Facebook Container for Firefox

Third party cookies, and any way to fingerprint a specific user starting from high entropy user agents to screen resolution, font fingerprinting or canvas data, should be considered a breach of the browser security model.<p>All sites should run in containers and no advertiser should be able to track you across sessions. When I want 3rd party interaction, I should need to opt in and connect the current site with Facebook or some other 3rd party.

We&#x27;re going from cold war to all-in.<p>Not just a privacy question. Reddit nags me every time I hit the front page, even returning from a story, asking me to log in. For most sites I need to create ublock filters to prevent pop-ups with useless &quot;we use cookies&quot;, subscription requests, ads or social media bars that fills half the screen, etc. etc. etc.<p>Every newspaper I read has decided that autostarting video and streaming is a good idea.<p>Yes, HN is OK, but sites that it points to are not.<p>I&#x27;m giving up on the web.

I used Firefox&#x27;s containers for about a day, and then I discovered the privacy.firstparty.isolate option (in about:config), which effectively gives every site its own container with no user effort. That, combined with Cookie AutoDelete, seems to work well.

If you use Firefox Containers, including the Facebook Container, please also use Cookie AutoDelete [1] to get rid of cookies from closed tabs across containers. Otherwise, in my observation, sites will still be able to track you if you reuse a container (even after closing all tabs of that container) for a specific site.<p>[1]: <a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;cookie-autodelete&#x2F;" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-US&#x2F;firefox&#x2F;addon&#x2F;cookie-autode...</a>

If anyone in your household uses FB from the IOS or android mobile app from wifi, it will have both your IP address and GPS coordinates. Correlating that multiple people share one residence or workplace is easily done for FB. You can keep playing a shell game like run all your desktop PC traffic through a VPN somewhere so that the FB container doesn&#x27;t show up as the same geolocation, but you or an ignorant non technical user you live or work with will slip up.<p>Edit: fb also buys geolocation data from organizations that do the modern equivalent of wardriving. Correlating GPS location with RSSI of specific wifi SSIDs and AP MAC addresses. If anyone near you uses the app, even if their phone has all location services turned off, you&#x27;re still geoprofiled to within a city block.

I&#x27;ve been trying to use Firefox&#x27;s containers for a while. They are pretty clunky - you need to open a blank container tab using a menu and then enter the url. I forget to do that all the time, so after some time you are just logged into everything in the &quot;global&quot; container, or logged in to google and twitter in the same container etc.<p><i>If you check the &quot;Always open this page in this container thing&quot; - then it prompts you with an &quot;are you sure you want to open this page in this container&quot; every time you go to that page which is very annoying.</i> Edit - this is not true - there&#x27;s a checkbox to &quot;remember your choice&quot;. I don&#x27;t know why I didn&#x27;t see it.<p>They are error prone enough that they aren&#x27;t good tracking protection. Just use ublock origin or a similarly good privacy plugin to globally block as much tracking as you can.<p>The facebook container eliminates some of those annoyances, but only for facebook.

IMHO, this is how containers should really work:<p>- Every website (domain) should get its own container by default. I <i>don&#x27;t</i> want to configure stuff when visiting a new domain.<p>- If I want domains to share a container, then I don&#x27;t mind having to configure that.<p>- When clicking a link inside a container that points to a different domain, then the link should open in the container for the domain pointed to.<p>- When clicking a link, I should have the opportunity to edit the link before opening it, to avoid information leakage from one container to another.<p>- Cookies may be saved per container (default). But I should be able to turn cookies off for a specific container.<p>- Containers should work against fingerprinting, i.e. by perturbing browser characteristics slightly. This should work by default per container and per session. It should be configurable.<p>- If some well-known websites only work with multiple domains, then that is ok. These domains can be grouped into one container. Firefox can distribute a &quot;whitelist&quot; for such configurations. Please don&#x27;t bother me with the specifics, but enable me to figure out what the settings are for a container, and to change those settings.<p>- Container settings should be synced over my devices. Needless to say, containers should work on all platforms.

Don&#x27;t blame them for taking advantage of the current media attention facebook is getting to bump firefox containers a bit! It&#x27;s pretty neat technology.

&#x2F;sigh. Yet another &quot;privacy&quot; solution that&#x27;s solves the wrong problem.<p>You prevent the big bad company from <i>spying</i> on your browsing activity while, at the same time, explicitly posting to the big bad company&#x27;s first-party site messages containing all the juicy bits of private information that you went through all that effort to prevent them from inferring through your other activities.<p>And we pretend this is helping, rather than just adding noise to an already confusing technical landscape.

