Consider adding unlisted, single-domain containers

[smichel17]

As per #428, about 1/3 of my containers are for a single login on a single domain. I could imagine having many, many more of these, and they're already starting to clutter up my container list; this makes containers less useful for tab management (#336).

I'd love it if there were a setting to isolate a domain in its own container so that it'll save logins and other history, without creating a whole new container just for it.

---

I think the easiest way to do this would be to integrate with #306 as described here by:

• Changing Always Open in This Container => Always Open in a Container
• Add a menu to pick a container to the Containers Confirm Navigation page
  • One of the options is [Domain name] container
    • Stretch feature: separate [Domain name] containers per account you have on the site
  • Bonus points if "Private container" (Consider adding "private container tabs" #429) is one of the options.

[jonathanKingston]

Two alternative to solve the same use case:

• Would removing the new tab menu item for this assigned container actually solve most of the issue here?
• Would allowing a creation of a hidden container for an existing tab solve this?

Essentially what we are talking about is a less intrusive interface for "first party isolation" which tor uses for all sites. This makes all websites behave like they are in a unique container, iframes within the page behave like they have the following origin: page.com_example.com so cookies are never shared from iframe to another parent document in another tab.

[smichel17]

Would removing the new tab menu item for this assigned container actually solve most of the issue here?

Yes.

Would allowing a creation of a hidden container for an existing tab solve this?

Yes; But.

1. I'm a little unclear of how I get back to a hidden container. Or are you suggesting containers without persistence? In that case it would just be Consider adding "private container tabs" #429, though.
2. I have two google accounts. One is a gmail account that I use when I don't want to give my real email address. The other is a google account using my real (non-gmail) email account, that I use so I can access Google docs, in situations when I don't have the choice to use an etherpad. I want both accounts isolated in their own private containers. I don't want them in the same otherwise-isolated container.

There are solutions that address both of these, and without running afoul of the ability to csrf yourself*. But, I'm having a hard time thinking of any that aren't basically a duplicate of #306, which is why I suggested adding on to that interface. *The irony of linking you to your own blog post is not lost on me, but for others reading...

In the end, though, I don't really care what the interface is; I'd just like a way to isolate Google et al.

Essentially what we are talking about is a less intrusive interface for "first party isolation" which tor uses for all sites.

Yeah. Is this in scope for containers? I was a little bit unsure of whether I should post this and #429 here or on bugzilla.

[nnnnicholas]

Hi MAC maintainers!

First, thank you so much for this excellent project. Thanks also to @stoically and others who also work on Temporary Containers, which I discovered today and am excited about.

For my use case, I am interested in automatically generated containers for each subdomain. I'm unsure if this is essentially the same thing as First-Party Isolation. Perhaps @jonathanKingston can help clarify if so.

Typical behavior

1. I create an account on a new website
2. I use MAC dropdown menu to create a new Container for that domain
3. I right-click and Reopen current tab in the new container
4. I access the dropdown again to "Always open in DOMAIN_NAME container"

Desired behavior: Enhancement Request

1. Every new tab is a Temporary Container
2. When I log in, Temporary Container becomes a subdomain specific MAC container and persists login cookies so I don't have to log in again next visit.

Example:

1. Searching using google: Temporary Containers only
2. Log into mail.google.com: A new Container dedicated to this subdomain is spawned and will be retrieved every time I visit that domain.

I'm sure there are cases where manually managed containers are superior (e.g., Work Gmail vs Personal Gmail containers), and other edge cases (e.g., logging into sites using Google Accounts or the Paypal Ebay example above), but I think the outlines of the setup I've presented here would be great for me, and maybe others, too.

Also I suggest merging #1421.

Curious what you think! Thanks again.

[grahamperrin]

unlisted …

@smichel17 please, do the features of recent releases of Firefox meet your requirements?

In particular:

• Firefox 85 Cracks Down on Supercookies - Mozilla Security Blog
• Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog
• Introducing State Partitioning - Mozilla Hacks - the Web developer blog

[smichel17]

Short answer — yes.

Longer answer — I think it would meet my original requirements, but the way I browse the internet has changed quite a bit since then and I'm not really sure any more. In short: I use Temporary containers with most isolation settings enabled and very few permanent containers; and I use uMatrix with very restrictive defaults, including blocking 1st party cookies & js. That is, instead of using per-site containers, I use per-tab containers and restrict how much access sites get besides that. Privacy features like you mentioned are still nice as a backup for when I want to un-break a site — the same reason I use both uMatrix and uBlock origin.