Google Container for Firefox – Prevent Google from tracking you around the web (opens in new tab)

I wrote something that launches a new instance of the Firefox engine for specific profiles.

https://github.com/unqueued/foxbox

But I never got around to polishing it and making it more accessible.

The thing that really prompted me was peeking at what financial websites were doing, trying to connect to data mining sites like ru4.com and refusing to load if they couldn't connect to facebook.com and twitter.com.

My script also fixes paths in profile folders so that the roboforms extension will still work, because it is the only password manager that I have found that is able to completely automate my logins, despite the best efforts of UX designers.

I also couldn't order food from seamless.com unless I allowed a script on their site to connect to facebook.com. So, now seamless.com gets its own empty sandbox.

And because you're using your filesystem to store a browser profile, you can have specific extensions or settings for each profile.

So whenever I want to do financial stuff, it just connects over an autossh tunnel to my home, so it will never trigger any any stupid re-authentications when I'm connecting from a cellphone or work.

The Tree Style Tabs add-on supports this behavior with Firefox's containers, it is awesome.

The problem with this (and the reason browsers don't already do things this way) is that it breaks Single Sign-On flows like OAuth.

When your browser redirects a tab from example.com to accounts.google.com to do an OAuth login, the Google OAuth login cookie that gets set by accounts.google.com under that tab, needs to also be visible later on to any other tab whose "root node" navigates to accounts.google.com.

Maybe you can make an exception for just SSO providers—but won't other nefarious uses (e.g. analytics providers) then just pretend to be SSO flows?

And maybe you can just whitelist the existing SSO providers—but that's an instant oligopoly.

A new tab should be able to go "back" to its parent. Kind of weird that no browser has implemented this yet.

Wouldn't you then have to log in twice to the same site if you have it opened in multiple tabs?

A long time ago, there used to be a browser called "Athena", which did exactly this.

From a UX perspective, that sounds confusing to me. How do you know which subtree from 2 weeks ago each tab is from? It might be an alright tradeoff for 'power' users though

>to prevent tracking I mostly use CookieAutoDelete

Removing cookies will not prevent anyone from tracking.

Simple example: I once visited an online shop from browser profile in which I never logged into Facebook. Few hours later I switched to another browser profile, used exclusively for Facebook, and I got an ad on my timeline from said online shop, for the exact product I was looking for earlier in another browser profile. Facebook associated my two browsing personas without cookies, most likely using a combination of my browser's request headers and IP address. Not to mention that JavaScript (if enabled) provides additional and extremely detailed fingerprinting capabilities.

In my experience, Google seems to have a better track record in terms of respecting cookies (or lack thereof) as the main carrier of online privacy management. But I think it's just an illusion. They're just obscuring it to not freak people out too much the way like Facebook does. The information is still there. They have it, from analytics, fonts, reCaptcha and all other means of their creep.

To prevent tracking, you need to have a full control over information you send to the internet, including browser request headers, IP address, behavior patterns of web browser, and so on. Cookie management alone is just a fallacy and gives a false feeling of control over privacy.

This is also why I consider those "privacy containers" broken by design. They just operate on cookies and don't contain anything besides cookies. I would even consider them harmful because of their misleading nature.

> Also, not having a Google account comes in handy to prevent tracking by Google. My default search engine is DuckDuckGo.

They still can track and target ads at you without an account. An account is not required for that.

I also find CookieAutoDelete invaluable, particularly in combination with "I don't care about cookies" extension which removes almost all of the cookie warning dialogs which you would get otherwise. Web is usable again :)

I just block them for everything except for first party sites using uMatrix.

For some sites I need to allow google.com cookies otherwise I will keep getting recaptcha checks.

Exact same setup here. Works great.

I have the same setup as you

I ended up using the exact same solution! The only annoying thing is that I want "untrusted apps" to open external links in a new DEFAULT tab so that I don't carry over the whitelisted cookies but that requires manual "right click > open in" with the default setup.

That doesn't prevent shit. These companies have invested far more man power to track you than you have to protect yourself. They can use a variety of methods to still track you. And they will. Think IP address based tracking.

Note: none of this prevents tracking unless you also have fingerprinting turned off, which makes things a whole lot less useful. For example, if you like Date.now() to be reliable, and you want to about:config your way to locking down finger printing: too bad. It's one or the other.

The only thing that's annoying is that with GDPR I have to do 3 clicks on every website. What I want is an addon where I can mute / suppress the cookie overlay.

Though I guess with this setup I can do "accept cookies" knowing that they will shortly be deleted.

Why bother with installing anything?

Run your browser in private mode for everything except a few websites you trust.

Done.

… all of which is futile as long as NSA records everything and their databases will leak one day.

