Turn off domain guessing and keyword search in Firefox

For security and ease of troubleshooting, turn off Firefox's automatic keyword search and domain guessing features.

Problem
Firefox has an annoying habit of trying to guess what address you meant to go to when you type in an invalid URL. There are two components: domain guessing, which attempts to correct an invalid domain name, and keyword search, which searches Google for what you typed and silently takes you to the first search result. Domain guessing and keyword search can potentially reveal private information and expose you to malicious websites. If you really want keyword search, use the built-in search bar, which is to the right of the address bar in the default Firefox installation.
Solution

The following instructions will walk you through turning off two features of Firefox. These features may be re-enabled at any time by the same process. All of the settings can always be reset to their default value.

  1. Go to the address about:config, which will allow you to tweak the browser's settings.
  2. Type fixup in the filter bar at the top of the page to narrow down the list of options.
  3. Toggle the entry browser.fixup.alternate.enabled to false by double-clicking it.
  4. Clear the filter bar and type keyword in its place.
  5. Toggle the entry keyword.enabled to false the same way.
  6. Close the about:config tab or window. You're done!
Explanation

Domain guessing and keyword search are well-intentioned features, but they ultimately cause more trouble than they are worth. By silently redirecting the user to a search result, the browser may cause confusion and danger. I'll give an example that I was involved in:

  1. I send the instant message 
    get ready for a big image link
http://flickr.com/photo_zoom.gne?id=85689163&size=o
    to a friend.
  2. She accidentally pasted the full message into the address bar of Firefox.
  3. Firefox read the new-line character after the word "link" as a press of the [Enter] key (this is normal behavior), thus ignoring the link itself.
  4. Since "get ready for a big image link" is not a valid URL and doesn't look like a mis-typed domain name (which would prompt domain guessing), Firefox initiated a Google "I'm Feeling Lucky" search for the phrase, which redirected my friend to a NASA page about icebergs. She never saw a Google search page, and assumed that I had intended to send her to a page about icebergs, rather than a page relevant to our discussion.

This is a harmless example, but it is not a stretch of the imagination to say that this could be exploited maliciously.

Resources

Responses: 2 so far

  1. Jeremy Stein says:

    You probably also want to turn off keyword.enabled

    # December 11th, 2007 at 2:15 pm

  2. Tim McCormack says:

    @Jeremy: That's already mentioned in step 5.

    # December 11th, 2007 at 10:39 pm