Contextual Identities on the Web

67

The Containers Feature in Firefox Nightly enables users to login to multiple accounts on the same site simultaneously and gives users the ability to segregate site data for improved privacy and security.

We all portray different characteristics of ourselves in different situations. The way I speak with my son is much different than the way I communicate with my coworkers. The things I tell my friends are different than what I tell my parents. I’m much more guarded when withdrawing money from the bank than I am when shopping at the grocery store. I have the ability to use multiple identities in multiple contexts. But when I use the web, I can’t do that very well. There is no easy way to segregate my identities such that my browsing behavior while shopping for toddler clothes doesn’t cross over to my browsing behavior while working. The Containers feature I’m about to describe attempts to solve this problem: empowering Firefox to help segregate my online identities in the same way I can segregate my real life identities.

With Containers, users can open tabs in multiple different contexts – Personal, Work, Banking, and Shopping.  Each context has a fully segregated cookie jar, meaning that the cookies, indexeddb, localStorage, and cache that sites have access to in the Work Container are completely different than they are in the Personal Container. That means that the user can login to their work twitter account on twitter.com in their Work Container and also login to their personal twitter on twitter.com in their Personal Container. The user can use both accounts in side-by-side tabs simultaneously. The user won’t need to use multiple browsers, an account switcher[1], or constantly log in and out to switch between accounts on the same domain.

User logged into work twitter account in Work Container and personal twitter account in Personal Container, simulatenously in side-by-side tabs

Simultaneously logged into Personal Twitter and Work Twitter accounts.

Note that the inability to efficiently use “Contextual Identities” on the web has been discussed for many years[2]. The hard part about this problem is figuring out the right User Experience and answering questions like:

  • How will users know what context they are operating in?
  • What if the user makes a mistake and uses the wrong context; can the user recover?
  • Can the browser assist by automatically assigning websites to Containers so that users don’t have to manage their identities by themselves?
  • What heuristics would the browser use for such assignments?

We don’t have the answers to all of these questions yet, but hope to start uncovering some of them with user research and feedback. The Containers implementation in Nightly Firefox is a basic implementation that allows the user to manage identities with a minimal user interface.

We hope to gather feedback on this basic experience to see how we can iterate on the design to make it more convenient, elegant, and usable for our users. Try it out and share your feedback by filling out this quick form or writing to containers@mozilla.com.

FAQ

How do I use Containers?

You can start using Containers in Nightly Firefox 50 by opening a New Container Tab. Go the File Menu and select the “New Container Tab” option. (Note that on Windows you need to hit the alt key to access the File Menu.) Choose between Personal, Work, Shopping, and Banking.

Use the File Menu to access New Container Tab, then choose between Personal, Work, Banking, and Shopping.

Notice that the tab is decorated to help you remember which context you are browsing in. The right side of the url bar specifies the name of the Container you are in along with an icon. The very top of the tab has a slight border that uses the same color as the icon and Container name. The border lets you know what container a tab is open in, even when it is not the active tab.

User interface for the 4 different types of Container tabs

You can open multiple tabs in a specific container at the same time. You can also open multiple tabs in different containers at the same time:

User Interface when multiple container tabs are open side-by-side

2 Work Containers tabs, 2 Shopping Container tabs, 1 Banking Container tab

Your regular browsing context (your “default container”) will not have any tab decoration and will be in a normal tab. See the next section to learn more about the “default container”

Containers are also accessible via the hamburger menu. Customize your hamburger menu by adding in the File Cabinet icon. From there you can select a container tab to open. We are working on adding more access points for container tabs; particularly on long-press of the plus button.

User Interface for Containers Option in Hamburger Menu

How does this change affect normal tabs and the site data already stored in my browser?

The containers feature doesn’t change the normal browsing experience you get when using New Tab or New Window. The normal tab will continue to access the site data the browser has already stored in the past. The normal tab’s user interface will not change. When browsing in the normal context, any site data read or written will be put in what we call the “default container”.

