The way I have historically managed my browsers was I had one main browser I used for most activities(Firefox+Arkenfox). Then I had a few specialized browsers I used for other purposes. A browser that was proxied to my VPN(Librewolf) and a browser for when I needed/wanted Chromium(Vivaldi).
My main browser used temporary containers and suite of add-ons for privacy and convenience. With the temporary containers add-on becoming unmaintained for so long, I decided to rethink the way I manage my browsers. I decided to split my browsers based on the type of privacy, security and containment I needed.
For me, this approach required 5 browsers:
Main - Priorities being partial anonymity, privacy and containment
Zen+Arkenfox - Using FPI, some specific containers and a host of other extensions.
Shopping - The priority being containment
Floorp - Using FPI and a couple of specific containers
Banking - The priority is security
Firefox - Using no extensions except my password manager - Using the flatpak so it is updated hourly
VPN proxy
Mullvad - Uses FPI by default
Chromium-based - The priority is for dealing with things that require/want Chromium
Brave - Itās built-in adblocker seems to be about as good as it gets on Chromium-based browsers. For now, they are still supporting MV2 as well. Although, it remains to be seen if any MV2 extensions will continue to receive updates.
In some ways I think this is safer. My main browser has tons of extensions and now my secure activities can no longer be observed by those extensions. I delete cookies on browser close in my main browser but retain them in my shopping browser.
This seems to be working for me at this point although it has only been a couple of days.
When I was deciding how to set this up, I did some research on containers, FPI and dFPI.
I thought I would share the results in case anyone else was interested.
Firefox provides three technologies for isolating data:
Containers - Provides full isolation for cookies and site data.
FPI - Creates a separate cookie-jar for the each site to keep 3rd party cookies isolated.
dFPI/Total Cookie Protection - The same as FPI but has exceptions that prioritize interoperability over strict isolation
The Tor Browser and the Mullvad Browser have FPI enabled by default. All the other Firefox-based browsers enable dFPI when cookie security is set to āStrictā or āStandardā. FPI can be enabled in any Firefox-based browser by setting privacy.firstparty.isolate to true.
One important thing to note is that if you set any cookie exceptions in settings this will disable dFPI/FPI for those sites. So if you set your browser to delete cookies on close but have a list of exceptions you want to keep, those will no longer get their own cookie jar. To work around this until a fix is implemented, you can put those sites in containers if you want them isolated.
It is also worth noting that, as far as I can tell, no Chromium-based browser provides any kind of isolation outside of private browsing windows.
Thanks for providing all of this info. Some of these steps I have been working towards but havenāt finished it fully yet, and nowhere near the detail you have wrote here.
All seems pretty sound, I follow a few cyber security channels, one of which (Rob Braxman) has mentioned using multiple browsers for separating traffic. But I am building up my plan but seems you have went a bit further than me on that, thanks!
So far I only have Tor and LibreWolf, and Zen but building on to this.
I donāt really have anything to add other than noticing your thinking is on the right track, since I donāt have any better ideas anyway. And will keep track of this for any updates or to append parts to what I was doing.
this is identical to me except mullvad, librewolf, ungoogled, and no vpns, and ungoogled instead of vivaldi since chrome has a commercial purpose usually and itās an accessible sieve.
I found Arkenfox not restrictive enough when I ran FF.
I also have been re-thinking.
Your bullet points are identical to mine.
I thought I was foolishly clinging to the idea of compartmentalization. I rarely here others mention it.
Goodbye Firefox when I just got tired of being an about:config workaholic.
What really cause me to reconsider is someone told me recently I could have all the things I desire (your bullet points) simply by running Firefox containers with no other browser.
I have not investigated this claim but I know others swear by it.
That is essentially what I was doing before. Temporary containers creates a separate container for each tab(based on rules).
However, at least for my use case, I found some flaws with that approach. Containers provide isolation from each other site but they donāt have separate extensions. I have a decent number of extensions that I use for privacy or convenience purposes that can read all site data or use other intrusive permissions(By necessity). For my banking, I donāt want that, even in separate containers. Likewise, my privacy profile is different for shopping. I am not worried about the sites I shop identifying me. I am logged in and they are shipping things with my name address. They can definitely identify me. But I am concerned about ensuring they arenāt using shared cookies to share data with each other.
Fundamentally, those different use case necessitate different profiles for me.
Of course, if you donāt use as many extensions as I do, containers might meet all your needs.
Not only that, but the more extensions you have it makes your digital fingerprint more unique when all used on a single browser, and easier for companies to link you up with other data they may have on their database. Especially when logging in to their site as this information can be tied to personal data used on your user account, and mobile number if using two-factor authentication and it becomes cross-device tracking. Best to keep the browser as vanilla as possible and more common, easier when a small number of extensions are split between multiple browsers.
Even Firefox containers cannot protect against the unique fingerprint your browser, made unique by all the extensions (And many other aspects). Different browsers will generate different fingerprints though. VPNs can ruin fingerprints somewhat as multiple people with different browsing habits across the world are using the same IP address and muddies the data a bit and reduced accuracy for the VPN generated IP address identifier.
