canmove, Confirmed users
285
edits
Security/Contextual Identity Project/Containers: Difference between revisions
Security/Contextual Identity Project/Containers (view source)
Revision as of 02:00, 9 June 2016
, 9 June 2016changed a few words
m (added item to not separated by containers section) |
m (changed a few words) |
||
| Line 27: | Line 27: | ||
==Benefits and Use Cases== | ==Benefits and Use Cases== | ||
At an abstract level, the | At an abstract level, the feature seeks to give users more control over the data websites can access (ex: cookies, localStorage, indexedDB, etc). The current level of control is very coarse, essentially providing an "all or nothing" solution; users can clear everything or accept everything. Cookies can be managed with the Cookie manager, but all other state has no graphical interface for management (see [https://bugzilla.mozilla.org/show_bug.cgi?id=1147820 Bug 1147820]). | ||
The containers project inserts a user-controlled key into storage, which allows users to decide which state to use when interacting with a site. They can choose to send the state from their personal context or work context, and they can choose to create a new, short-lived state to browse in a certain context for a few days until a task is completed. The goal of the project is to create a very customizable experience while including a few suggested uses for users who may not want as much control. | The containers project inserts a user-controlled key into storage via OriginAttributes, which allows users to decide which state to use when interacting with a site. They can choose to send the state from their personal context or work context, and they can choose to create a new, short-lived state to browse in a certain context for a few days until a task is completed. The goal of the project is to create a very customizable experience while including a few suggested uses for users who may not want as much control. | ||
# Users can log into multiple accounts on the same site, even when the site does not natively support concurrent sessions. | # Users can log into multiple accounts on the same site, even when the site does not natively support concurrent sessions. | ||
| Line 43: | Line 43: | ||
# Users can control an advertiser's ability to track them. | # Users can control an advertiser's ability to track them. | ||
#* A user wants to shop for items, but doesn't want retargeting ads to follow them around during the browsing they do for work. If the user does their shopping in the shopping context and switches to the work context while at work they will not send the same set of cookies to advertisers. | #* A user wants to shop for items, but doesn't want retargeting ads to follow them around during the browsing they do for work. If the user does their shopping in the shopping context and switches to the work context while at work they will not send the same set of cookies to advertisers. | ||
# Users can create short-lived contexts for a specific task, and discard them once the task is complete. | # Users can create short-lived contexts for a specific task, and discard them once the task is complete (Note that this is not implemented yet in the current design.) | ||
#* A user may want to do research for a vacation. They can create a vacation container which keeps their TripAdvisor account logged in and has advertisements related to travel. The user can keep this context for the few weeks leading up to the vacation and can discard it after. | #* A user may want to do research for a vacation. They can create a vacation container which keeps their TripAdvisor account logged in and has advertisements related to travel. The user can keep this context for the few weeks leading up to the vacation and can discard it after. | ||
# Isolates a site's credentials to a container, helping prevent CSRF, clickjacking, or other attacks which rely on the presence of ambient credentials. | # Isolates a site's credentials to a container, helping prevent CSRF, clickjacking, or other attacks which rely on the presence of ambient credentials. | ||
| Line 70: | Line 70: | ||
* The Shopping container can be a place for Amazon, Alibaba, and other stores | * The Shopping container can be a place for Amazon, Alibaba, and other stores | ||
=== | ===Default Container=== | ||
By creating containers, we also create a notion of sites that exists ''outside'' of a container. By default, all of a user's browsing prior to enabling the feature is considered to be in the ''default'' container. Additionally, any browsing that occurs after the feature has been turned on, but not in a named container is considered to be in the default. | By creating containers, we also create a notion of sites that exists ''outside'' of a container. By default, all of a user's browsing prior to enabling the feature is considered to be in the ''default'' container. Additionally, any browsing that occurs after the feature has been turned on, but not in a named container is considered to be in the default. | ||
| Line 103: | Line 103: | ||
For the initial version, this feature is discoverable via the File menu and is limited to a few purpose-specific containers. However, on Windows, the File menu is hidden until the user hits the Alt key. In future versions, the Containers menu should be added as an item under the ‘Hamburger’ menu on the right side of the toolbar. | For the initial version, this feature is discoverable via the File menu and is limited to a few purpose-specific containers. However, on Windows, the File menu is hidden until the user hits the Alt key. In future versions, the Containers menu should be added as an item under the ‘Hamburger’ menu on the right side of the toolbar. | ||
Containers are discoverable for those who want to use them, and have no impact on the browsing experience of those who don't. Through user research, we’ve found that | Containers are discoverable for those who want to use them, and have no impact on the browsing experience of those who don't. Through user research, we’ve found that many people have only one account per website, and that they don’t currently separate their online selves into work/home/banking/etc. Containers is not a feature for those users. | ||
However, we can hook into several user actions and present onboarding messages to encourage container use. We can detect users logging in and out of a service like Twitter that doesn't have support for multiple logins, and offer the feature to them. We can also offer the feature to users when they first try to access their online banking after the feature has been enabled. | However, we can hook into several user actions and present onboarding messages to encourage container use for users who can benefit from them. We can detect users logging in and out of a service like Twitter that doesn't have support for multiple logins, and offer the feature to them. We can also offer the feature to users when they first try to access their online banking after the feature has been enabled. | ||
==Potential Difficulties== | ==Potential Difficulties== | ||