If you use the containers feature, the different container tabs will not have access to site data in the default container. And when using a normal tab, the tab won’t have access to site data that was stored for a different container tab. You can use normal tabs along side other containers:

User Interface when 2 normal tabs are open, next to 2 Work Container tabs and 1 Banking Container tab

2 normal tabs (“Default Container tabs”), 2 Work Container tabs, 1 Banking Container tab

What browser data is segregated by containers?

In principle, any data that a site has read or write access to should be segregated.

Assume a user logins into example.com in their Personal Container, and then loads example.com in their Work Container. Since these loads are in different containers, there should be no way for the example.com server to tie these two loads together. Hence, each container has its own separate cookies, indexedDB, localStorage, and cache.

Assume the user then opens a Shopping Container and opens the History menu option to look for a recently visited site. example.com will still appear in the user’s history, even though they did not visit example.com in the Shopping Container. This is because the site doesn’t have access to the user’s locally stored History. We only segregate data that a site has access to, not data that the user has access to. The Containers feature was designed for a single user who has the need to portray themselves to the web in different ways depending on the context in which they are operating.

By separating the data that a site has access to, rather than the data that a user has access to, Containers is able to offer a better experience than some of the alternatives users may be currently using to manage their identities.

Is this feature going to be in Firefox Release?

This is an experimental feature in Nightly only. We would like to collect feedback and iterate on the design before the containers concept goes beyond Nightly. Moreover, we would like to get this in the hands of Nightly users so they can help validate the OriginAttribute architecture we have implemented for this feature and other features. We have also planned a Test Pilot study for the Fall.

To be clear, this means that when Nightly 50 moves to Aurora/DevEdition 50, containers will not be enabled.

How do users manage different identities on the web today?

What do users do if they have two twitter accounts and want to login to them at the same time? Currently, users may login to one twitter account using their main browser, and another using a secondary browser. This is not ideal, since then the user is running two browsers in order to accomplish their tasks.

Alternatively, users may open a Private Browsing Window to login to the second twitter account. The problem with this is that all data associated with Private Browsing Windows is deleted when they are closed. The next time the user wants to use their secondary twitter account, they have to login again. Moreover, if the account requires two factor authentication, the user will always be asked for the second factor token, since the browser shouldn’t remember that they had logged in before when using Private Browsing.

Users may also use a second browser if they are worried about tracking. They may use a secondary browser for Shopping, so that the trackers that are set while Shopping can’t be associated with the tasks on their primary browser.

Can I disable containers on Nightly?

Yes, by following these steps:

  1. Open a new window or tab in Firefox.
  2. Type about:config and press enter.
  3. You will get to a page that asks you to promise to be careful. Promise you will be.
  4. Set the privacy.userContext.enabled preference to false.

Can I enable containers on a version of Firefox that is not Nightly?

Although the privacy.userContext.enabled preference described above may be present in other versions of Firefox, the feature may be incomplete, outdated, or buggy. We currently only recommend enabling the feature in Nightly, where you’ll have access to the newest and most complete version.

How is Firefox able to Compartmentalize Containers?

An origin is defined as a combination of a scheme, host, and port. Browsers make numerous security decisions based on the origin of a resource using the same-origin-policy. Various features require additional keys to be added to the origin combination. Examples include the Tor Browser’s work on First Party Isolation, Private Browsing Mode, the SubOrigin Proposal, and Containers.

Hence, Gecko has added additional attributes to the origin called OriginAttributes. When trying to determine if two origins are same-origin, Gecko will not only check if they have matching schemes, hosts, and ports, but now also check if all their OriginAttributes match.

Containers adds an OriginAttribute called userContextId. Each container has a unique userContextId. Stored site data (i.e. cookies) is now stored with a scheme, host, port, and userContextId. If a user has https://example.com cookies with the userContextId for the Shopping Container, those cookies will not be accessible by https://example.com in the Banking Container.

Note that one of the motivations in enabling this feature in Nightly is to help ensure that we iron out any bugs that may exist in our OriginAttribute implementation before features that depend on it are rolled out to users.

How does Containers improve user privacy and security?

