Mail.ru Group recently announced the launch of its new Atom browser. The new product is designed to focus on user security and privacy. The company even launched a public program to detect vulnerabilities to evaluate the security of the new browser. If anyone finds a significant vulnerability, they receive RUB 1 mln.
Modern users insist on high network security. We all visit dozens or hundreds of resources routinely, some of which may be a potential threat to the security and privacy of our sensitive data. Mail.ru is building the first line of protection for its users from network threats with its new browser.
Atom's special panel designed to put the user in control of their own security is available in just one click from the main browser's window. The panel lets you quickly check important permissions granted to the site, and change these settings for a specific resource or all sites. For instance, you can deny access to your camera and microphone, or block third party cookies (e.g. advertiser networks). Annoying ads and intrusive offers to subscribe to notifications from sites can also be blocked in just a single click.
Privacy is at the top of Atom's priorities. For instance, developers made sure an incognito tab could be opened in just a single click right in the main browser's window. Now plane tickets or hotel prices can be compared with ease. For the most private sites, users can also activate “always open in incognito mode," and even more, totally disable any search history for the entire browser.
A secure browser should also be faultless in regards to critical vulnerabilities, which is why Mail.ru is also launching the Bug Bounty public program (to detect vulnerabilities) for its browser. The program is available on HackerOne.com, an international resource uniting “ethical hackers” from around the world. Any user can join in the search for potential vulnerabilities. According to competition rules, anyone who can find an RCE vulnerability (the possibility of executing arbitrary code in the browser when entering a malignant website) can win up to RUB 1 mln. If several researchers work as a team, the super prize will be divided between them.
Prior to reaching out to the public, the secure browser was already tested by Mail.Ru Group's cyber security team and in the official VK tester community. The public program for detecting vulnerabilities is the next stage in providing the highest level of security for the new product. The project team is also in talks with independent companies for regular browser audit services.
Product development will continue with active support from communities, including user-specific and security communities. A convenient built-in tool is also under development to gather feedback and suggestions. In addition, participation in security conferences, holding meetups, and conducting hackathons and extensive interviews with top experts are all planned to help get more recommendations and ideas from security officers.
As regards the browser's design, the team is also focused on creating a user-friendly and non-intrusive, yet informative interface. Several hackathons were held, and prototypes of various options were tested in the company's UX laboratories to help find the perfect balance.
The optimisation of loading times for Mail.Ru Group services (including social networks) was also a main priority to ensure instant access even if the user has a slow internet connection.