Enhance your privacy in Firefox with Temporary Containers

Since version 57 of Firefox — Codename Firefox Quantum — it is possible for Add-ons to activate the new Container feature without the need for the user to manually edit the browser configuration. Just install an Add-on that supports Containers and you’re good to go.

What are Containers and how do I use them?

Multi-Account Containers

The best and easiest way to get started is with the official Multi-Account Containers Add-on from Mozilla. After installing the Add-on you get a new Icon in your Toolbar which reveals a popup with a list of predefined permanent Containers: Personal, Work, Banking, Shopping. By clicking on one of the Containers you open a new Tab in that container — which is indicated in the addressbar on the right with the name of the Container and its assigned icon (Pro-Tips: You can also long-click the New Tab Icon to select a container or if you prefer keyboard shortcuts you can press Ctrl+. (Cmd+. on Mac) followed by the Tab-Key and then a number from 1 to 10).

Websites that you now open in this container store their Cookies, Storage and Cache only in the given container. So if you login to a site in your “Personal” container and then open a new Tab in another Container or in a default Tab, you’ll see that you’re not logged in anymore. This is not only useful for logging into websites with different accounts in the same browser, but it also makes it harder for websites to track you through the Internet. Clearing your cookies and cache to get a clean-start, logging into your social-media accounts only within a container and do the rest of your browsing outside that container already enhances your privacy by a great deal.

The next step: Temporary Containers

If you browse the Internet in default Tabs or in a specific Container you still collect Cookies, Storage and Cache in one place — which is something advertisers and other data-collecting services really appreciate — it makes tracking you easy. Fortunately there’s an easy way to automatically create new Containers every time you open a new Tab and delete the Container if it’s not needed anymore: the Temporary Containers Add-on. By default you can open new Tabs in Temporary Containers with the Toolbar Icon or the keyboard shortcut Alt+C (linux, macos) / Alt+Shift+T (windows). If you enable the “Automatic Mode” in the options however, it will overwrite your standard ways of opening websites in new Tabs and external programs opening links. Instead of opening the website in No Container, it will open the website in a freshly created Temporary Container. You’ll notice how the names of the Containers keep counting up every time you open a new tab and visit a website: tmp1, tmp2, tmp3. As soon as you close the last Tab in such a Container, it will automatically get removed and with it all that data that makes you easy to track.

One thing you’re maybe used to is to open a new Tab and use the search-engine of our choice. Now if you pay close attention to the Container name you’ll notice that by just left-clicking or right-clicking — and selecting “Open in New Tab” — on result-links you stay in the same Temporary Container. But there are also features to help you with that: One is to configure the Global Isolation to “Only if the navigation target doesn’t exactly match the Tabs Website Domain”, that would make sure that you really only load one domain in one Temporary Container. The other way would be to set the Global Middle-Mouse or Ctrl+Left click (Cmd+Click on Mac) on links in the options to “Always”, then links will also automatically open in a fresh new Temporary Container. Additionally I’d recommend configuring Global Left Click to “Only if the clicked Link is not the exact same Domain as the Website” — that way all left clicks you make that lead to an external domain or a subdomain will automatically opened in a new Temporary Container. Configuring both Isolation and Mouse Clicks is recommended. Alternatively you can right-click on links and select “Open in New Temporary Container” somewhere on the bottom of the context-menu. Either way: people trying to track you now have an even harder job doing so.

“But how do I stay logged in with just Temporary Containers in Automatic Mode?” you might ask. Just remember what we learned at the beginning of the article. You can use permanent Containers — predefined ones or add some of your own — and open Websites in them and you stay logged in that way.

If you want that a particular site always opens in a particular container — e.g. a specific work related site always in the “Work” container — you can achieve this by using the Multi-Account Containers Add-on: Open a Tab in the “Work” container. Then surf to the site you always want to open in that container. Now click on the Toolbar Icon again and click the “Always open in” checkbox. Now if you open a new tab and open the site it will ask you to open in the assigned container. There you can also check the “Remember my decision” checkbox — that will make it so that now every time you surf to that site it will open in the assigned container without asking.