The Containers feature offers users some control over the techniques websites can use to track them. Tracking cookies set while shopping in the Shopping Container won’t be accessible to sites in the Personal Container. So although a tracker can easily track a user within their Shopping Container, they would have to use device fingerprinting techniques to link that tracking information with tracking information from the user’s Personal Container.

Containers also offers the user a way to compartmentalize sensitive information. For example, users could be careful to only use their Banking Container to log into banking sites, protecting themselves from potential XSS and CSRF attacks on these sites. Assume a user visits attacker.com in an non-banking-container. The malicious site may try to use a vulnerability in a banking site to obtain the user’s financial data, but wouldn’t be able to since the user’s bank’s authentication cookies are shielded off in a separate container that the malicious site can’t touch.

Is there any chance that a tracker will be able to track me across containers?

There are some caveats to data separation with Containers.

The first is that all requests by your browser still have the same IP address, user agent, OS, etc. Hence, fingerprinting is still a concern. Containers are meant to help you separate your identities and reduce naive tracking by things like cookies. But more sophisticated trackers can still use your fingerprint to identify your device. The Containers feature is not meant to replace the Tor Browser, which tries to minimize your fingerprint as much as possible, sometimes at the expense of site functionality. With Containers, we attempt to improve privacy while still minimizing breakage.

There are also some bugs still open related to OriginAttribute separation. Namely, the following areas are not fully separated in Containers yet. Update: All of these bugs have been fixed.

  • [Fixed October 2016] Some favicon requests use the default container cookies even when you are in a different container – Bug 1277803
  • [Fixed July 2016] The about:newtab page makes network requests to recently visited sites using the default container’s cookies even when you are in a different container – Bug 1279568
  • [Fixed August 2016] Awesome Bar search requests use the default container cookies even when you are in a different container – Bug 1244340
  • [Fixed July 2016] The Forget About Site button doesn’t forget about site data from Container tabs – Bug 1238183
  • [Fixed August 2016] The image cache is shared across all containers – Bug 1270680

We are working on fixing these last remaining bugs and hope to do so during this Nightly 50 cycle.

How can I provide feedback?

I encourage you to try out the feature and provide your feedback via:

Thank you

Thanks to everyone who has worked to make this feature a reality! Special call outs to the containers team:

Andrea Marchesini
Kamil Jozwiak
David Huseby
Bram Pitoyo
Yoshi Huang
Tim Huang
Jonathan Hao
Jonathan Kingston
Steven Englehardt
Ethan Tseng
Paul Theriault

Footnotes

[1] Some websites provide account switchers in their products. For websites that don’t support switching, users may install addons to help them switch between accounts.
[2] http://www.ieee-security.org/TC/W2SP/2013/papers/s1p2.pdf, https://blog.mozilla.org/ladamski/2010/07/contextual-identity/
[3] Containers Slide Deck

Categories: Browser Security

67 responses

  1. David Mercer wrote on :

    A link to Nightly, especially in the FAQ section, would be great

    1. Tanvi Vyas wrote on :

      Thanks for the suggestion! I have added a link: https://nightly.mozilla.org/

  2. Stephan Sokolow wrote on :

    We are working on adding more access points for container tabs; particularly on long-press of the plus button.

    Whatever happened to right-click? This IS still a desktop application, is it not?

    (The whole point of having two mouse buttons, rather than a long press, is that it’s both quicker to use and more discoverable.)

    1. Tanvi Vyas wrote on :

      Actually we do have a right click menu option as well, to Open Link in Container Tab and then choose the container you’d like to open the link in. I didn’t mention it in my post. Thanks for pointing it out!

      1. cpdt wrote on :

        I believe Stephan was referring to right-clicking the plus button, not just right-clicking a link. To me, it makes more sense (and would be faster) to right-click the new tab button to create a tab in a context, rather than click and hold.

        1. Stephan Sokolow wrote on :

          Exactly. I’d never think that long-pressing might do anything different on a desktop. In fact, when I first got access to mobile apps, it took me a while to discover that context menus were possible.