... a tarpit nominally designed for bot detection and anti-spam. I'm sure the patent wasn't created with sinister motives but it somehow enforced a system in which you have to either accept full surveillance or end up being increasingly excluded from the socioeconomic sphere. This is the danger of solving the human factor with pure technological means - it doesn't really solve it, instead the human conflict is transported into a more radical one.

I'm sorry, but how on Earth is that a patent?

Things like this make me believe less in patent reform, and more in complete abolishment.

That would be a good reason to quit using Google services altogether.

I don’t think you need to worry about that. In my experience, unless your IP has really bad reputation (think tor exit nodes), a normal browser with a fresh profile will get an easy captcha (2-3 pictures at most).

anecdotally: i run a fairly fingerprint-resilient browser setup (using firefox containers plus additional measures) and, while i am asked for full CAPTCHAs every single time, i haven't yet noticed them increasing in difficulty.

I believe First Party Isolation is what you're looking for. To enable, change `privacy.firstparty.isolate` to `true`. See also previous discussion[1]

[1]: https://news.ycombinator.com/item?id=17944991

Google has... literally hundreds of domains. Just assuming *.google.com would miss things like googleusercontent.com or googleapis.com or doubleclick.net. The Facebook container basically grabs "all domains by Facebook" and sandboxes them together (so they can still interoperate amongst themselves), while isolating it off from other sites you visit.

Sure, you could do a lot of this yourself with different browsers/browser profiles/containers, but it'd be far better to have someone provide that list as a prebuilt addon.

For me personally a per window container would work pretty well. Does that exist?

...Or, you can use "Firefox Multi-Account containers" by Mozilla. [0]

This is what I use. I have everything that I log into google for in one container, social media in a second, and everything else is nicely sand-boxed away from those horrors.

[0] https://addons.mozilla.org/en-US/firefox/addon/multi-account...

>Add-ons are automatically updated in Firefox by default, so you can review this code now and it will change later

Or, if you'd like, you may disable auto-update.

While I agree with you and wouldn't use it myself, it is relevant that Firefox uses human reviewers for their add-ons. So with every update someone will look at what changed and judge if it is benign.

Yes. That's why Apple moved from JS based extentions to Content Blockers model. App provides a complex list of blocked resources to Safari, and have no access to actual browser content.

On iOS, install Firefox Focus, and in Safari settings enable FF provided Content Blocker.

To be fair, I can't see any way for this to work without giving them control of the browser. Even with a TLD limited extension, the extension would need permission to access your browser window and giving it permission to do that would give it permission for any TLD.

Considering that a lot of people still use Chrome I think just using Firefox is a great start.

But yeah there is always nitpicking to do when it comes to security. No one is ever truly secure.

We need a container for the container extension

Feel free to read the source code (the entire thing is 400 lines) and disable extension auto updates. Or sideload the addon from the github repo so there's no way for it to auto update in the first place.

“What three people know, the pig knows.”

There's a Facebook container by Mozilla. I wonder why they didn't make one for Google themselves:

https://addons.mozilla.org/en-US/firefox/addon/facebook-cont...

I agree. I have no idea who the author is and, while they may well have the best of motives, that's not a basis for trust.

FF extensions just have too much power and too little end-user control. At a minimum I'd like to be able to selectively disable them in private browsing mode, as Chrome allows.

Email me to subscribe to my anti-spam service!

Enter your credit card details to check if they've been stolen!

Fork the repository and maintain the extension yourself. I know, it's a hassle and only possible for programmers, but...

The Firefox Multi-Account Containers is a more general extension that allows you to create containers and determine which sites open in each container. This extension can be customized to suit your needs for multiple sites and multiple logins but takes more time to set up than Google Container.

I think this one also makes sure that links you click inside the Google container get opened outside of it?

It serves different purpose. These Facebook/Google containers are for automatic isolation. The Multi-Account Containers is for creating and managing containers.

I've been using MAC for a week, and just added this extension. It immediately shows up in the MAC as an option. SO (I assume) it's no better than just creating a MAC 'google' container. Just easier.

I'd been using a 'sketchy' container for YTube, but dropped YTube into this. Thereby isolating (I think) YTube from the other 'sketchy' sites I may visit. As for Google ... long-ago blocked it and FB on the network level. Chopping off -some- of the octopus' tentacles.

I tried using Multi-Account Containers because I loved the idea but found the user interface rather clunkier and more manual than I hoped.

What I really want is for it to be optimised for the common use case with each domain automatically put in its own container, with some whitelisting of common grouped services (e.g. MS and Xbox Live, Facebook and Instagram).

It's very rare that I actually want to share any cookie info between sites as most of it is tracking. In the rare situation you do, the browser could let you disable containers or add them to a group.

