Sure containers doesn’t try to be a perfect solution, we can keep attacking at these problems potentially with containers however if you are a high value target you likely would want Tor, Qubes, multiple computers etc. The more we solve this fingerprinting problem and the more people use containers we are likely to solve this problem through ambiguity (however there hasn’t been enough research in this area).
I’m hoping we can do more things to prevent this in the future. Ultimately however this is the users problem like typing passwords into phishing sites. We can try to educate but ultimately it’s a hard problem to solve.
The problem here is more third parties, to cleanly move it would have to take all storages like cookies and cache from anything the website loaded and put it into another container. These cookies might be shared with more first parties which also would have to move.
If you think of lightbeam and it’s connected graph to cleanly move whilst solving the cookies issue you need to take anything on the graph connected to it. The problem comes when something common like Google Analytics has been loaded, which essentially connects all the webs history to the site you are trying to place in this container.
So you can instead try and break that connection by deleting the third party storage when you move the website over. This however would start breaking web properties because some third parties are important to the function of a website. Even basic things like a site might cope with Google Analytics being blocked on first page load but might not expect the cookies to randomly be removed halfway through a session.
Currently all of these storages can’t be cleanly accessed with Web Extensions either which would mean working on that first. Potentially there could be some intelligent allow/block list for removing these third parties, however again this isn’t remotely close to a perfect solution.
How context plus works was already rejected to be done internally part of out containers, the extension provides a right click context menu to copy the url into a new tab, closing off the other.
This has the previous stale cookies lying around which could be improved perhaps however because of third parties nothing can be forgotten anyway. This has the advantage of not littering the new container with old cookies.
So just adding a warning in my opinion isn’t sufficient, users won’t read it or understand. There is too much to explain even for a wiki page let alone a sentence.
The security issue n°1 is more impactful than the security issue of the moving tab and more difficult to understand for the user.
This is the worst of the security issues, however if more users had containers the ambiguity caused by potential anti-fingerprinting techniques and containers would reduce the effectiveness of sites being able to fingerprint.
The security issue n°2 is reduced when using the moving feature because it will overwrite the accounts connected on the destination.
Cleaning up storage is a risk for shared computers and also XSS etc. However as this stands clearing up this storage is actually harder than it seems without breaking lots of user flows (because of the messy nature of third parties etc).