[META] Contextual Identity / Containers Bugs
Categories
(Core :: Security, task)
Tracking
()
People
(Reporter: englehardt, Unassigned)
References
(Depends on 131 open bugs, Blocks 1 open bug)
Details
(Keywords: meta)
Attachments
(1 obsolete file)
The Contextual Identity Project (see: https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers) aims to add lightweight containers/profiles into the browser to give users the ability to segregate their local state (cookies, localStorage, etc) based on the context they are browsing in. Example uses cases: * User has multiple accounts on websites and wants to be logged into both simultaneously. One in a personal context, the other in a work context. * User wants a session that persists but doesn't leak information to trackers about their browsing behavior in other contexts. (Ex: doesn't want the shopping context to affect the ads they see in their work context. * A user wants to remain logged into a social network without being tracked across the web This meta-bug is a collection of the related bugs supporting this project.
Reporter | ||
Updated•9 years ago
|
Updated•9 years ago
|
Updated•9 years ago
|
Comment 1•9 years ago
|
||
How about setting usercontext on bookmarks?
You can look at the https://getmultifox.com/ extension as example how this works - it provide per-tab select identity (cookie and session storage) for users. But Multifox Firefox extension will stop working after Firefox remove XPCOM support, and seems there are no ways to provide this feature via new Firefox WebExtensions API, so build-in contextual identity will be useful feature!
I see that "Image Cache" is not separated by this, but a lot of tracking is done with images. Wouldn't this leak info across contexts?
Comment 4•8 years ago
|
||
(In reply to donrhummy from comment #3) > I see that "Image Cache" is not separated by this, but a lot of tracking is > done with images. Wouldn't this leak info across contexts? Image Cache should be separated in the same way Necko Cache is. Is that not the case it our current implementation? Huseby, can you check on this and file a bug if needed? This may be a Desktop only issue.
Comment 6•8 years ago
|
||
It seems like people are starting to look into implementing this. Exciting! I think we need to handle many of the places in the code where we store data on disk related to the user's browsing. One example is cookies. It's probably a good idea to have a consistent model everywhere. I think the right approach should be for the user context ID to be stored alongside the data (perhaps encoded in the origin string) and in code using the data read from the disk we should be careful to not read another user's data, nor modify/delete them. This basically gives us a solid virtual per-user-context-ID container for the stored data. Finding all of the necessary call sites to audit and handle can be daunting. I think a good starting point would be places where we check the private browsing mode, since a lot of them map to code that wants to store something about the user's browsing to disk, so that should find many of the places we need to fix, and we have covered almost all of those places over the years. Not sure how much this matches the current thinking, and/or who to direct this too. Andrea, do you know? Thanks!
Comment 7•8 years ago
|
||
> Not sure how much this matches the current thinking, and/or who to direct > this too. Andrea, do you know? Thanks! Absolutely. We are doing that using OriginAttributes everywhere. It's a big task but it has been almost fully done. There are plenty dependences here and many depending bugs are metabugs: bug 1197283, 1153435, etc. Cookies, localStorage, IDB, quota, all of this is already fully managed and it works. If you are interested or you have specific questions, we have a weekly meeting on Wednesday. I'll ping you tomorrow on IRC to tell you more :)
Updated•8 years ago
|
Updated•8 years ago
|
Is there some documentation for addon developers? The container concept is awesome, but the default UI for containers does not reflect how I would like to use it.
Updated•8 years ago
|
Comment 9•8 years ago
|
||
(In reply to The 8472 from comment #8) > Is there some documentation for addon developers? The container concept is > awesome, but the default UI for containers does not reflect how I would like > to use it. We don't have much documentation yet, just https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers. If you are looking for something like Containers with different UI, you probably want documentation about OriginAttributes. But OriginAttributes are fairly new, so I'm not sure there is documentation on that yet either. What would you like to do in your addon?
Comment 10•8 years ago
|
||
(In reply to Tanvi Vyas - behind on reviews [:tanvi] from comment #9) > What would you like to do in your addon? a) ability to dynamically create or destroy new containers b) assign the container on tab navigation / opening tabs c) assign a different container to sandboxed iframes The idea is to automatically compartmentalize things based on origin wherever reasonable. Let's say I have the following tabs open + embedded 3rd-party content: - a forum, turns posted links to youtube into embeds - a blog, requires recaptcha for anonymous comments - Youtube - Gmail - Google Google, Youtube, Gmail shouldn't have to share logins or cookies even though they all load stuff from google. And since I don't want to make a conscious effort of opening google or youtube videos in the "correct" container it should determine that based on the page URL. For the YT embed iframes I would like to choose whether they load with an anonymous container (spawned and destroyed on demand) or with my YT account. And recaptcha needs to build some reputation if you don't want to get those terrible inkblots, so you can't just block cookies, but it doesn't need to associate my blog comment activity with my google account. Or with other sites also using recaptcha for that matter.
Comment 11•8 years ago
|
||
Feature Request: One useful feature would be to have the option to have a window be "sticky" about the context it's using, so that new tabs would automatically use a given context. I know that links from tabs in a given context stay within that context, but opening up new tabs (using the "+" or the keyboard shortcuts) open in the original, default context.