Made a jump to Firefox as primary browser on macOS this month. My setup involves heavy use of the new containers feature and a tree-style vertical tab panel, which AFAIK is unique to Firefox and offers neat visual browsing history.<p>Extension rundown:<p>— kesselborn’s Conex, a Spotlight-like quick container switcher&#x2F;tab finder. It’s set to auto-hide tabs not in the current container, and I use it to routinely create one-off containers for specific tasks<p>— piro’s Tree Style Tab, with a workaround setting to make it play well with Conex and a couple of custom styling rules<p>— MarsCat’s Switch Container, which allows to re-open a tab in another container (used with caution)<p>What unblocked the switch for me:<p>— There’s now a working tree-style tabs extension in Quantum<p>— The new Web Authentication API removes the need for Keychain integration in the long run<p>I’m wary of getting too used to a heavily customized setup, and am still figuring out the best way to back up my Firefox profile. Previously I relied mostly on stock Safari and Chrome, which is still great for its developer’s tools.

You can also run multiple Firefox profiles at the same time, each with different extensions. Something like:<p><pre><code> $ firefox -ProfileManager -no-remote &amp; </code></pre> Also interesting:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;mozfreddyb&#x2F;webext-firstpartyisolation" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mozfreddyb&#x2F;webext-firstpartyisolation</a><p><a href="https:&#x2F;&#x2F;github.com&#x2F;stoically&#x2F;temporary-containers" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;stoically&#x2F;temporary-containers</a>

I have a similar need for Google. I have two gmail accounts. One is to preserve my privacy. But I can only open one at the time. That&#x27;s acceptable since I forward mails.<p>But then, everything I do at Google is tracked and associated with this opened gmail account.<p>Once we are connected to Google, we are kind of logged in Google. They can track everything we do, even searches.<p>The problem I&#x27;m facing is that I can&#x27;t keep the Google agenda opened for one user, and be connected to Google gmail as the other user. That&#x27;s how far the &quot;logging to Google&quot; has got.

In my opinion Containers are the best thing in Firefox. I&#x27;m sacrificing battery life just so I can use them on my Mac.<p>I finally feel free to search for whatever I want and not have second thoughts.

Here&#x27;s a link to when this was first appeared on HN (March 27): <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16688681" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16688681</a><p>The comments have input from the add-on&#x27;s author (groovecoder).

Its funny with all the focus on Facebook, while Google tracking is so much more widespread

I&#x27;ve used a separate container tab for facebook in firefox (nightly) for some time now, along with uMatrix, uBlock origin, and privacybadger. I downloaded my info from fb a few days ago, and was pleasantly surprised at how <i>little</i> info they had on me - they only have 2 advertisers with my contact info (email id). I click stuff on fb, but don&#x27;t post, and occasionally have had message exchanges with friends.

I did the same for many years, blocking third party cookies, having a different browser profile, but none matters.<p>Recently I downloaded all my fb data and I found that fb gives a tool to advertisers where they can upload my contact information to join all the dots.<p>The heading says &quot;Advertisers who uploaded a contact list with your info&quot;<p><a href="https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;FRsUP" rel="nofollow">https:&#x2F;&#x2F;imgur.com&#x2F;a&#x2F;FRsUP</a>

Unsurprisingly there is no Google container for Firefox

I don&#x27;t trust Facebook. I am &#x27;aware&#x27; of the importance of privacy. I install &#x27;Facebook Container&#x27; because I prefer to install an extension to keep Facebook kind of controlled than to delete my account.<p>It doesn&#x27;t make sense to me. If you are so privacy concerned it seems to me that the step you should take is to delete your account but not to look for ways to avoid being tracked by the company you don&#x27;t trust, although you use its services.<p>If this extension is not for Facebook users but for everyone, why don&#x27;t implement it by default and for a lot of other websites?

Im using uBlock origin and PrivacyBadger, will this cover something Im missing?

GNOME Web (Epiphany) lets you easily save a web page as web application, so that it gets an own desktop icon and browser profile to separate it from your normal browser.

Heck yeah, I&#x27;ve been dreaming of this for a while. Or really, something that can work on _any_ website you configure it to work on, not just fb.<p>Or specifically, I&#x27;d love one that worked for google search (not neccesarily all google products, which would be hard, but one which let me search without being able to tie me to my other internet use including other google products).

They have the right intention. But how is this useful? As far as I can tell, it does not prevent FF from leaking information that helps FB generate a fingerprint. I&#x27;d still reveal the same IP address (would be cool if Mozilla provided a VPN that all FB traffic goes through), the same browser, the same OS, screen resolution etc...

