Another bit of your privacy going down the drain

Today I discovered an annoying fact about Firefox 3: when I misspell a site name in the address bar, it performs an “I’m feeling lucky” search on Google. No, not in the “search” filed, but right in the place where you would type an url and expect to be taken there.

Perhaps it might seem helpful, but it is something that I definitely do not want to happen. Why?

The most obvious reason for this is that I do not want to give away other information about my browsing intentions. I might be logged on Gmail or any other service provided by Google, and my destination could be associated to my profile. Or, much worse, I might make some silly mistake (e.g. see the former French minister Rachida Dati) and get embarassing results popping up on my screen. And, of course, the destination could still be potentially associated to my profile.

Paraphrasing Benjamin Franklin, I might say that

people willing to trade their privacy for temporary convenience deserve neither and will lose both

It might seem a little bit far-fetched, but I think that this is what has been consistently happening with Google throughout its history: by giving away an incredible amount of free services and tools, they have turned into a huge repository of personal data. At the same time, every Google user is trading personal data with free services. My point is not that Google is evil (which I am not interested in deciding here and now): simply put, sometimes the trade seems fair, and sometimes not. In this case and in my opinion, the advantage is negligible.

Anyway, disabling this beahavior is rather easy. Type “about:config” in the address bar. This, despite not being neither a well-formed url nor a registered domain, will not be captured by Google 🙂

Instead, you will be warned against a different kind of risk, i.e. messing up with the configuration of Firefox. Accept, and promise to be careful.


Then, find the “keyword.enabled” row (to get it quickly, begin typing it in the “Filter” field). If it’s “True”, right-click on it. A contextual menu will appear, choose “Toggle” and you’re done.


From now on, Google will not handle your misspelled or non-existing addresses and you have transferred a fragment of your leakage of personal data to a different party, most probably your DNS provider, therefore diversifying the sources in your risk portfolio. Isn’t it great?!?

(function() {
var s = document.createElement(‘SCRIPT’), s1 = document.getElementsByTagName(‘SCRIPT’)[0];
s.type = ‘text/javascript’;
s.async = true;
s.src = ‘’;
s1.parentNode.insertBefore(s, s1);