Mozilla Is Working On a Chrome-Like 'Site Isolation' Feature For Firefox

An anonymous reader writes: "The Mozilla Foundation, the organization behind the Firefox browser, is working on adding a new feature to its browser that is similar to the Site Isolation feature that Google rolled out to Chrome users this year," reports Bleeping Computer. "[Chrome's] Site Isolation works by opening a new browser process for any domain/site the user loads in a tab." The feature has been recently rolled out to 99% of the Chrome userbase. "But Chrome won't be the only browser with Site Isolation," adds Bleeping Computer. "Work on a similar feature also began at Mozilla headquarters back in April, in a plan dubbed Project Fission." Mozilla engineers say that before rolling out Project Fission (Site Isolation), they need to optimize Firefox's memory usage first. Work has now started on shaving off 7MB of RAM from each Firefox content process in order to bring down per-process RAM usage to around 10MB, a limit Mozilla deems sustainable for rolling out Site Isolation.

Re:Fission indeed!

[jfdavis668]

Going for the nuclear option I see.

Another way to save memory

[dicobalt]

Let users whitelist domains they trust and run those without this feature. Also run advertising domains for the same advertising companies in the same processes. Also kill advertising processes when they cause the browser to exceed a certain amount of performance. There are a lot of web sites out there that are slow because there are dozens upon dozens of advertising relating domains on them.

Re: Fission indeed!

[Z00L00K]

But is it a full site isolation that also separates third party cookies per main site?

SW Freedom makes Firefox better than Chrome

[jbn-o]

Mozilla Is Working On a Chrome-Like 'Site Isolation' Feature For Firefox

If Firefox's implementation will be free software (or something that can easily become free software), Firefox will continue to allow anyone to inspect, modify, and share the software even commercially. This leads those who do such work to personally trust the code because they know what's in that code and if they find something they don't like (no matter how that is defined) they can improve the code (or get someone they trust to do this for them) and then they can distribute the improved code to help the community (including non-programmers, the majority of computer users). This also helps explain why other browsers including the Tor Browser derive from free software browsers such as Firefox.

Chrome, on the other hand, is nonfree software (proprietary, user-subjugating software); software which does not respect a user's software freedom. Therefore we can't determine all of what Chrome does, and if we find out it does something we don't like we have no permission to improve Chrome and distribute an improved version. Proprietary software developers are in a position of power over their users, which is an injustice to the users. So long as Chrome remains unvettable by its users Chrome remains untrustworthy by default. As the Free Software Foundation rightly points out, proprietary software is often malware: "the initial injustice of proprietary software often leads to further injustices: malicious functionalities". Any further assessment of Chrome means looking at proxies for its trustworthiness instead of going to the natural and logical place to make this determination—a program's source code. Then we get to the reputation of its developer—Google—a known participant in international mass surveillance (per Edward Snowden's leaks). It makes no sense to talk about the security and privacy benefits that come from a feature such as site isolation while relying on an inherently untrustworthy program to look out for your interests. You'll note that popularity of a program or its developer doesn't enter into any serious discussion of how much trust to place in these programs, or whether to recommend their use by others.

Re:SW Freedom makes Firefox better than Chrome

While Chrome isn't open source, Chromium is and is nearly identical. Firefox is definitely a more user-friendly project, but they're both open-source projects.

Re:One more time with feeling: OS level sandbox

[roca]

Browser ARE using OS-level sandboxing internally.

Putting the entire browser into a single sandbox is possible but "the damage it can do if it goes rogue is sharply limited" isn't true. A compromised whole-brower-in-a-sandbox can listen to your microphone, watch your webcam, manipulate your online banking, access all your Web passwords, manipulate your Webmail, etc. It (maybe) can't mess with your other desktop applications but for many users that's of very little value.

Browsers are using those OS-level sandboxing tools to sandbox individual "content" subprocesses. A malicious site might exploit a bug to take over a content process, but those processes have very low rights compared to the main browser process. They typically can't access the filesystem at all, they can't directly access microphones and webcams (only indirectly, triggering browser UI to notify the user), etc.

Currently in Firefox code from different Web sites can share the same content process, which means a site compromising a content process can usually access content from other Web sites like online banking. This article is about improving Firefox so that is no longer the case.