Web lists-archives.com

Re: firefox > Preferences > When Firefox starts.




Am 24. Apr, 2019 schwätzte David Wright so:

moin moin,

On Tue 23 Apr 2019 at 18:15:03 (+0000), der.hans wrote:
Am 23. Apr, 2019 schwätzte David Wright so:
On Tue 23 Apr 2019 at 15:53:50 (-0000), Curt wrote:
On 2019-04-23, der.hans <deb-user@xxxxxxxxxxxx> wrote:

I use different Firefox profiles for banking to improve isolation, so at
least they won't be attacked by a retailers tab.

I'm experimenting with Firefox containers for the isolation.

https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

I can see some usefulness in having separate bookmarks and histories,
particularly the latter as it's not easy to classify in the same way
as bookmarks with its submenus. But I see only convenience, not
security.

What experiments have you devised? How do you define "isolation",

Thus far my experiments have only been for usability. When I first tried
Firefox containers some time ago I could only open one tab in each
container.

I'm just checking that they work and that I can use the same site multiple
times with different credentials from the same browser instance.

and what are the criteria by which you judge whether their scheme
is succeeding or not?

At some point I will need to dive into documentation to see if the design
is to isolate the containers sufficiently for me. Even if it is, I'm
still concerned about a bug allowing container escape or information
bleeding.  Should containers not be sufficient for me, they still look
like a significant improvement for those less tech minded.

My view is that it's easy to test whether unix permissions are working
as the walls are on the local host. But to test whether there's

Exactly! We have long-standing, testable capabilities :).

leakage between containers, you have to either be at the other end of
the connection or be monitoring all the traffic going out from the
local host.

It really needs inspection inside the browser and auditing via multi-site
testing.

But, $spouse isn't going to set up a bunch of different browser profiles.
If containers would be viable for that use case, then they could be an
improvement if the promise turns out to be at least mostly true.

They would also be an improvement for my generic browser use cases.

I currently run different browser instances for different tasks I want to
isolate.

I'm not sure how to stop different browser commands jumping into an
existing browser instance. I presume there are ways, but I find it
simpler to just use different users.

Do you mean when an application launches a browser?

I haven't found a way to specify the default browser for external apps.
That would be useful.

For instance,
[ snipped ]
As to experiments, I need to see if I can get tools like lightbeam to help
me audit isolation. I'll also passively test by checking for bleedover
from different sessions.

I want to see if I can enable and disable add ons per container. I presume
not, but that would be a useful feature.

Interesting stuff: perhaps the making of a wiki.

I'm way behind on creating documentation.

I'll add that to my list of things for an upcoming trip.

ciao,

der.hans
--
#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "Luckily, this is a comic book, for which no idea is too complex."
#    -- Larry Gonick from The Cartoon History of the United States