I've pretty much made the same changes. I was luke-warm on the switch from chrome to Firefox until I started using containers and CookieAutoDelete with those containers. I have a 'Google' container that preserves google cookies for when I log into gmail (transition in progress)- but otherwise google cookies get automatically deleted. There are a handful of other sites I wish to stay logged into - like github, slack, spotify - and I have containers for them with CookieAutoDelete configured accordingly. Its also comes in handy for sites where I have a work account and a personal account - like AWS. Instead of having to open an incognito window to allow being signed into two accounts at the same time, I just have separate containers. Makes a lot of practical sense for me.
I also made the switch to Bitwarden - except for me I was using Lastpass before. Bitwarden has a much cleaner interface and a sane sharing scheme. Trying to keep shared passwords in sync with my wife in Lastpass was an absolute nightmare - to the point that I hated changing the passwords - which is one of the major points of a password manager. Lastpass has become stagnant and bloated since LogMeIn bought it.
You like the "Temporary Containers" extension. It automatically creates a new container for every site that doesn't already have an assigned container. The temporary container (cookies, etc) get deleted 30 minutes after you close the last tab for the container's site.
I use Sandboxie with a browser instance without cookies or cache. It automatically deletes files after closure. Only the browser is allowed internet access.
For specific services like my primary email, I have an isolated Firefox instance keep the cookies for that service only. I don't use that instance for anything but that service. Is there anything I'm giving them (besides what information you give by using the service at all of course)in keeping the cookie? Just want to be aware of any risk I may have overlooked.
Was similarly lukewarm to the change. I actually only made the change because I was having resource issues with chrome and bookmark interactions would lock the screen for a few hundred milliseconds - tried everything. Eventually you just blame the vendor and switch.
But now, well, I don't really see me going back any time soon.
You can host it yourself - I don't. The interface is much cleaner and easier to use IMHO, especially if you use password sharing. At the end of the day its a password manager, and there are plenty to choose from. I used to be a big Lastpass fan - but their quality has continued to degrade and competitors have stepped up their game. If I didn't end up using Bitwarden, I probably would have ended up with 1Password.
Yea but you don't have to. I don't have a lot of experience with 1pass/last pass but I assume they're the same. I liked that Bitwarden was free, that I could do my own server, and that I can do dual account sharing via org setup - all free accounts.
I'd be careful with that one, due to recent developments in Australia, more or less banning encryption (and legalising subverting employees of companies without the company's knowledge, to break their encryption schemes secretly).
Until we know more, not a single Australian product can be trusted and even Australian employees of companies working overseas can't be trusted anymore. It's horrific.
I have a protonmail premium account and I'm disappointed. First you can't use a native client in linux because the bridge isn't released yet (in the faq it's written it's planned to be released early 2018 lol). The android client doesn't like the fact that I desactived the google play service on my phone (how can a privacy focused email depends of the google play service? ). They hooked me up because they said that they where going to open sourcing protonmail, but for the moment neither the bridge nor the android/ios client are open source.
The bridge solution is a nice attempt at supporting open standards, but it's not on Linux or Android which basically means my email is silo-ed. I can't use it with my regular mail client and the ProtonMail client will never be all things to everybody.
The android client at least does seem to run just fine without Play Services, it just pops up annoying notifications saying it needs them.
At this stage I'm probably looking at migrating away.
I'd really like a mail provider that lets me forward a few addresses to the rest of my family since I own lastname.nz, but that doesn't seem possible on most mail hosts without a full x-user enterprise setup.
I'm currently giving ProtonMail a try - but I'm also using a custom domain. My current thoughts are that I'll switch everything over to my custom domain, and then I'll never be locked into an email provider again. If ProtonMail doesn't pan out, I'll switch to someone else - still keeping my custom domain. My reliance on google and my attempts to move out of it has really been an eye opening experience I hope to not repeat.
I went with Tutanota.com which on top of active development also communicates regularly with its users on what features are being worked on. Plus they allow you to have/create a bunch of different email addresses under the same mailbox.
Last I checked, containers weren't working properly, and I gave up on the idea because false sense of security is worse. My test website was web.whatsapp.com. I think this is the tracker, although I didn't really look too much into it (https://github.com/mozilla/multi-account-containers/issues/8...
Pretty sure I figured this out, since I was able to reproduce it as well. It has to do with caching and something Whatsapp is doing to restore the page from local data most likely, as once you clear the local data for web.whatsapp.com, it correctly requests redirecting to the correct container.
If I had to guess, I suspect that Firefox triggers the container switch dialog on the first network request, and that page is so optimized that after the first visit it loads entirely from cache and/or localstorage data without any network activity at all.
If true, it might be that while it didn't switch, it actually wasn't leaking data between containers at all, since there was no network activity. I'm not sure if a background request would have triggered a container switch dialog, been blocked quietly, or have been allowed through some root page permissions cascade.
I may be far off, and this is trivially checkable, but I'm out of time.
On Linux, works for me. Using add-on version if that helps. There is a bug that opening a url via e.g. xdg isn't able to prevent default tab opening on first startup.
I also made the switch to Bitwarden - except for me I was using Lastpass before. Bitwarden has a much cleaner interface and a sane sharing scheme. Trying to keep shared passwords in sync with my wife in Lastpass was an absolute nightmare - to the point that I hated changing the passwords - which is one of the major points of a password manager. Lastpass has become stagnant and bloated since LogMeIn bought it.