Though it’s interesting to not activate the “Remember my choice” setting because by visiting a site bound to permanent container and giving you the choice “Open in $AssignedContainer or Temporary Container?” it reminds you that: “Do I want that site to associate that particular visit with my account I’m logged in with right now or should I use a temporary container instead?” Think visiting random posts, profiles or repositories on social-media sites/github/younameit.

Configuring Temporary Containers

If you don’t like that Temporary Containers names are prefixed with “tmp” or you want them to have other colors or icons — you can just hop into the Add-on Options and configure all that to your liking.

Isolation can make sure that you stay on a specific website and every other request automatically gets opened in a new Temporary Container. It also has an option to configure to only allow Websites assigned to “Always open in” with Multi-Account Containers to load in their container — and every other request in that container gets opened in a new Temporary Container too.

Mouse Clicks lets you configure what MiddleMouse, Ctrl/Cmd+LeftClick and regular LeftClicks should do — including an option to configure Mouse Clicks behavior per Website. Some useful Mouse Clicks configuration could be:

  • You don’t want that MiddleMouse Clicks open a new Temporary Container for the website you’re currently logged-in to, but instead open in the same Container as the currently active one — in this case just configure “example.com” under “Mouse Clicks -> Per Website” and set “Middle Mouse” to “Only if the clicked Link is not the exact same Domain as the Website”
  • On websites that track outgoing external links with a tracker that’s placed on the same domain as the website itself, you might want to configure all Mouse Clicks to “Always” to ensure opening in a new Temporary Container

In the Advanced panel you’ll find the possibility to configure Temporary Containers that automatically delete their history. It isn’t fully supported by Firefox yet and hence comes with a warning and explanation that you should read carefully before using that feature.

The Add-on is Free Software and hosted on GitHub — so feel free to report issues, ask questions or get involved. Like stated in the privacy policy on the Add-on website it will never send any data to external servers or track you in any way.

Comparison with other privacy configurations and Add-ons

  • Private Windows:
    If you open “Private Windows” in Firefox, all tabs that you open within Private Windows (even multiple ones) use the same underlying container and accept first-party and third-party cookies. So if you do your browsing within Private Windows, it can easily be tracked between sites while the windows are open. A way to test that is, just login to a site in one Private Window, open another tab in a new Private Window and open the same site again — you’ll see that you’re still logged in. Of course, if you then close the windows, the container storage is cleared.
  • Disabled third-party cookies, maybe even with First Party Isolation:
    All first-party data will remain on your disk. If you for example open a link to an item on a shopping site in one tab and a little bit later open a link to another item on the same shopping site in another tab — then it’s clear to the site that you saw both items because of cookies/storage. Though in practice some sites might go to the extend to match that visit with fingerprinting, using Temporary Containers still makes it harder to track you.
  • Cookie AutoDelete to automatically remove cookies and localStorage
    The same as with “Private Windows” and “Disabled third-party cookies” applies as long as the cookie storage isn’t cleared — which depends on which settings you have in CAD. Also with localStorage support enabled you make fingerprinting easier, because CAD needs to set a cookie for the domains you visit and CAD can’t clear indexebDB storage at all. If you want to see it yourself try filling your indexedDB and localStorage with 5kb on this site. Now close the tab (and click Clean depending on your settings), open the site again and you’ll see that the indexedDB storage is still there.
    It’s still really useful to have Cookie AutoDelete: it can keep your permanent container clean from unwanted Cookies. Make sure to activate the Container Support — and instead of activating localStorage support I’d recommend using Temporary Containers.
  • Containers on the Go
    Has only the basic feature of opening disposable containers with Toolbar Icon, Keyboard Shortcut and Context Menu. None of the other mentioned features that Temporary Containers has. Also it’s Proprietary Software.

Recommended privacy enhancing Add-ons

  • Decentraleyes — Protects you against tracking through “free”, centralized, content delivery by automatically injecting local resources if possible.
  • Don’t track me google — If your search-engine of choice happens to be Google this Add-on will remove the tracking automatically placed on result-links. Or just use startpage.com instead.
  • HTTPS Everywhere — Automatically redirects you to the secure version of websites if available.
  • uBlock Origin — I guess you already know this one. If not, check it out.