Legality of Firefox Containers

[Racoda]

The Firefox browser (semi-)officially includes the ability to be logged it with multiple accounts on one site:
https://support.mozilla.org/en-US/kb/co ... containers

Although it is a built-in browser feature, with an API exposed to extensions, actually using containers requires either installing an extension to use them (the extension exposes the browser API through an UI to the user) or changing some settings¹. The Mozilla team provides such an official extension, and there are other unofficial ones.

In the case of NS, this means a user can use multiple nations, each in a separate tab, within the same browser window.
Functionally, using containers for different nations is the same as using a separate browser or separate Chrome profile for each nation, except it is on a per-tab basis instead of per-window. A similar effect could probably also be achieved on Chrome by using a script caching cookies and submitting different ones for different tabs (which is essentially what Firefox does).

Under current site and script/tool rules, this does not seem to be illegal. However, after a discussion with two other players, it seems like a legal grey area — they've pointed out that the simultaneity rule on restricted actions could potentially apply to both cases (multiple browsers and containers). I'd appreciate some clarification.

I searched the forum for previous topics, but only this one seems of relevance:
https://forum.nationstates.net/viewtopic.php?p=35272894&sid=c3426b77bf93a5bd4abda5e749c4dde6#p35272894, specifically the distinction between a script itself interacting with the server vs other “UI” tools.

Effectively, this is a question on whether the simultaneity rule applies to anything other than scripts and the requests they generate. If it does, does responsibility for avoiding simultaneous (restricted action) requests lie with the user, the computer or the browser?

Simple example:

• A user uses two computers to simultaneously answer issues on two different nations.
• A user uses two browsers to simultaneously answer issues on two different nations.
• A user uses two tabs (containers) to simultaneously answer issues on two different nations.

Thanks in advance!

[1]: For advanced users section at the end of the page: https://support.mozilla.org/en-US/kb/containers

[Frisbeeteria]

The error message "This request failed a security check." is coded to prevent certain actions. If using containers doesn't bring up this message, it's probably technically legal. Any prohibition is something admin put in place, and is not subject to moderator input. As you say, it's perfectly legal for the user to use two browsers on the same computer to address two different nations.

That said, you're still going to get security checks when using different devices. The code is designed to allow only the most recent active session on any given nation to function.

Furthermore, you should not be using containers to subvert the intent of the script rules. If you're using containers to get around API rate limits, that's definitely against the rules. I'm pretty sure that's built in to the API key code, but I can't speak to the actual coding or ways in which scripts might attempt to subvert such code. Just don't do it.

[Racoda]

The error message "This request failed a security check." is coded to prevent certain actions. If using containers doesn't bring up this message, it's probably technically legal. Any prohibition is something admin put in place, and is not subject to moderator input. As you say, it's perfectly legal for the user to use two browsers on the same computer to address two different nations.

Thanks, that's my intuition as well. There's no such error message. It's just like using two, three, or more browsers, all in one window.

Furthermore, you should not be using containers to subvert the intent of the script rules. If you're using containers to get around API rate limits, that's definitely against the rules. I'm pretty sure that's built in to the API key code, but I can't speak to the actual coding or ways in which scripts might attempt to subvert such code. Just don't do it.

Containers don't break API rate limits, as far as I know, the API limits requests per IP.

[Trotterdam]

For one thing, the strictest site usage rules apply only to scripts, not to manual user actions. Anything using browser containers is probably perfectly fine so long as you're sticking to manual user actions.

If you're running scripts, they're probably not in your browser to begin with, so containers are irrelevant.

Hybrid cases (like browser plugins that modify standard NationStates behavior) are a gray area, but so long as they follow the "only one server request per user action" rule, it's probably still fine.

[Liberty]

I would be cautious of using them for gameplay purposes, there are in-game limits that can be avoided by using two nations that I’m sure would be illegal, like say suppressing posts (which has a cool down period). Sending telegrams manually (used to, maybe it doesn’t as much anymore?) have such a cool down as well forcing the user to wait so many seconds before sending another. Moving regions now that ejecting is rate limited is also m, I’d guess, questionable to be doing with either multiple browsers or containers. Anyway, doing stuff like that to get around any of these hard coded rate limits seems problematic.

I use two browsers to keep me logged in to one account on the forums while making long posts, and another to interact with the game in another account pretty often, so there’s probably millions of ways to use it legitimately, but I’d agree with the other folks you talked to that there would also seem to be some pretty clear ways it could be misused. So don’t do those.

[Ballotonia]

The simultaneity rule is about performing actions on one nation with super-human speed. This is PARTLY covered by having actions which create a security check error, but not all: if we put them everywhere people using multiple tabs will complain bitterly (and some already do for certain card actions). So, unlike what Fris says, the absence of a security check error does not automatically mean something is legal.

The Firefox Containers issue is a different story though: this is like using multiple browsers or multiple computers to access different nations simultaneously. As long as you're sticking to the rule limiting restricted actions to their own individual user-provided (non-delayed) initiation, then that's all legal.

Ballotonia

[[violet]]

Interesting question! Short answer: Firefox Containers are okay. But they're pretty close to the line, so it was worth asking.

Longer discussion:

In terms of functionality, Firefox Containers don't offer anything anything different to regular tabs, at least in regards to things we care about. They're just like regular tabs (or new browser instances). However, they are definitely a tool ("a script, bot, macros, or browser add-on"), which means they are subject to our Script Rules. These rules specifically prohibit actions performed by tools, but not by humans alone using an unmodified browser -- so it is possible for the same action to be legal when done by a person but illegal when done with a script or browser mod.

With regards to simultaneity: The Script Rules prohibit tools from making simultaneous requests. This rule applies to all requests, not just "automatically generated" ones. It is illegal to add an endorsement button that allows users to mash it repeatedly without waiting for a server response in between, for example. A tool that generates such a button is responsible for managing it so that it won't make simultaneous requests.

But this isn't what Firefox Containers do: They don't generate any buttons. We don't hold tools responsible for activity on "native" buttons, i.e. site controls that exist on the page already, and weren't modified by the tool. And this, I think, is where Firefox Containers land. Yes, they are tools, and so subject to Script Rules; yes, they should abide by the simultaneity rule; but no, they're not responsible for managing buttons they have nothing to do with.

[Trotterdam]

In terms of functionality, Firefox Containers don't offer anything anything different to regular tabs, at least in regards to things we care about. They're just like regular tabs (or new browser instances). However, they are definitely a tool ("a script, bot, macros, or browser add-on"), which means they are subject to our Script Rules. These rules specifically prohibit actions performed by tools, but not by humans alone using an unmodified browser -- so it is possible for the same action to be legal when done by a person but illegal when done with a script or browser mod.

I have to wonder how this line is drawn. What makes an official, manufacturer-supported browser feature that can optionally be enabled different from an official, manufacturer-supported feature that's a permanent part of the browser's core functionality? What if I have some extremely lightweight, low-intrusiveness third-party add-on (for example, a privacy plugin that limits what information sites can glean from my visits) that nonetheless applies to every single site I visit, so I never use perfectly-unfiltered "unmodified browser" functionality anywhere?

What if I'm obsessed enough to write my own brand-new cheating-at-NationStates web browser from scratch, so it technically counts as an unmodified browser?

I think it's important that this "tool", whether it's considered to be part of the "base browser" or an "add-on", is not specifically designed to know about NationStates. It's a general-purpose tool that behaves the same on NationStates as on any other site and has no NationStates-specific functionality.