I'd also like something that automatically opts out of tracking preferences, as well as something that periodically deletes cookies/localstorage (say every 14 days).

You could then set it all up and forget about it.

I use this as well. You don't need a site specific addon with this. It's actually useful for separating my different google accounts as well. I'd love an extension that makes all tabs in the a particular container private. That way, any kind of tracking would be opt in by assigning it a non private container and limited to that container.

> I encouraged Mozilla to pursue a Google version, but it seems like they've declined for now

Doesn't Mozilla get a significant fraction of its revenue from their search deal with Google?

You can conveniently audit the source code of (the current version of) an add-on by installing the “Extension source viewer” add-on (https://addons.mozilla.org/en-US/firefox/addon/crxviewer/) and then visiting the page of the add-on to inspect. I haven’t read through all the code of Google Container, but it only has 31 lines of JSON and 422 lines of JavaScript – smaller than most add-ons.

Congratulations, they beat you into submission.

You now have accepted a fundamentally different world where anything you like, anything you say, anyone you are with or hope to be with, anything you hope to do, have done, didn't do, every mistake or misstep or misstatement or misunderstanding or fuckup, is recorded, analyzed, classified, and mined. You're being constantly thought about, by the machines, who, if you are lucky, are only interested in making a buck off you, and if you are not lucky, have targeted you for increased scrutiny, security checks, auditing, social classification, digitized karma, and eventually, all of this will translate to a significantly different experience through life. How will it manifest? Maybe it'll be something big like being denied a loan for a car or a house. Maybe it'll be a landlord turning you down for an apartment. Maybe it'll be a constant drip of ads trying to trick you into buying something. Or maybe one day beaker53 will say something bad about the government, or get involved with a terror group, or it will accidentally look like you got involved with a terror group. Or maybe they'll just come annoy you while you're sitting down to tune your guitar with an ad on how to make yourself a better guitar player, if only you did this or that or the other thing. Or maybe they'll pester you because your friends did something or didn't do something or should do something, or how you'll look better in relation to them if you did do something.

Speak for yourself. I'm sick of being watched and being "thought about" by all these damn machines. FFS leave me alone, like it was just 15 years ago. Just 15 years ago.

Protecting your privacy is much like security, in the sense that it's not a black or white issue.

Having a lock on your door won't stop professional burglars, but it implies effort and isn't the same as leaving your front door wide open, which also invites passerbys.

Protecting your privacy actually has a non-negligible effect on your experience on the Internet. Let me give you an example ...

I have a friend that's a T2 diabetic, is self treating and doesn't want to go to a doctor due to past bad experiences. So in trying to help him, I signed up for a Facebook group for diabetics in my area. The result is that now I'm getting commercials for treatments of diabetes.

This to me is freaking scary, because this data can be used against you. Your medical history could affect your credit score for example. Your buying history or your friends list could affect the price of your insurance. Your daughter could get pregnant and the store could find out about it before you. Oh wait, these already happened.

You can't escape all profiling, but the less these profiling companies know about you, the better you are.

I'm using DuckDuckGo lately to search for symptoms of hypothyroidism, because apparently I suffer from it. Along with the privacy extensions I have installed (Privacy Badger, and ad-blocker with EasyPrivacy), guess what, I don't have commercials following me around on hypothyroidism, which to me is confirmation that I'm doing a good job.

You can choose to not care of course. But you're probably young. Give it another decade.

I can easily imagine that there's an identity for me at Google which is linked to all the IP I had ever used (meaning country and ISP at the least), and linked to every google account I ever used and browser ever used (meaning what devices I've been using) and then every page I've visited which has Google ads or analytics (meaning what site I visit) and every keyword I used to search the web (easy to guess what kind of life I'm having) and then every location I've ever searched on their map (meaning they know where I go and perhaps roughly where I live).

They know more about your online history than yourself they can write a diary for you but if you feel comfortable with that, then you don't need to do anything.

Changing IP, clearing cookie and changing browser may divide your ID but as soon as you log in with your Google account or they realize you may be having identical online activities, you can easily get linked again.

And as soon as you buy something on your Google account, be it physical item or an in app purchase, they know your real identity along with all of the above and then with more profiling, you will be linked with other people by family name, location you often visit and recognized by any other profiling I can't think of now.

China has their social score built around tracking. People can't get on planes/buses because of it now.

Considering all data is saved forever, how likely do you think your country is to get something similar in the next 30 years?

Well, I don't really worry much about trying to avoid it. I do stuff somewhere along the lines of your "best bang for the minute" guidelines (aside from running my own mail server).

