Web lists-archives.com

Re: firefox > Preferences > When Firefox starts.




On Tue 23 Apr 2019 at 18:15:03 (+0000), der.hans wrote:
> Am 23. Apr, 2019 schwätzte David Wright so:
> > On Tue 23 Apr 2019 at 15:53:50 (-0000), Curt wrote:
> > > On 2019-04-23, der.hans <deb-user@xxxxxxxxxxxx> wrote:
> > > > 
> > > > I use different Firefox profiles for banking to improve isolation, so at
> > > > least they won't be attacked by a retailers tab.
> > > > 
> > > > I'm experimenting with Firefox containers for the isolation.

> > > https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
> > 
> > I can see some usefulness in having separate bookmarks and histories,
> > particularly the latter as it's not easy to classify in the same way
> > as bookmarks with its submenus. But I see only convenience, not
> > security.
> > 
> > What experiments have you devised? How do you define "isolation",
> 
> Thus far my experiments have only been for usability. When I first tried
> Firefox containers some time ago I could only open one tab in each
> container.
> 
> I'm just checking that they work and that I can use the same site multiple
> times with different credentials from the same browser instance.
> 
> > and what are the criteria by which you judge whether their scheme
> > is succeeding or not?
> 
> At some point I will need to dive into documentation to see if the design
> is to isolate the containers sufficiently for me. Even if it is, I'm
> still concerned about a bug allowing container escape or information
> bleeding.  Should containers not be sufficient for me, they still look
> like a significant improvement for those less tech minded.

My view is that it's easy to test whether unix permissions are working
as the walls are on the local host. But to test whether there's
leakage between containers, you have to either be at the other end of
the connection or be monitoring all the traffic going out from the
local host.

> I currently run different browser instances for different tasks I want to
> isolate.

I'm not sure how to stop different browser commands jumping into an
existing browser instance. I presume there are ways, but I find it
simpler to just use different users.

> For instance,
[ snipped ]
> As to experiments, I need to see if I can get tools like lightbeam to help
> me audit isolation. I'll also passively test by checking for bleedover
> from different sessions.
> 
> I want to see if I can enable and disable add ons per container. I presume
> not, but that would be a useful feature.

Interesting stuff: perhaps the making of a wiki.

Cheers,
David.