser. To make it short Brave is perhaps the best choice after… Firefox, lol. Seriously, we all (maybe not all, let’s say we’re many to) try to do our best with the web, networks, browsers … often with this Club (not to say sectarian) mentality which is that our choice is the best. Who knows what the best is (not even dads and ‘father knows Best’ is a charming US/sixties myth!). From there on let us all share rather than oppose, yeah!

      14. Iron Heart said on July 16, 2020 at 12:29 pm
        Reply

        @Tom Hawack

        I think you have implemented a rather sane setup here and concerns regarding browsing data apart from cookies are sensible in nature, and in no way irrational. Because users are increasingly aware of cookies, advertisers try out more sneaky methods like other persistent data, or fingerprinting (which is rather mainstream now, too), or even stuff like TLS tracking.

        [Editor: please stay on topic]

      15. DropZz said on July 14, 2020 at 7:41 am
        Reply

        @Pants

        > what about my setup

        Disabling some of these can cause breakage that’s why i prefer Temp Container but otherwise that config should be fine too.

        The Sites i log in are in a consistent container everything else gets deleted after its closed.

    2. Zeta said on July 13, 2020 at 1:57 am
      Reply

      I’m with Tom on this approach. Instead of Containers, which I find to be a bit of a pfaff, I use Cookie AutoDelete and First Party Isolation.

      I also use the “Clear Browsing Data” extension for a one-click on-command way of doing what Cookie AutoDelete does automatically. Yes, I know there’s a way of doing this in Cookie AutoDelete, this just saves me a couple of clicks.

  19. Thiago said on July 12, 2020 at 9:22 am
    Reply

    Firefox use much memory ram if compared with your competitors Chrome and browsers based in chromium engine, for example, Microsoft Edge (I use).

    1. matthiew said on July 14, 2020 at 6:31 am
      Reply

      That really depends on what extensions you are using. Personally I found Chrome’s ram usage to be much higher than Firefox’s.

      1. Thiago said on July 18, 2020 at 11:04 pm
        Reply

        I use a extension only (Adguard). But consume of Firefox is high here.

      2. Anonymous said on July 15, 2020 at 10:10 pm
        Reply

        Agreed. Your mileage may vary but FF is not the worst offender in my book. If you have things like tampermonkey things can get sideways quick.

  20. Peter said on July 12, 2020 at 8:51 am
    Reply

    Is there something similar for chrome/edge ?

    1. Iron Heart said on July 12, 2020 at 12:37 pm
      Reply

      You can achieve the same by using multiple profiles for different activities in Chrome / Edge.

      Though worrying about privacy in Chrome / Edge is a bit grotesque, seeing how they phone home to the mothership frequently.

      1. wolfkin said on July 13, 2020 at 3:36 pm
        Reply

        what a bunch of killjoys sometimes it’s about privacy in general but about privacy in the specific. Maybe we have facebook accounts but don’t want facebook to have access to every site we go to. Maybe we want not complete privacy but isolation. Maybe you don’t mind a site having your information for itself but don’t want it to know everywhere else you do. Maybe some sites are affected by this like airline ticket shopping. Heck containers also are easier to manage than profiles in chrome. I can open a container named sister and now I can log in as my sister to correct our address on her Amazon or show her in her email where I sent a document.

        I’ not saying the big brother privacy concerns aren’t real. They are and they’re terrifying but it’s not an all or none game. It’s okay to be only primarily concerned about privacy to a point. yeesh.

    2. Herold said on July 12, 2020 at 12:01 pm
      Reply

      You don’t need this if you use chrome/edge. I don’t get why you even bother about privacy.
      Here Google/Microsoft. Here is everything you need to know about my life. Get if for free…

    3. ShintoPlasm said on July 12, 2020 at 9:48 am
      Reply

      Not as far as I know. This is still one of Firefox’s USPs.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.