Yandex Blog

Yandex Browser Pioneers Built-in DNS Security

Yandex kits out its browser with built-in domain name system protection technology to safeguard all users of Yandex Browser against DNS spoofing. This is the first time a browser comes with a DNS security technology on board.

Yandex Browser’s built-in active security system Protect provides a comprehensive anti-fraud defense against the majority of currently existing cyber-threats. It automatically checks all downloaded files for viruses, warns users about dangerous websites, and protects their passwords when using public networks.

Yandex Browser’s newly added line of defence, DNSCrypt, is a protocol that authenticates communications between a browser requesting a DNS address of a website and a DNS server offering this address. Provided by renowned DNS security expert, OpenDNS, this protocol will now be doing its job right through the browser, without user's having to purchase, download or activate a separate security product.

DNS spoofing, when your requested website is replaced with a fraudulent website somewhere server-side, or router hijacking, when your router's DNS is changed by malware, according to the industry experts, affect millions of modems and routers worldwide.

Now, instead of going to an unknown DNS resolver, all your requests made through Yandex Browser will go straight to one of 80 secure and fast DNS servers owned by Yandex in multiple locations all over the world. In addition to using a verified DNS resolver, the DNSCrypt protocol encrypts communications between the browser and the server making them impossible to intercept.

Yandex Browser with DNSCrypt is available for Windows and OS X and can be downloaded from here. To start enjoying the browser's DNS protection, turn on the DNSCrypt encryption in settings.

The option to choose a DNS resolver to communicate with your Yandex Browser will become available in the near future.

New Concept Yandex.Browser Boosts Privacy and Launches as Beta

The minimalist concept version of our Yandex.Browser launched at the end of last year to respond to the highly interactive nature of contemporary web browsing is now available as a beta version, which is designed to also address the rising demand for personal privacy.

To meet the expectations of those users who would like to have more control over their digital footprint, we’re now rolling out a much more private beta version of the experimental Yandex.Browser, available in 15 languages, including English, German, Portuguese, Spanish and French.

Unlike in most browsers, sending the information about users’ behaviour to the developer (i.e. Yandex) in the private version of Yandex.Browser is disabled by default. While sharing browsing history and web cache can in principle be disabled in other browsers, this opportunity isn’t normally offered as a default option. Sharing users’ information helps developers better understand their behaviour and offer them a better browsing experience. The problem is that the right to make a decision whether to share this information is effectively removed from the user – few can find a pathway to customised privacy settings in a browser.

In addition to data sharing disabled by default, Yandex.Browser provides the ‘Stealth Mode’ option, which blocks analytics cookies, sharing plugins etc. This mode is activated by clicking a button conveniently located right next to the browser’s ‘smartbox’, a combined search and address bar, at the top of the screen. The source code of the built-in blocking extension was developed by AdGuard and is available on Github for anyone to see.


Safe browsing, as well as search suggestions appearing in the browser’s smartbox, is the feature indispensible for contemporary browsing that relies on sharing user information, albeit in an anonymised form. The safe browsing technology allows us to warn the user about unsafe websites. Each fraudulent or potentially harmful website that we identify in the process of indexing more than 30 million webpages every day is logged in our proprietary cloud database. Every time a user is about to visit a website, the website’s address is automatically checked against this database to see if it might be there and whether a warning should be shown.

We have modified the safe browsing technology to use it in our privacy-conscious version of Yandex.Browser. Instead of sending the full address of a website the user is about to visit to Yandex in order to check this address against the database of potentially harmful websites, Yandex.Browser only uses a fraction of a ‘hash’ of this website, which is checked against a ‘hashed’ database of potentially harmful websites on the user’s own computer. The browser uploads a ‘shell’ of this database to the user’s computer at the first launch. This database is then ready to be ‘filled’ with fractions of ‘hashed’ website addresses the user intends to visit. To keep this database updated and the user safe, Yandex.Browser synchs the database on the user’s computer with Yandex’s cloud database every hour, using only fractions of each hash.

Search suggestions in the browser’s smartbox give instant answers to users’ search queries without redirecting them to search results pages. The users of Yandex.Browser can at the first launch choose a default search provider from a selection of three, which varies depending on the user’s location.

To generate search suggestions, predict search terms and offer instant results without redirecting the user to the search results page, the browser has to share the search terms with the search provider as the user enters them into the browser’s smartbox. This option is enabled by default in Yandex.Browser. Although this type of data sharing can be disabled in settings, its benefits massively outweigh privacy risks. Also, web users have an opportunity to add any search provider they trust to the browser and set it as the default.

One of the flagship features of the new Yandex.Browser is rich search suggestions, which instantly take the user directly to the website, or even specific page on a specific website, via a widget and bypassing the search results page. Similarly, simple, straightforward searches in the smartbox of the new Yandex.Browser will retrieve simple and straightforward results right in the browser.

Other automated features essential for the contemporary web surfing, such as sending crash reports, resolving web navigation errors, or the autofill function, involve sharing users’ information in one form or another. These features remain enabled by default. The user has full control over this aspect of their browsing experience and can disable any or all of these features.

The beta version of experimental Yandex.Browser retains its minimalist look to offer the user unhindered experience interacting with the website. Browser tabs can now be toggled within groups, while tab groups can be moved within windows. Website information, the smartbox and favourite websites are hidden when not in use and can be summoned by clicking on the website’s header in Yandex.Browser.

Just like the alpha version of experimental Yandex.Browser, the beta version is available for Windows and OS X and can be downloaded at

Mail Encryption in Yandex.Mail

With the data privacy issues making front pages around the world, Yandex.Mail emails are passed from user’s device to the Yandex.Mail server, from the Yandex.Mail server to the receiving mail server and to their final destination on the addressee’s device, in safety. Messages sent or received by over 50 million users of the service are now securely protected from tapping into during a server-to-server transfer by encryption.

Opportunistic encryption protects data during transfer between internet users by encrypting it in one or more segments of the route, depending on encrypting capabilities of each party. If one of the messaging systems supports encryption, while the other one doesn’t, data transfer takes place anyway, albeit unencrypted.

Historically, electronic messaging services developed as desktop computer programs – email clients, which accessed and transferred user’s emails using Internet Message Access Protocol (IMAP), Post Office Protocol 3 (POP3) and Simple Mail Transfer Protocol (SMTP). These days, the majority of emails around the world is sent and received via web-based email services, which use a common data communication protocol, Hypertext Transfer Protocol (HTTP). These protocols are used to pass information from sender to sender’s mail server, from sender’s mail server to receiver’s mail server, and then to access this information on receiver’s mail server and pass it on to receiver. These protocols don’t offer data encryption and require an extension to convert plain text to an encrypted form.



Yandex.Mail, one of Russia’s most popular email services, whose users send about 15 million messages and receive about 100 million messages every day, is now using cryptographic protocols Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to provide secure communication between Yandex.Mail servers and the servers of other email systems. The service has been encrypting communication between users’ browsers and its servers since 2011, while data transfers between mailing clients and Yandex.Mail servers has been encrypted starting from 2009. All mobile versions of Yandex.Mail are shipped to end users with encrypting capabilities.


About 30% of all messages coming to Yandex.Mail servers are protected by encryption. We are always happy to see the messages in Yandex.Mail that arrive encrypted at each point of their path – from the sender’s browser to the sender’s mailing server using HTTPS to our mailing server using TLS over SMTP. This means that someone cares about people’s right for privacy as much as we do.