Multiple user profiles / separation / containerization of users

Hi People,

I am using a Fairphone 4 purchased from Murena with /e/os 1.6-s 2022129238946-stable-FP4 since a month now. So far it has been both a refreshing and a challenging experience - in general I am really happy with it.
I have accumulated many questions and observations. But trying to stay on point with this topic so I will share them across new and existing topics rather than one long read.

This is a question about the creation and use of additional user accounts. For example to separate work and private use.

Prerequisites – I use opensource apps and privacy friendly apps where possible but in the real world I have to use apps like MS Teams, Outlook, WhatsApp etc. Many posts talk about Shelter to organize that. I tried to install Shelter but it will not work - it actually notifies me that it is not install-able for my phone/OS combination.

But what does Shelter do that cannot be accomplished with an additional user account to containerize work and/or privacy unfriendly apps?

Use case example with Whats app:
I’ll create an additional user account, I’ll install WhatsApp + an address book with only limited amount of contacts (so that FB will not have my full list of contacts).

  • Are user accounts totally separated as far as privacy is concerned? No leakage?

  • Is it possible for this new user to utilize the second sim in my phone?

  • Is it possible to effectively tailor Advanced Privacy per user account?

Another use case for example could be, (while waiting for per app location permissions :blush:) to do the Magic Earth navigation from another user which uses real location? As switching users is really fast it would be easy to do.

Anyway, I am looking forward to your insights.


Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

the forum by now has a lot of info that gives quite an insight, give it a try. Answers not older than a year should still be current

on MS Teams, Outlook: there’s also Office365 DNS_PROBE_FINISHED_NXDOMAIN - you’ll need to exempt the domain from being blocked for it to work. As of now you can’t use a outlook Email within “Mail” (Mail with Outlook/Office365 servera - #9 by tcecyk), you’d need to use the upstream k9mail.

ForumGPT would be great to do some auto-answering now that I come to think of it :slight_smile:


Thank you tcecyk for your rich comments and answers!
Yes there is a lot to be found on the forum already. It didn’t emerge in my initial search however, so I am happy with your feedback.

I’ll try some of your suggestions and links. It is especially important for me to discover and understand current possibilities and limitations of using /e/OS Even more so because for the larger part I will be just a user. A user striving for the best mix of privacy and daily usability.

To extend to the topic

I did the following:
Created a new user for work and installing Teams and Outlook apps in this new user account.

Then, as expected, it was not possible to sign in to MS account. Toggling off all Advanced Privacy in the new user account made no difference.

After that I went back to the Ḿain´user and switched off Advanced Privacy there as well. Then I got back to the new user and this time sign-in in Teams and Outlook worked perfectly.

Now here is the thing: I turned on AP in both accounts again and everything (MS/Outlook) continues to function.

How do I explain this? @tcecyk you already said this might have to do with AP issues on a per-user level.

The other thing is - Teams/Outlook apps seem to be ok only to have AP shut off at sign in, (both main user and second user). After that with AP fully turned on in both user accounts these apps still work. Do I need to to worry about that?
Did I let the ´beast´ in and closed the gate? :sweat_smile:

Your experience reflects the current status of AP trackerprotection and Shelter, see How to make Advanced Privacy work with work profiles using Shelter - #2 by tcecyk

As you now have a valid token for msauth it will work with TP enabled until it expires.

Blocking the ms login domain is very disruptive. I’d probably contact MS on this for them to give the domain a clear role.