          The #1 rule of good UI design is consistency and, since long-pressing on a phone is a somewhat time-inefficient surrogate for having a second mouse button, that means that, in this desktop app, the feature should be accessed by right-click.

          Now, if you’re proposing implementing it as right-click, but then aliasing long-press to right-click across the entire Firefox UI to try to unify the desktop and tablet workflow in a consistent manner, maybe would could have a discussion.

          (Admittedly, I think trying to use the same UI for both a touch device and a device with keyboard and precise pointing device (mouse) will inevitably cripple and cheapen the UI for desktop users, but I’m willing to be convinced otherwise.)

    2. Ahmed wrote on :

      The advantage of long-pressing a button then moving to a dropdown element is that it’s 1 click vs 2 clicks. I think they are referring to the behavior you see when maintaining a click on a menu item, the move the cursor over the element you want and release your click… certainly more convenient than right (or left) clicking, then moving your cursor and left clicking on the element. (which you can also do with menus, but I find more annoying)

  3. Amazing wrote on :

    And give me please options to set default context for pages

    i.e
    Gmail => persoanl
    Google search => Shopping

    So you say right now I will be able to control better my privacy :0

    Also this options shoule be enable default
    Accept third-part cookies: From visited

  4. nonsa wrote on :

    Awesome this is the kind of thing that will help firefox gain back chrome users. As a long time privacy advocate and firefox user, thank you. More features like this please. Tor integration would be nice too and the ability to return generic data for apis that can be fingerprinted

  5. aaaa wrote on :

    What do you use Containers for? *
    More privacy, isolating identities

    How many Containers do you usually open in a browsing session?
    Two or more

    Do you use different Containers side-by-side or one-at-a-time?
    Side-by-side

    Do you like the Containers feature?
    awesome!

    Will you recommend Containers to a friend?
    Yes

    Do you have additional feedback?

    It would be cool to have the option of forcing certain containers to use certain proxy settings and an optional persona for each container to help further visually distinguish each one. Like the QuebesOS appVM approach.

    Privacy and security features are sorely lacking in browsers today. Chrome has increased security but with the big brother overlord Google waiting at every turn. Mozilla have some great addons but are still missing sandboxing , I know it is a work in progress and that development is slowed down by legacy code where as the others could build new browser engines from the start. That being said Firefox, the Tor browser and Brave are the only private options available for anyone serious about protecting themselves.

    The brave browser seems to be doing some things right by building in options such as adblocking, anti fingerprinting and https everywhere by default. This is the right approach privacy by design. Anything that would compromise user privacy must be opt in and have an option to disable it.

    I would love to see Mozilla focus more on initiatives like the one above and really implement as much of the suggestions by the torproject as possible.

    For instance all of the addons I use are to protect myself online. It would be great if I could install the browser for friends and family and know they will be protected from fingerprinting, malvertising, tracking via third party cookies and etags and so on.

    Each time I see new shiny javascipt API’s in a new version of firefox the first thing I am concerned with is how can I stop this from being used against me, like they generally end up doing.

    I would love an option to return a standard device fingerprint for every firefox user built into the code so if you checked a preference javascript would always get the same values. This would really help Tor users.

    Also please consider not using google docs. They have enough information already.

    Thank you

  6. Jason wrote on :

    Why can’t each tab or page be automatically and individually containerized? Without having to have contexts defined either. Wouldn’t this provide the best security and privacy via isolation with no hoops for the user to jump through? At least consider it as an optional mode of operation for this feature.

    1. Simon wrote on :

      Presumably if every tab were individually containerized, you’d break stuff – opening sub-pages in new tabs would fail because the new tab wasn’t sharing authentication cookies with the initial page.

  7. Chris wrote on :

    Do containers partition Flash’s Local Shared Objects? If not, then advertisers can track users across containers using Flash cookies.