Comment 12•8 years ago
|
||
(In reply to JR Conlin [:jrconlin,:jconlin] from comment #11) > One useful feature would be to have the option to have a window be "sticky" > about the context it's using, so that new tabs would automatically use a > given context. I.e., a re-implementation of profiles, but without the separation of UI that profiles provide. If this is going to be the way of the future, I'd at least like to see the ability to separate bookmarks as well - when I go into work mode, I want to streamline away all the personal bookmarks I have and concentrate on those that are relevant to the work I'm doing. I use profiles and the bookmarks toolbar extensively to be able to get to common tasks quickly in whichever context I'm working. As I work for three different companies in addition to my freelancing and personal stuff, I consider profiles to be a much better solution, but if they're going away (bug #214675) Containers had better allow me to concentrate on one context at once instead of mixing them.
Comment 13•8 years ago
|
||
(In reply to Iain Hallam from comment #12) > (In reply to JR Conlin [:jrconlin,:jconlin] from comment #11) > > One useful feature would be to have the option to have a window be "sticky" > > about the context it's using, so that new tabs would automatically use a > > given context. > > I.e., a re-implementation of profiles, but without the separation of UI that > profiles provide. If this is going to be the way of the future, I'd at least > like to see the ability to separate bookmarks as well - when I go into work > mode, I want to streamline away all the personal bookmarks I have and > concentrate on those that are relevant to the work I'm doing. I use profiles > and the bookmarks toolbar extensively to be able to get to common tasks > quickly in whichever context I'm working. As I work for three different > companies in addition to my freelancing and personal stuff, I consider > profiles to be a much better solution, but if they're going away (bug > #214675) Containers had better allow me to concentrate on one context at > once instead of mixing them. Containers are not meant to replace profiles. Profiles are great and have their own set of uses cases. Containers is for a different use case, where a separate profile feels to heavy weight for the task at hand.
Updated•8 years ago
|
Comment 14•7 years ago
|
||
Containers works very well on Firefox 52 and 53 versions and very useful, thanks for this improvement! I fully switched to it from Multifox extension, and will be glad to see on stable versions. But I miss feature to change container of already opened tab - this is unavailable in tab context menu, and via click on container icon in Location bar too :( Please add switching container for current opened page in tab to Right-click menu on tab and to click on container icon in Location bar. Thanks!
Comment 15•7 years ago
|
||
Also "Open in Container tab" menuitem missed on bookmark items, please add in this place too.
Comment 16•7 years ago
|
||
(In reply to Murz from comment #14) > Containers works very well on Firefox 52 and 53 versions and very useful, > thanks for this improvement! I fully switched to it from Multifox extension, > and will be glad to see on stable versions. > > But I miss feature to change container of already opened tab - this is > unavailable in tab context menu, and via click on container icon in Location > bar too :( > > Please add switching container for current opened page in tab to Right-click > menu on tab and to click on container icon in Location bar. Thanks! I agree. The main usability issue with Containers right now is that there is currently no way to change the context of the current tab, which is supported in other implementations (Multifox, etc.)
Comment 17•7 years ago
|
||
Developers, can you provide example how we can change Container for current tab in custom script/extension via WebExtensions API or other way? Thanks
Comment 18•7 years ago
|
||
https://github.com/mdn/webextensions-examples/tree/master/contextual-identities << you can reload tab using cookieStoreId prop. https://blog.mozilla.org/addons/2016/11/18/webextensions-in-firefox-52/ Btw, browser.contextualIdentities and browser.devtools API is still missing on https://developer.mozilla.org/en-US/Add-ons/WebExtensions, any new or experimental API should be listed there, if not a complete description of it (because they are still creating), at least with links to some other place with partial description.
Updated•7 years ago
|
Updated•7 years ago
|
Updated•7 years ago
|
Updated•7 years ago
|
Comment hidden (mozreview-request) |
Updated•7 years ago
|
Updated•7 years ago
|
Updated•5 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 20•2 years ago
|
||
Hi! I really like the multi container tabs, I use it everyday.
There is just one feature which me and other would really like to be implemented. I'm talking about enabling a default container, as for now, when you do CTRL+T aka new tab event, it opens in a default container, or, if I understand correctly from the source code, an internal container which is called "no container".
This is quite annoying in a daily basis because I use containers for everything, the "no container" container is useless for me.
I really want to implement a default container because this feature change seems quite straight forward, as the mock-up code below:
onNewTab((url) -> {
if (!hasAssignedContainer(url)) {
const defaultContainer = getDefaultContainer();
openInContainer(defaultContainer, url);
}
...
});
This would require to expose a method for setDefaultContainer
and getDefaultContainer
in the containers API for extensions.
So, this is basically the second time I contribute with the Mozilla Firefox ecosystem and I have a bunch of questions regarding where to start this implementation. Things like "where is the new tab handler for assigned URL's" would be very helpful to me.
Comment 22•2 years ago
|
||
Mateus, I suggest you create a new bug for your suggestion and mark it as a blocker for this one.
I wish you a Happy New Year!
Sebastian
Updated•1 year ago
|
Description
•