зеркало из
1
0
Форкнуть 0
3 Moving between containers
Danny Colin редактировал(а) эту страницу 2022-11-29 19:09:14 -05:00
Этот файл содержит неоднозначные символы Юникода!

Этот файл содержит неоднозначные символы Юникода, которые могут быть перепутаны с другими в текущей локали. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы подсветить эти символы.

Unfortunately the Containers extension won't allow moving between containers because of the privacy/security impact.

We built Containers and also Lightbeam, to provide tools for people to see how much tracking there is on the internet.

Moving one URL from one container to another has the ability to increase tracking across containers.

Explanation

Essentially you turn containers into a organisational tool rather than a privacy one. If you imagine that when visiting websites you always wear the clothing, containers give you different clothing to wear. These disguises containers work by clearing what websites know about you, which works really well in stopping adverts from following you around the internet.

When you transfer one URL to another container you risk that website knowing about both of your disguises.

The URL itself can leak information about your previous container or the website could make the correlation that you have visited it twice with the same browser fingerprint but without the same cookies.

Containers dont currently solve browser fingerprinting which is a technique where websites essentially monitor the hardware and OS that you have (graphics rendering, sound and performance). Containers add ambiguity in that fingerprinting isnt perfect either. However the more you cross that boundary the bigger the risk you are in for this correlation.

URLs themselves also contain parameters like session ids or google analytic campaigns that could be unique to you. There isnt any simple way to filter these out without breaking pages also.

Other info

Implementing this would also increase the issues issue 1 and issue 3 here.

Example risk

Take for example that obscure YouTube video you wanted to look at, it turns out maybe only 5 people visit it a day. It would be clear to YouTube that you crossed a container boundary when you switched the URL over to your personal container to login.

Once a website can link the histories for two containers, imagine anything you have done in the previous container potentially known to the website. So if you visited a medical site, financial advise, shopping, adult sites or just something about your child's next school play they might gain access to all of that.

Alternate solutions

Context Plus allows right clicking and opening a page in a new container. However reduces or stops all of the privacy advantages of containers.

  • If you want just tab management, this is what you want.
  • If you care about tracking and the security benefits of containers, this is not what you want.

Frequently asked questions

I'm not quite sure why this is so hard to switch containers per navigation then?

Because the web has many features which makes this hard like window.opener this would also indeed break OAuth as previously mentioned. If you wanted opener to work across containers it is a privacy issue.

The window change requires a lot more security checking etc that will require additional work. Bugzilla change.

This enhancement would allow assignment to stay within the same tab and clean history navigations. It doesn't however solve migrating a site from one container to another.

Think we are wrong?

If you think we are wrong about this, we really would like to solve this issue without the privacy impact. Please let us know if you think it is possible!

You can raise an issue on Github or contact us at containers@mozilla.com