    1. Matt wrote on :

      Containers don’t force Flash to follow this new convention. However, the NPAPI could be updated to allow the plugin to be container-aware, and then plugins can play nicely with Firefox’s enhanced privacy model. https://bugzilla.mozilla.org/show_bug.cgi?id=1280626

  8. Simon wrote on :

    So, as a developer, I often have a number of instances of the same web app running on the same machine (on different ports) – right now, it’s not possible to be logged in to two of them at once, because they overwrite each others session-management cookies.

    It sounds like these containers will solve that problem – however, would there be any way to automate their setup, such that anything hitting “https://hostname:10001” automatically goes into a container, and anything hitting “https://hostname:10002” automatically goes into a second container?

    1. Charles wrote on :

      That is the typical user cases that an add-on can to fill, after this feature gains some traction.

  9. Nowan wrote on :

    How is this going to interact with tools like Self Destructing cookies? Will extensions be able to configure different behaviors based on containers?

  10. janw.oostendorp wrote on :

    This looks a loot like my current setup.
    2 profiles with the same sync user.

    Pretty sure I’ll use this the same way.
    I won’t use mixed tabs. I don’t want the distraction of private stuff during work.

    How will the design be of pinned tabs?

  11. bmn wrote on :

    Firefox is so much better than chrome

  12. Mark Tyndall wrote on :

    You probably want to get together with the accessibility group to find colours which work for the widest range of people with colour vision issues.
    (For me, the work and banking colours in your examples are basically indistinguishable.)

  13. Will wrote on :

    Fun!

    Though the icon of “work” looks to much like a lock, which might be misleading people to think it’s a https-connected website.

  14. Sam wrote on :

    It would be nice to be able to customize the names associated with the identities. Instead of forcing “Personal”, “Work”, “Banking”, and “Shopping”, it would be nice to be able to modify those (or add more). I could see this being useful when you have multiple people using a shared PC that is always logged in (think parents/kids).

  15. Evan wrote on :

    Awesome feature.

    Automatically segregating bank websites into their own context would be ideal even for people who are not even aware of the feature.

    It would also be nice to “switch” contexts. For example, say you click on a link in an email. It would be better to launch that into it’s own context and then later change contexts if the link isn’t malicious.

    I think there should be an option to automatically launch all third-party websites into their own context similar to how you can block third-party cookies.

    Imagining the possibilities. Picture an addon that allows you to launch external js into different contexts as long as you enhance the API to allow for that. Imagine downloading google analytics code off of tor or some other proxy, but the rest of the site through your real ip. You could proxy anything that tracks you assuming you allow for proxying individual contexts. Or for performance reasons (or censorship), use a different proxy if it has a more direct connection to a third party include.

    Is there any reason to run flash in the same context? What exactly is perfectly safe to run in a completely different context?

    I’ve recently switched to Chrome + uMatrix after using the FF nightly + NoScript for a year, but this may bring me back. This is a great feature that brings about wonderful opportunity if full developed like things used to be done.

    1. Evan wrote on :

      Maybe auto-contexualize websites that use an EV cert into a banking container.

      Not so sure if splitting proxies is a good idea now that I think about it. Still great feature, though.

  16. Florian wrote on :

    As a former user of the “priv8” add-on which would do exactly the same kind of thing for pre-e10s versions of Firefox, I’m just sooooo relieved to see this feature in my Nightly, I was really missing that !!!

    Now I still miss 3 features ( or “story”) to be totally happy :

    – being able to create my own containers ( I’d like multiple “Website X” containers, which would not fit with the provided ones ) and choose their color/icon.
    This should definitively be a core feature

    – the possibility to “bind” a website to a/multiple container/s ( and magically provide a list of possible containers when going on the website from an “unbound” container / no container at all ), both for avoiding tracking ( I currently avoid going on Facebook,etc. because I would only do it in a proper container to avoid too much tracking ), and for development (because I am a web developer).
    Probably/Maybe this feature should be for power users, as an add-on (like tab-groups are now)

    – being able to switch the current tab into a container, and know if I used a container for accessing this website before ( by checking cookies/ localstorage would be enough I guess, because if the website is stateless, the container would probably not matter that much).
    Better yet, provide some kind of UI tip (tooltip including colored icons of the containers ?) on a link if I ever used the destination url in a/multiple container/s (and maybe up to the domain without path / port ). I guess this can be done as an add-on for power users as well

  17. Wliad Damouny wrote on :

    The branding of “containers” and “default container” is not user friendly. I think a re-purposing of the Tab Groups UI and branding is much better for users. It is convenient for users to see a group of tabs that share the same cookies email or social media.

