How to Enable or Disable IDN Punycode in Firefox Address Bar in Windows

Punycode is a representation of Unicode with the limited ASCII character subset used for Internet host names. Using Punycode, host names containing Unicode characters are transcoded to a subset of ASCII consisting of letters, digits, and hyphen, which is called the Letter-Digit-Hyphen (LDH) subset. Punycode is used to encode internationalized domain names (IDNs) as a defense against address spoofing.

From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn–pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0061). This is known as a homograph attack.

Firefox allows enabling to show IDN punycode instead of non-Latin letters and Unicode symbols in the address bar. This can be very useful to help see if the currently opened web page is a phishing site or just a non-official mirror of some web site which you would like to avoid.

For more details, see also: Phishing with Unicode Domains - Xudong Zheng

This tutorial will show you how enable or disable showing IDN punycode in the address bar of Firefox for your account in Windows 7, Windows 8, and Windows 10.


EXAMPLE: IDN punycode enabled and disabled in Firefox

Test site: IDN Homograph Example





Here's How:

1. Open Firefox.

2. Type about:config into the address bar, press Enter, and click/tap on the I accept the risk button. (see screenshot below)

3. Type IDN_show_punycode into the search box, and press Enter. (see screenshots below step 4)

4. Double click/tap on the network.IDN_show_punycode setting to change its value to true (enable) or false (disable - default) for what you want. (see screenshots below)

5. You can now close this about:config tab if you like.


That's it,
Shawn