On Sun, Feb 1, 2015 at 12:41 PM, Mike Perry <[email protected]> wrote:
> Francois Marier: > > A few of us have been thinking about how to let users manage their > > multiple online identities in Firefox, as well as how to isolate sites > > from one another. Our goal is to find tools we can offer to > > privacy-conscious Firefox users. > > > > Containers [1] was the first idea that Bram and I came up with. It's a > > lightweight way to keep sessions (i.e. cookies, local storage, etc.) > > separate. A single person could have more than one container in their > > browser. > > For what it's worth, for Tor Browser we are interested in using > containers for isolating identifiers to the URL bar domain (aka > double-keying). Our long-term goal is to produce a cookie/identifier > management UI that allows users to define their relationship to URL bar > sites in a way that resembles application management, rather than > managing a relationship to a myriad of third parties. Here's a mockup of > that UI idea, though obviously another layer of per-site account > management would also be nice: > https://www.torproject.org/projects/torbrowser/design/NewCookieManager.png > Nice to have another potential user of Containers. Bear in mind that we don't even have a prototype built into Firefox yet; Baku's addon Priv8 is a great example though. > > We already have some patches that do this isolation for the image cache > ... and for DOM Storage.... > We still lack patches for proper cookie and http auth double-keying. .... > We also want to disable HSTS for third parties while such isolation is > enabled... > > I am wondering if the AppId/Container model might make Tor Browser's > first party isolation easier? Should we be trying to use it for our > current and future patches? > For now, you could experiment with it. As Baku's email said, there are things like window.open() that do not work correctly. AppID is a B2G concept that we hope to generalize for containers but that work hasn't started yet. So, right not, we don't have anything for you to use. In the future, yes, it seems like it could be a good model for your first party isolation project. Steve. _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
