Re: firefox > Preferences > When Firefox starts.

["der.hans" <deb-user@LuftHans.com>]

Am 23. Apr, 2019 schwätzte David Wright so:

moin moin,

> On Tue 23 Apr 2019 at 15:53:50 (-0000), Curt wrote:
> > On 2019-04-23, der.hans <deb-user@LuftHans.com> wrote:
> > > I use different Firefox profiles for banking to improve isolation, so at
> > > least they won't be attacked by a retailers tab.
> > >
> > > I'm experimenting with Firefox containers for the isolation.
>
> What experiments have you devised? How do you define "isolation",

Thus far my experiments have only been for usability. When I first tried
Firefox containers some time ago I could only open one tab in each
container.

I'm just checking that they work and that I can use the same site multiple
times with different credentials from the same browser instance.

> and what are the criteria by which you judge whether their scheme
> is succeeding or not?

At some point I will need to dive into documentation to see if the design
is to isolate the containers sufficiently for me. Even if it is, I'm
still concerned about a bug allowing container escape or information
bleeding.  Should containers not be sufficient for me, they still look
like a significant improvement for those less tech minded.

I currently run different browser instances for different tasks I want to
isolate.

For instance, I have a profile for one mastodon account and another for
the other mastodon account. My bank gets its own profile, as do my
utilities. Each of those is setup with uMatrix to disallow cookies and
JavaScript not necessary for the particular site to work.

I have over 50 profiles. Only two are allowed flash player and except for
work requirements, I haven't used flash in a long time.

Some profiles are inside containers.

For generic shopping I have an instance that is more lax on cookies and
JavaScript.

My initial use of containers is for that. I would like to have a container
per retailer ( or account required site ) that isolates each site and
where all information about the site is wiped when the container is
stopped/reset.

Banks and social media will certainly continue having their own profiles,
but a third of my profiles could move to containers ( if I start to trust
them ).

As to experiments, I need to see if I can get tools like lightbeam to help
me audit isolation. I'll also passively test by checking for bleedover
from different sessions.

I want to see if I can enable and disable add ons per container. I presume
not, but that would be a useful feature.

ciao,

der.hans

> > Looks interesting. I've just enabled it in 'about:config'
> >
> >  privacy.userContext.enabled       true
> >
> > I now have a contextual menu entry "Reopen in Container" when
> > left-clicking on a tab, which lists the four default containers. The
> > wiki doesn't explain the difference between these pre-defined
> > containers, though (Home, Work, Banking, and Shopping) or whether you
> > can create your own (apparently "custom" containers is a future option).
> >
> > https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
>
> I can see some usefulness in having separate bookmarks and histories,
> particularly the latter as it's not easy to classify in the same way
> as bookmarks with its submenus. But I see only convenience, not
> security.
>
> Cheers,
> David.

--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  Magic is science unexplained. - der.hans