    The use cases for a marriage of Tab Groups and Containers are quite many. One is the mentioned in this article. The other is a family computer where everyone is logged in and use the computer sparingly and in turn. It is easier for everyone to leave their websites signed in and loaded then switch to each Tab Groups based on the person using the computer. Tab Groups can also be the UI for private browsing sessions. Rather than create a New Private Window, merely created a New Private Group. The Tab Groups UI need a little work to make it more responsive because in the past it wasn’t. This Tab Groups https://addons.mozilla.org/en-US/firefox/addon/tab-groups-panorama/ extension actually has some good UI touches for the Tab Groups/Containers UI.

  18. Andy wrote on :

    I’m going to preface this and say this is going to sound harsh.
    This seems like something a new develper for Firefox would come up with and think it’s a novel and unique idea. All this does is put a new thing in the browser that adds unnecessary complexity. I’ve always thought FFox could use contextual stuff for bookmark management but thinking that opening different tabs on the same instance would reduce my browsing fingerprint is silly. 1 word : panopticlick

    This feature sounds like a rabbit hole. People will next want per-context DNS servers, per-context proxy servers, per-context search engines, passwords/bookmarks… all sorts of random things and yet Firefox has profiles.

    1. Walid Damouny wrote on :

      You’re attacking the concept as a simple programming problem and also make a somewhat good point about profiles. First it isn’t about programming but about some accessibility and UI. Secondly profiles are supposed to be for devs who want to tinker with extensions. For a moment I agreed with you about profiles and then rejected it on the grounds that a profile is a means to test a parallel setup and not to communicate with your existing one.

      The point you make about bookmarks management is one I’ve been thinking about. One of my pet peeves is that I couldn’t partially sync my home Firefox profile to my work computer or the other way round. Sometimes I want to share bits and pieces of information like bookmarks and some of the browser’s history because it is something I was researching on my own time. You’d think that since we are in an interconnected world we can share more easily and contextualize and segregate with the same ease.

  19. Mohan P wrote on :

    This is an interesting attempt to bring contextual identity to the browser and thanks for doing it. As few others mentioned in the comments, we need the flexibility to create our own identity rather than using a predetermined set of identities like Work, Shopping, etc., Main concern with the current design is that having different identities at the tab level is very confusing. As of now, I am using private window not only for private browsing, but also for establishing identities. I login into my personal twitter account in a private window and treat that private window as my personal identity. I expect any new tab I open in the private window to have my personal identity and that eases my browsing when there is a need to open the same twitter account in multiple tabs. I cannot imagine doing the same with the current tab level design so easily. So I would think the identity to exist at least at the window level and not at the tab level. I wont say this is the best way, but it is definitely better than tab level in my opinion.

  20. Bob wrote on :

    Isn’t that useless when you can just do `firefox -P –no-remote`? There’s even an addon that doesn’t require you to open the command line: https://addons.mozilla.org/en-US/firefox/addon/profileswitcher/

    1. Walid Damouny wrote on :

      This one is cooler https://addons.mozilla.org/en-US/firefox/addon/profilist/

      1. BigBlueHat wrote on :

        Just want to say thanks for the Profilist tip. Best thing about this announcement was finding this alternative to this upcoming Containers–which I hope will be rethought given the feedback threads here.

  21. Lesnik wrote on :

    Again you just take a feature from Chrome and add your own sugar coat over it to call it unique. Bring back customization which is now only available with Classic Theme Restorer and THAT WAY you gain users again.

    Most power users have loved the flexibility of the Firefox UI in the past. Now you remove that bit by bit and implementing stuff like that to satisfy Chrome users. Hint: It is not the Chrome users you want, it is the power user fraction you should wand to be back – as that is the user fraction which is utterly vocal about Firefox.

