Look-Alike Domains and Visual Confusion

[StuartR]

Unlike other browsers, Firefox doesn't make it easy to recognise URLs that use unicode names that look like English domain names. You can fix this by typing
about:config
into the address bar. Then search for punycode and set
network.IDN_show_punycode
to be true.

Look-Alike Domains and Visual Confusion

[HansV]

Thanks, I immediately applied the change!

[Rudi]

TX Stuart! Updated.

[Rebel]

Thank you Stuart.

[stuck]

Thanks, got that one nailed down now.

Ken

[BobH]

thanks, Stuart!!

I made the change and rebooted Fx, but I was wondering if a reboot is necessary after an about:config change<?

[StuartR]

A simple test shows that a restart of Firefox is not needed.

Navigate to https://www.са.com/
Toggle the setting and refresh the page.
It will either display http://www.ca.com" onclick="window.open(this.href);return false; or http://www.xn--80a7a.com" onclick="window.open(this.href);return false; depending on the setting.

[Leif]

And thanks from me, too!

Also always worth remembering that hovering your cursor over a URL tends to render the final destination bottom left of the Firefox screen:

x.jpg

[StuartR]

Yes, Leif, I had noticed that it displays the punycode version in that destination hint, but that would be easy to overcome by using a redirection service like bit.ly, or even a facebook link

[John Gray]

Err - I can't find "punycode" on 58.0.2...?

[StuartR]

Err - I can't find "punycode" on 58.0.2...?

That's surprising. I am also running Firefox 58.0.2

[viking33]

Punycode applied. Thanks Stuart.

[John Gray]

Err - I can't find "punycode" on 58.0.2...?

That's surprising. I am also running Firefox 58.0.2

First time I tried using Edit -> Find.
Using Search works.
Ho-hum...

[Rebel]

A simple test shows that a restart of Firefox is not needed.

Navigate to https://www.са.com/
Toggle the setting and refresh the page.
It will either display http://www.ca.com" onclick="window.open(this.href);return false; or http://www.xn--80a7a.com" onclick="window.open(this.href);return false; depending on the setting.

Stuart's tweak works as advertised in Firefox, but Chrome goes a step further. Clicking on the same link brings up a page that tells me that this is a fake site and that the site is NOT ca.com. The address bar also shows that the site is actually http://www.xn--80a7a.com" onclick="window.open(this.href);return false;.

[Leif]

Yes, Leif, I had noticed that it displays the punycode version in that destination hint, but that would be easy to overcome by using a redirection service like bit.ly, or even a facebook link

Good point - you are quite right!

[StuartR]

Stuart's tweak works as advertised in Firefox, but Chrome goes a step further. Clicking on the same link brings up a page that tells me that this is a fake site and that the site is NOT ca.com. The address bar also shows that the site is actually http://www.xn--80a7a.com" onclick="window.open(this.href);return false;.

That message is not created by Firefox, it comes from the site http://www.xn--80a7a.com" onclick="window.open(this.href);return false;, which is rendered as http://www.ca.com" onclick="window.open(this.href);return false; in the address bar if you don't enable the punycode.