Fingerprinting is separate to the topic of cookie isolation, but just another good reason to have separate browsers other than the cookie aspect.
just read this topic and am not sure what the exact goal is but if just for browsing safe and blocking the adds and many otherā¦ maybe try this one >> https://icecatbrowser.org/index.html
the icecat browser is great for see the difference from the same website with other browsers for example ,seperate browsers is always a good idea (i do the same but withouth extensions)
Right after changing this to true I am not able to use the EOS forum any more. My cookie setting for the forum URL is set to āallow for this sessionā. Even a restart with delting all cookies does not help.
Does someone has an idea or hint why his happens?
Iām trying to simplify so Iāve cut back to just Floorp and I use a container for Google/Youtube/Reddit. OPās FPI tip was good and Iām trying it now.
depending on what exactly needs to be accomplished, I see two more paths:
nspawn: with --ephemeral flag wonāt carry over any browsing activity (or activity in general).
firejail: with --private AND --private-tmp flags you obtain pretty much the same result with a fraction of the effort and the advantage of being able to use Windows executables (if required)
I use this combo to test websites with multiple browsers without polluting my main workstation. Clean, efficient, effective.
Thanks for the hints. I checked all extensions but none of them was the culprit. After some more investigation I found out that it only works if I configure in my privacy setting to not deny all cookies but site spanning cookies (donāt know if that is the correct term, as my firefox has german language settings ).
This kind of setting is not working for me, because my standard privacy setting is to deny all cookies except those I configured as allowed for this session.
Thatās the way I have been using my browser as long as I can remember. I did about a year ago switch from Firefox to Vivaldi as my browser and when I was using Firefox I was using the multi-account extension. To add to that use an account to be able to sync my favorites, settings and extensions to mutliple-devices, so it seems too much of an inconvenience to me to be using different browsers for different stuff as not everyone being in one place.
Thanks for sharing your experience with your new browser setup usage. Iāll have something to think about after reading your experience with it, not sure I am sold yet though.
I kind of veered away from the original topic a little, I will write a bit below but I admit many probably are not as invested in this type of topic but still removing specifics.
Probably not exactly how Dalto intended with their research and results based post in a nice and easy āguideā like layout. But how I saw the original topic was regarding managing cookies and browser extensions for privacy and even security in some aspects (limiting data breaches from companies storing this data and outdated extensions). Multiple browsers reduces the amount of data going through between cookies, such as cross-site cookies.
Many cookies, especially Meta, and Google ones, track where you go on different sites, and they gather data from you to sell later. Some websites contain APIs from Google and Facebook, and by using iFrames in a hidden sub browser they can read their cookies from non-google and non-Meta websites and essentially know what you do on them.
Containers can help isolate this within one browser so data and cookies from sites cannot interact with each other but all extensions will still be active since these are installed on a per browser basis.
Instead, multiple browsers can be used so extensions, cookies, and site data are further isolated. Some extensions require too many permissions, and some are left unmaintained which can become a security issue, many extensions also gather and sell your data based on sites you go on and what you do as well as see your browsing history.
Having a load of extensions will make a single browser more unique for advertising IDs and fingerprinting. But splitting the extensions between browsers makes each fingerprint more generic and less unique to you. With a VPN the IP tracker will be further unreliable.
I veered off when I started mentioning fingerprinting, but fingerprinting is another form of tracking that can track you even if Firefox containers are used since these are based on the browser characteristics, disabling javascript will not prevent fingerprint tracking either.
Using multiple browsers means a different fingerprint for each one, preferably anything Google should be accessed on one browser so itās isolated from anything else. Companies use a technique āpersistent fingerprintingā where they try to use cookies and fingerprints combined to re-link your identity even if you try to remove cookies or other data as there will always be ātracesā left. Separate browsers will limit what they can re-link.
I have heard of the Icecat browser but I have never used it personally, not for any specific reason though. But it is an option for people to use.
But ā MS Edge as main browser (because sync across my home/work/gamePC)
ā Firefox for diferent pruposes on diferent PC (linux as main for linux stuff , windows work for sock5 acces to home , gamePC for acces game stuff)
ā and on Phone MS edge combinet with samsung browser, and Vivaldi for private stuff.
And in PC in family (dothers , wife home/work) combinations of Edge and Vivaldi (firefox before but it has sometimes problem with its built in autoupdate tool in windows so i moved to Vivaldi)
Iām currently using Vivaldi as my only browser, although I have Safe Browser by F-Secure installed on my phone. I used it as my main browser for years (in my phone), but itās not modern by any standards anymore.
Before Vivaldi I used Chrome, but I have been switching to European alternatives on software that I use, so it was relatively easy choice for me (itās Norwegian, created by former Opera employee).
But I am concerned about ensuring they arenāt using shared cookies to share data with each other.
).