    But that kind of users will not come back because of some more security features. Bring back customization and we will be back. But not ONE moment earlier!

    1. Someone wrote on :

      What exactly about this is “taken from Chrome”?

  22. Name (required) wrote on :

    Stop working on this and release Servo already !!
    A lot of old Opera Presto users are going to adopt Servo so just release it.

  23. Valentin Born wrote on :

    Sounds good—but for proper compartmentalisation something along the lines of qubes-os would be more secure.

  24. CJ wrote on :

    What is the possibility that you will be able to use different IP’s for each Container in the future?

  25. Jim Pick wrote on :

    This is a feature that will make me switch back to Firefox from Chrome!

    Great work!

  26. larowlan wrote on :

    Such a great idea – killer feature
    Keep up the great work folks.

  27. David wrote on :

    Great feature, but when I try to access it, the menu item and the button are greyed out. I just downloaded Nightly 50.0a1 and I made sure that privacy.userContext.enabled was set to true. The menu item is still greyed out, and when I drag the button to the hamburger menu (it wasn’t there automatically) it is greyed out here too. Did the feature become disabled in 50.0a1 recently? Or am I missing something?

  28. Flimm wrote on :

    Is it possible to give containers a different name other than “Personal”, “Work”, “Banking” or “Shopping”?

  29. Trackback from ... [Trackback] on :

    … [Trackback]

    […] Read More here: blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/ […]

  30. Ibrahim wrote on :

    Awesome, looks like this already works in Firefox Developer Edition (on v49 as of writing, instead of v50) if you set privacy.userContext.enabled=true. I’ve been wanting something like this for a while as a web developer because I need to log in as multiple different users in my dev environment. My current workaround was to run a local nginx proxy that proxies different subdomains to my application server, so that I can log in to different users using different URLs. This lets you do that with a little less overhead, though I still like having multiple URLs for different users.

    1. yup wrote on :

      As mentioned above, FF has supported multiple profiles for a long time. They are literally totally isolated browsing experiences with completely independent copies of everything. Settings, cookies,…

      https://addons.mozilla.org/en-US/firefox/addon/profileswitcher/
      access the profiles with shortcuts like:
      General Tab:
      change description
      Shortcut tab:
      Target: “C:\Program Files\Mozilla Firefox\firefox.exe” -p yahoo -no-remote
      start in: “C:\Program Files\Mozilla Firefox”

      This container experience seems to be slightly different as the containers are all sharing the same browser(one set of settings) but hiding the contexts. Profiles are full blown copies of FF running in parallel.
      Look inside: C:\Users\%UserName%\AppData\Roaming\Mozilla\Firefox\Profiles
      You will see each profile has its own copies of everything. And each FF is started under new process.

  31. Bill Maggs wrote on :

    Tanvi,

    Really glad to see all your long and hard work on containers finally shipped! Congrats to you and Bram and Kamil and others that have worked on it. Clearly only part of the long term solution to identities on the Web, but a great start.

  32. Kamil wrote on :

    Great thing!!! Thank you very much for it. I am using Firefox alpha for webapps development and this funcionality helps me a lot.

    Please add function to customize both name and number of containers.

  33. thadtheman wrote on :

    I asked a question about profiles on reddit about profiles and was pointed to here.
    https://www.reddit.com/r/firefox/comments/526zlm/better_profile_management/

    Why not make profiles a bit more lightweight. Easier to create ( and to keep what addons you want when creating), delete, run two profiles at once and switch between them?

    A bit more work there and it seems like you would have the basic functionality of containers, but more stable and with less effort.

  34. julius wrote on :

    Amazing feature! Looking forward to using it on the stable version some day! Great work! Thank you!

  35. John is Ready to Work in Boulder wrote on :

    So, in theory you could be logged into multiple accounts in the same browser?

  36. James Fricker wrote on :

    I love this feature but I need to be able to launch a particular URL from the command line in a particular container. Is there a way to open a URL in a new container tab from the command line?