I&#x27;m glad they released this and hit got some headlines because I tried it, realized how necessary it was and then learned about Firefox containers in general.[0]<p>Now I&#x27;m using them for Gmail, Youtube, Twitter &amp; FB. The three amigos, the internet bad guys. I really should just delete the last two accounts, but I feel a heck of a lot better now. I used to keep those in Microsoft Edge, a browser pretty much relegated to that dirty, social media duty alone. If I can use Firefox for everything, and cut off Google while I&#x27;m at it, even better.<p>[0]<a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=Gy7lyvAfOSw" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=Gy7lyvAfOSw</a>

I hadn&#x27;t used Firefox for anything practical in years except testing things of my own for compatibility. Now I launched it from a clean state, installed that extension and logged into Facebook... and it is still slow as molasses. It feels like downgrading the hardware to something 1&#x2F;10th as powerful than what I&#x27;m used to. My point of comparison on this hardware is Safari, which I use for regular everyday default web browsing. It&#x27;s not just Facebook on Firefox either; everything is sluggish and even typed text lags noticeably behind, which is something I hadn&#x27;t experienced on anything since the iPhone 4 iOS 7 upgrade.

Can&#x27;t this be easily bypassed by Facebook? Given the amount of information usable to fingerprint browsers with JS enabled can&#x27;t FB do some basic tricks like IP + WebRTC local IP + WebGL fingerprint + Canvas Fingerprint , etc...?

This should be enabled by default in Firefox, as is the tracking in Facebook.<p>Hardly will Facebook care for the couple of hundreds that install and use something like this, but it will be much more efficient if browsers are pre-enabled with this feature.

Is this any different than Firefox&#x27;s regular container support?

Have been using Ghostery on Safari for quite some time, and I dont see how this Facebook Container can be anywhere close to what Ghostery provides. The number of trackers on any website, is just mind blowing.<p>I believe Ghostery works with all browsers and I strongly suggest everyone use it, in addition to what ever ad blocker, container, VPN service you intend to use, even if you are using Facebook Container for Firefox.

why not just use the Private &#x2F; incognito mode every time you want to use Facebook directly or indirectly?<p>That way any Facebook-owned service like logins and website comments plugin will work as expected but will not follow you around in your regular browser window!<p>________________________<p>From the extension page:<p>&gt; &quot;Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from.&quot;<p>&gt; &quot;Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity.<p>&gt; In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.&quot;

They have a newer version that can handle custom isolated tab groups not just Facebook.<p><a href="https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-GB&#x2F;firefox&#x2F;addon&#x2F;multi-account-containers&#x2F;" rel="nofollow">https:&#x2F;&#x2F;addons.mozilla.org&#x2F;en-GB&#x2F;firefox&#x2F;addon&#x2F;multi-account...</a>

Looks like what it does is deleting a bunch of cookies.<p>If it only was that easy!<p>The real problem is not cookies.<p>I can already delete those.<p>The real problem is fingerprinting.

This might have been commented already, but: maybe have something similar for Google also? Now I&#x27;m not an expert, but ghostery&#x2F;duckduckgo privacy essentials&#x2F;ublock and so on &quot;blockers&quot; tell me that Google is responsible for a majority of the tracking

Uh it says I&#x27;m on Firefox 52 and can&#x27;t install this. But I&#x27;m on Firefox 59.

I&#x27;m in favor of putting Facebook in a container.<p>I further suggest to throw the container into a fire.

What makes containers and other related things here better than just downloading something like PrivacyBadger and using some anti-tracking uBlock lists? I&#x27;m assuming it&#x27;s because some things might still fall through the cracks?

cool, but if anything tells me there&#x27;s something wrong with permission systems it&#x27;s this... the permissions it asked for, if that was any extension i&#x27;d be leery of it, but since this is from mozilla i trusted it..

What I cannot find anywhere: how does this compare to Firefox&#x27; tracking protection feature? That would already block third-party requests to Facebook on other sites, wouldn&#x27;t it?

How in the world do you get this to work with subdomains in the general case? How do I just say &quot;open all [sub]domains under example.com in their own container, end of story&quot;?

What about this is specific for Facebook?<p>Why not apply it to every website we visit?

I don&#x27;t use Facebook much but when I login I&#x27;ve been using Internet Explorer just for browsing Facebook. Otherwise IE would just sit there on my MS box.

I would like to isolate every website I visit into a container, such that cookies or other tracking mechanisms are unable to be effective while on other pages.

What&#x27;s a Firefox container and why should I use one ?

Is the &#x27;Facebook Container&#x27; extension different from I creating a new container myself and keeping only facebook in it?

Half-OT: Somehow pages like dev.to or whatsapp always get opened in the default container, even if specified otherwise.

for those wondering what&#x27;s the difference between Facebook Container and Multi-Account containers:<p><a href="https:&#x2F;&#x2F;support.mozilla.org&#x2F;en-US&#x2F;kb&#x2F;how-facebook-container-different-multi-account-con" rel="nofollow">https:&#x2F;&#x2F;support.mozilla.org&#x2F;en-US&#x2F;kb&#x2F;how-facebook-container-...</a>

Currently it is not about my privacy and data (those has been lost and given away far ago). It is about my time.