However, it does concern me that it exists. They use this data to manipulate people. To drive "engagement", which means addiction. I could spend too long describing the evil in it, but at the end of the day, why do they care so much about the data? It all only really comes down to a way to manipulate people... into buying goods, into believing things... without hyperbole, just to try to avoid listing out so many points and examples, their desire for data stands in opposition to the popular conception of free will and democracy. I will always take a strong dislike to people and organizations attempting to manipulate me by means other than simply providing value in my life and getting some value back in exchange.

At this point, it concerns me less how much data they collect on me, and that we as a society haven't dropped some kind of regulatory hammer on them before they almost literally brainwash us out of the notion that we would even want something like it.

Agreed - it seems to come from a similar mindset as being obsessed with "websites must run without Javascript because 0.00003% of HN users disable JS".

Another aspect of this I don't see mentioned nearly as much is that attempting to be more private may actually make you stand out more in terms of government surveillance. They wouldn't be getting as much data on you from companies, but odds are they're still getting plenty, and in the case of taking extreme measures to limit that it only takes one mistake to undo a lot work. So hypothetically if you did have something to hide, or if you really wanted to maximize privacy for a subset of your life, you would allow most of what you do to be tracked in order to appear "normal"

In my case it's not a hobby. I actually hate wasting time and money on these kind of things. But on the other side I'm legitimately scared about what's happening with all my digital information. It could be paranoia because of all the privacy movement and the recent scandals but it's not worth the risk when you have very easy to setup tools to improve your privacy like that ones you mentioned in your last paragraph which is exactly what I'm currently using (+ DDG for searching).

No it's not just you. I block ads with ublock origin. The end result of the tracking is targeted ads, and as I don't see any of them I don't care how accurate they are.

Why did you put tracking in quotations?

>Am I the only one who doesn't worry too much about all this "tracking"? Trying to avoid tracking is like some weird obsession/hobby.

A cursory glance at recent human history[1] shows the extreme naivety of not worrying about the negative effects of mass computer tracking.

[1]https://en.m.wikipedia.org/wiki/IBM_and_the_Holocaust

Firefox already has a built-in option to block all tracking[1], the reason why this add-on exists is that it lets you keep Google into a separated Firefox Container[2]

[1] see here https://support.mozilla.org/en-US/kb/tracking-protection?red... or, alternatively, you can use Privacy Badger or one of the many ad-blockers that let you enable tracking-related lists, such as uBlock Origin.

[2] see here: https://addons.mozilla.org/en-US/firefox/addon/multi-account...

Regular trackers can be blocked outright. One may need to use fb and google from time to time.

Firefox tracking blocking is a fairly weak "make the web a bit safer while breaking nothing". This extensions actually does break stuff like google logins on non google websites.

For anyone else wondering, this is now “content blocking” and by default is in private browsing mode only but can be set to always on. Sounds like a good idea. https://support.mozilla.org/en-US/kb/tracking-protection

Containers need curating. You could in theory do that yourself, but you probably don't know how in practice (most users) or don't want to (most remaining users). These pre-made containers are curated by their developer so they do all that work once.

I'm wondering this as well. Firefox has built-in containers. Can't we just use them?

https://support.mozilla.org/en-US/kb/containers

They shouldn't, but that doesn't mean they aren't: https://apnews.com/828aefab64d4411bac257a07c1af0ecb

That would certainly make it easier to trust this extension. I'm curious why Mozilla would ship a Facebook container but not a Google container.

Unfortunately, that would be biting the hand that feeds.

Two different schemes.

uBlock loads privately-constructed filtersets which are used to decide what net contents to block. (That blockage can be customized per-site in advanced mode.)

Each FF container keeps content associated with one or multiple sites 'isolated' (in theory) so they can't be 'seen' by sites in other containers ... all in the browser.

You're not inherently trusting your VPN service to: a) not track you b) not keep logs c) not disclose this information to your actual ISP

You're also now just sitting behind whatever ISP your VPN uses which knows everything you're doing and sells it back to who-ever.

If your not rotating your VPN services that still allows you to be tracked via that IP. At the end of the day all your data still belongs to someone and can be used for whatever. Until DNS over TLS is complete and rolled out across the board your metadata can still be used.

Not to mention all of the other things associated with this. Even being connected to a VPN via your phone will still leak information like your coarse location, wifi networks and bluetooth beacons nearby which all get sent to your primary phone carrier and whatever applications you use.

They produce a lot of things that are super useful for avoiding edge cases. Consider Google fonts, for instance.

FF has an option to configure the Referer (lots of websites might break). Scripts/fonts can be filtered via extensions like Privacy Badger, either by blocking the cookie, or the domain completely.

4. enjoy annoying captcha during every search

5. switch to duckduckgo

Which websites would you define under social container?