Web containers - Stop data sharing between websites

If you regularly use an Internet browser and you know a little bit about Web technology, you generally know what data is retrieved by the different websites that you visit. If not, just know that each visited website stores information about you through different mechanisms (cookies in particular) which can for example identify you so you no longer have to enter your credentials.

However, this is only a small part of the data that publishers recover. These data can then be used for various purposes, including commercials. But don’t worry about it! It is not mandatory and there are simple ways to add a protective layer. For example, web containers.

Basics

Cookies

Unless you’ve never been on the Internet, you’ve heard about these famous “cookies”. But what is behind that word? Cookies are small files put at a specific location on your computer by the different websites you visit. They are put on the disk where your browser can read them. They are used to identify you when you visit a website. Thus, thanks to your cookie, the site in question recognizes you and can automatically connect you or give a personalized user experience. However, these cookies can also be used for other purposes, so they can record your browsing preferences and your experience on a particular site. Once retrieved by the publisher in question, nothing prevents him from using this data for statistical, commercial or advertising purposes to precisely target you.

Although it is possible to disable them completely, some sites will no longer work without cookies. It is therefore up to you to decide whether or not you want to use them. A first configuration layer can be done through your Internet browser (Préférences Firefox).

With the general awareness and hardened laws regarding privacy and personal data (example of the RGPD) a large number of websites now ask users for their consent, this may include cookies and how they use them. Below, an example with the streaming website twitch.tv. Thus, each user can choose whether or not to consent (sometimes it is only a warning, and non-consent is not possible).

web_containers_1.png
web_containers_2.png

Below, a second example, for the Topito site. You can see that it is possible to configure which data will be retrieved by the site.

web_containers_3.png

Containers & Contexts

If you are familiar with the computer world, the term “containers” must mean something to you (Docker, LXC,…). If not, no problem! A container, in general, is a kind of logical “box” in which a process is enclosed and isolated it does not communicate, or in a controlled way, with the rest of the system. In the case of system containers, they are used to isolate applications.

This principle can be applied to Internet browsing and is no more complex! The aim here will be to isolate navigation on different websites so that they do not communicate with each other and thus cannot exchange data. This requires the use of contexts.

Contexts apply to navigation tabs, we call them contextual tabs. They are classic tabs, but with one important difference: the websites you browse only have access to a limited portion of the storage in your browser. That means that your website preferences, saved sessions and tracking data for advertising will not be imported into the new context. Similarly, no navigation data performed in the new context will affect your saved sessions or track data left in your other contexts (see Contextual tabs).

Another practical feature of web containers is that they offer the possibility of connecting to the same application with different accounts. Let’s take the example of Gmail. If you have multiple context tabs, you can connect to two different Google accounts at the same time, one in each context.

Practical case - Firefox Multi-Account Container

Firefox Multi-Account Container is an add-on module for Firefox, developed by the Mozilla Foundation to containerize navigation tabs. I have chosen to talk about this add-on module because it is probably the most widely used and easy to use.

A page dedicated to web containers and this add-on module allows you to understand in detail how it works. It is rather detailed and relatively easy to understand (Firefox Multi Account Container).

How does it work ?

The first thing to do is to install the add-on module from Firefox manager.

Once this is done, you have two ways to use it.

  • You can choose to open contextual tabs (containers) and navigate freely. In this way, resources will be isolated between each container.
  • Or you can set default containers for websites you often use. So, if you go to a particular website, it will be opened in the choosen container.

A good thing to do first can be to define your different containers. It is up to you to decide how you want to segment your navigation. For example, you can define a container for your social networks, or even a container for each social network. Be aware that social networks are very fond of your data, it allows them to sell them to advertisers or other companies who will then use them to target you. Isolating these networks is therefore a good thing.

You can also segment your online purchases with the rest of your browsing, in order to limit risks. For the rest, it’s up to you.

The creation of a container cab be done via the addon, accessible directly in the Firefox navigation bar.

web_containers_4.png

Then simply click on the “+” icon. You can choose a name, color and icon for your container.

web_containers_5.png

Once the containers have been created, simply click on the add-on module icon to see them appear.

web_containers_6.png

In order to open a new container, you can click on the desired one in the list presented. A new tab should appear. You can know which container you are in with a small visual information located both in the title of the tab (container color) and in the address bar. In the example below, we can see that I am in the “Social Networks” container.

web_containers_7.png

Open websites in containers

Now that you know how to navigate using containers, maybe you would like to avoid having to manually open a new context tab each time? Indeed, it would be more practical to define which containers should open websites. Good news, it’s possible.

To do this, you must first open the desired website in the container to which you want to assign it. Let’s take the example of Github.

web_containers_8.png

Then in the addon, we haveto specify that we want this website to be opened all the time in the same container.

web_containers_9.png

Finally, the next time the website is opened, it will be in the chosen container. Don’t forget to check the “Remember my choice” box for future visits.

web_containers_10.png

Other solutions

Facebook Container

This is an add-on module to specifically isolate Facebook in a separate container. It is possible to use the add-on module in conjunction with Firefox Multi-Account Container. If you don’t want to bother setting up several containers, this can be a minimal viable solution, even if it’s limited to Facebook.

The use of this add-on module is noticed, in the same way as for Firefox Multi-Account Container, by the appearance of a mark in the address bar.

web_containers_11.png

You can download the add-on module on the Mozilla website(link).

Unsafe Container

Module developed by @Creased, to provide an additional layer to the previously seen addon. It allows you to add an “unsafe” container by default so that all visited websites are automatically added to a container. Indeed, by default, tabs without context (i.e. when no container is assigned to the tab) are considered as classic tabs and therefore share all their resources.

This modification to a default context not only isolates browsing sessions from the default browsing context (used in particular for accessing browser configuration data, downloading files, etc.), but also adds a visual aspect to non-isolated tabs.

It is interesting to note that after the installation of the module, cookies and other existing data are not deleted. Thus, cookies already stored in the browser will still be shared. To correct this, it is necessary to manually delete your cookies, in order to start from a healthy base. This can be done via the Firefox settings.

The add-on module can be downloaded on the following page.

Context Plus

This add-on module also allows you to add additional functionalities to our containers. Now that we have different tools to isolate our tabs and create separate contexts, it would be interesting to be able to move a tab from one context to another. Unfortunately, the add-on module seen above does not allow this.

In order to overcome this problem, we can use the module Context Plus. Once installed, the context change is done simply by right-clicking on the tab and selecting a new container under “Move to Context”.

Again, an important fact to note. When changing the context for a tab, cookies are not moved, which means that you will have to re-authenticate yourself on the application.

The add-on module can be downloaded on the following page.

Conclusion

I only talked very briefly on the notion of cookies, which is broader than that and is also important. Feel free to check it out because it is one of the most interesting engines for a publisher to track down its users.

Nevertheless, solutions such as web containers exist and allow both to add a visual aspect to the contextual tabs and also to limit the unwanted information shared between websites.

If you have any questions about the subject, or about the add-on module itself, feel free to contact me on Twitter.

Android Internet Box and Privacy - The iceberg summit Windows 10 & GPO - Hardening against personal data leak