  37. Murz wrote on :

    Very useful feature, I move to it from Multifox extension. But how can I switch container of already opened tab (current tab)?

    1. Murz wrote on :

      Maybe we can add this functional via extension? Does Containers have any API for Firefox Extensions?

  38. Wayne wrote on :

    Does this not work in Windows Version no option on menu?

  39. Tony wrote on :

    Awsome post! It’s very useful for me. Thank you so much!

  40. S3nd41 wrote on :

    Hello,

    This is a great functionality but you’re implementing it wrong.
    I don’t want to have to choose for every tab which identity I’m opening it on.
    I want to open new windows and have all the tabs I open under the window belonging to the same identity.
    Can you just basically mimic the behavior of the sadly discontinued Multifox?
    You really don’t need to reinvent the wheel regarding this feature.

    Thank you!

  41. Robert wrote on :

    Because of Nightly, I quit using Chrome. I prefer Firefox.

  42. aGB Review wrote on :

    Perfect piece of work you have done, this website is really
    cool with superb info.

  43. Hinh Nen wrote on :

    Seems good. but I hope there will be context menu to open tabs based on container . I hope I can retain specific cookies across the containers. like gmail for example.I like know how does FF handle it?

  44. Erica wrote on :

    And this is the reason we like using Firefox considerable more than IE, Chrome, or Edge. Our team does internet marketing product reviews so we see now software launched on nearly a daily basis. You’d be surprised how many pieces of software have compatibility problems if you don’t use Firefox.

  45. Andrew wrote on :

    I’ve been using Multifox extension for many years and I’m happy this functionality getting integrated in the Firefox itself. These days I wouldn’t use a browser that doesn’t have some sort of lightweight identity separation.

    Comments:
    – While per-tab identities are technically superior, per-window identities seems to be easier to use/keep track of. Multifox was briefly toying with switching to per-tab identities but, from what I’ve seen, users generally preferred an older per-window implementation more, so in the end it started supporting both with an option. Note that per-window identities are nothing than a sub-set of the current feature.
    – Pinned tabs should support identities.
    – Opening new identity tabs should be integrated with the open new tab button/menu items.
    – It should be possible to assign external shortcuts to be open in a specific identity.
    – It should be possible to associate certain websites with identities.
    – It should be possible to reload the current website under a different identity.
    – Some websites (e.g. banks, paypal, facebook, google) need to be used in other identities (for example, I’m browsing a page using identity A and try to make a paypal payment, once I’ve logged into paypal it has now left its cookies in identity A. Any idea how to solve this issue? For this reason I wouldn’t simply assign bank websites to their own identities as that would break communication between them and other websites that may need payment authorization etc.

  46. json formatter wrote on :

    Thank you for the article. It’s very informative. With Containers, users can open tabs in multiple different contexts

  47. aluguel trancoso wrote on :

    This is a feature that will make me switch back to Firefox from Chrome!

  48. David wrote on :

    Great post, found it realyy helpful.

  49. Peggo wrote on :

    This addon is good also find multiple contexts but need new features!….

  50. Joey Jr. wrote on :

    First, thanks for the article introducing the Contextual Identities on the Web!
    Does this not work in Windows 10 Version no option on the menu?

  51. Zac Bohon wrote on :

    There was a feature in the test pilot version of this that I really loved that allowed you to set the container by URL, so for example whenever I opened a Jira site, it would use the work container, but it would use the personal container when I opened GitHub or StackOverflow. Is this something that will be introduced into the user context feature or will it be necessary to do that through an extension?

  52. jack wrote on :

    Awesome, looks like this already works in Firefox Developer Edition (on v49 as of writing, instead of v50) if you set privacy.userContext.enabled=true. I’ve been wanting something like this for a while as a web developer because I need to log in as multiple different users in my dev environment. My current workaround was to run a local nginx proxy that proxies different subdomains to my application server, so that I can log in to different users using different URLs. This lets you do that with a little less overhead, though I still like having multiple URLs for different users.