&gt; In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected.<p>As much as I love these kinds of things, this is going to break something for my less tech-y family. As such, I can&#x27;t let them use this kind of thing.

I like this, but 2018 Internet is essentially needing this for <i>every</i> website you visit.

Time for a Facebook browser, I guess. Circumventing the middle man is the next logical step.

Firefox Containers don&#x27;t seem to work in Private Mode. Also Privacy Badger, btw.

Is there an advantage to this over Chrome Profiles, a feature built-into the browser?

can someone explain why this is necessary? shouldn&#x27;t anything that happens outside of any site stay outside that site, why a special extension just for facebook?

Great initiative. I&#x27;m wondering why no Google container?

I need a Google container for firefox.

i have deleted all facebook accounts. easy and clean solution. also i suggest to use several browsers to login google accounts and browse daily. therefore activities totally separated and tracking is getting hard with combination of cookie removal. etags are still big problem though.

Up! Following.

I normally avoid posting on threads like this, because there&#x27;s more pile-on then there is coherent discussion, but I think there are some things missed here, and I want to elevate the discussion.<p>Let&#x27;s take a step back for a moment from the fact that this is extremely one-sided, since there are many sites used all over the web which have a view on most of your browsing traffic, like Google Analytics (try and pry that from the cold, dead hands of administrators), to reddit, to other ad networks. I&#x27;ll assume that the reader would just respond that we should do this for all sites.<p>Think a bit about the generalized business model of contracting out to third-party vendors. When you go the supermarket, it&#x27;s very likely that the cash registers came from IBM (at least in the US). When you go to a restaurant, your payments are likely to be handled by Authorize.net (not to mention the credit networks), when you go to a hotel, the wifi is handled by some third-party company.<p>In each of these cases, there is a valuable service being provided to a company, and any service that has a large enough market penetration has access to a large amount of information about you. Third-party vendor relationships are not going to go away.<p>So what does this mean for the net? What effect will this have on the world? In the best case for anyone who thinks this is a good idea, it won&#x27;t catch on, doesn&#x27;t go mainstream, and a small amount of invisibility is granted to the few users who adopt this. But what happens if this were to become the default way the web works? Think about the wrench&#x2F;security XKCD ( <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;538&#x2F;</a> ). If browsers started doing this, than the companies who depend on these services will just find other solutions. Already, many sites use url redirectors in order to accomplish this (think: Google Search), if we try to prevent redirects, then you break the web.<p>Okay, nuclear option, we decide to break the web, and require all users to manually confirm before doing redirects. There will be sites concerned enough about the drops in traffic that would be caused by forcing redirects that they&#x27;ll stop using them. Does that mean this practice will stop?<p>Of course not! The next step is out-of-band network requests. You request data from a site, they ping the third-party, no muss, no fuss, and you&#x27;re never the wiser. Well, what happens in that case? Suddenly, you go from a situation where companies are using third-party services via the browser, where the end user&#x27;s interface to the third-party is entirely secured from the company receiving the service, to a world where all of this information is proxied the third party, meaning that instead of less companies being able to track you, suddenly more companies are able to track you.<p>I for one, hope that this does not catch on. Not because I care one way or the other about the tracking (I think there are better solutions<i>) but because I think this is an effort that will hurt both the web, and eventually users.<p></i> My thoughts on this: I find this akin to state surveillance. It&#x27;s inevitable. The &#x27;solution&#x27; to state surveillance is not hoodies and masks, but instead sousveillance (which means granting distributed surveillance powers to the masses, like way a large number of police issues came to light). Put the power in the hands of the people. How does this apply to web traffic? Same thing, instead of having traffic available to a few companies, make it scattershot, and make sure everyone has access. Surfing the web? Make browsers overfetch. DNS lookup for the letter p? grab everything from park to porn to production. That way, there is no loss of power

Now do it for Google!

Just as alternative, I am using this and it works great: <a href="https:&#x2F;&#x2F;github.com&#x2F;jmdugan&#x2F;blocklists&#x2F;blob&#x2F;master&#x2F;corporations&#x2F;facebook&#x2F;all" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;jmdugan&#x2F;blocklists&#x2F;blob&#x2F;master&#x2F;corporatio...</a><p>(I don&#x27;t use FB)

Good start targeting one of the biggest offenders. Now make the next step implementing full blown ad blocker the way Brave has done it.

Stop &quot;containing&quot; Facebook, just quit it. These workarounds are just keeping you from facing the real problem: the time and mental effort spend on Facebook.

Mozilla likes so much to trend, but this container wouldn’t have done anything against the current Facebook leak.

Firefox is one of the worst browsers in terms of security, so much malware just slips right through it, not to mention web designers don&#x27;t bother testing on firefox much.