In an effort to improve my online security, I recently started testing Firefox Multi-Account Containers.  The concept is fairly simple.  The browser can open websites in discrete containers, and sites opened in one container cannot see information in another container.  For example, a social-media site opened in one container cannot gain tracking information from a store’s website opened in another container.  (Mozilla also has a specific Facebook Container, which should be installed before Multi-Account Containers if you decide to use both.)  While Firefox containers cannot stop browser fingerprinting, they can at least prevent tracking with cookies.  Containers can be useful tools for keeping your activities online confidential from prying eyes, especially when combined with other privacy features.

Containerization is not a new idea.  At its core, containerization is simply the segmenting of data.  For security, different data sets can be separated into containers so that a breach in one container will not compromise data in others.  In my admittedly limited knowledge of software history, the oldest example of containerization dates back to at least the 1979 introduction of chroot in Unix, and modern containers have been gaining popularity in the enterprise space for years as alternatives to virtual machines for certain workloads.  Virtual machines (VMs) run full operating systems on top of software that emulates complete computer hardware (known as a hypervisor), so a VM emulates an entire computer system.  Containers, in contrast, emulate only applications on top of an operating system.

In the consumer space, containerization has seen little use, at least as far as I know.  There may be some uses that are not immediately obvious but would be classified as containers.  Firefox containers are the first obvious consumer-friendly container implementation that I have used, and though they require a little extra work to use wisely, I think that most users could adjust to segmenting their online activities, such as separating social-media accounts from banking and shopping sites.  Online privacy is increasingly difficult with the constant barrage of tracking schemes, and while many users may find the benefits of tracking convenient, those users should be aware that they are giving tech companies an incredible amount of information about their private lives.  Online privacy deserves its own post, but that is a topic for another day.

Eventually, I intend to test Qubes OS, which is an operating system based around containerization.  It may never be my daily operating system, but for certain workloads, it could be invaluable.  Qubes OS works by containerizing all of a user’s activities at the operating-system level and assigning individual containers both trust levels and specific resources.  For example, one container could be granted network access for browsing the Web, while another could be offline and therefore completely segregated from the Internet for security.

One interesting use case for Qubes OS is Split Bitcoin.  For those who are less familiar with cryptocurrencies, the safest way to store a cryptocurrency wallet is offline.  In essence, the wallet stores a pair of asymmetric cryptographic keys.  These keys are mathematically related so that data encrypted with one key can be decrypted only with the other.  One key serves as the wallet’s public address for transactions, but the other key must be kept confidential because to send a transaction, you must sign it with your private key.  By storing the wallet offline, you can prevent hackers from being able to steal your private key.  The Split Bitcoin setup allows the user to create an offline wallet in a container without network access, while a second wallet in a networked container can be used to check balances online without the ability to send transactions.  Since the private key resides only in the offline container, a hacker would find stealing it to be extremely difficult.

I expect that in the next few years, more consumer applications will start embracing containerization.  As online activities become increasingly important to business and everyday activities, the need for greater security only worsens, and segmenting data is often a good way of preventing catastrophic breaches.  For the moment, however, I will keep working with Firefox containers to better control what information I allow sites to see.