Brave appears to install VPN Services without user consent - gHacks Tech News
www.ghacks.net
Brave Software appears to be installing VPN services on Windows devices without user consent during Brave Browser updates.
  • Norgur@kbin.social
    3·
    11 months ago

    Okay, this article makes it sound like they found some hidden thing deep in obscure windows settings about brave doing something bad.

    On truth, they just installed Windows Services for their VPN to enable users to use the service. That’s what many apps do for dozens of reasons.

    I dislike Brave as much as the next guy, but let’s stick to things they really fuck up and not make Up issues that aren’t there.

    • jet@hackertalks.comEnglish
      2·
      11 months ago

      As somebody who routinely checks their window services looking for rogue applications adding yet another background service. It’s not cool. I don’t expect my browser to have a background service. Chrome has a background service updater in Windows. That’s terrible too.

    • krellor@kbin.social
      1·
      11 months ago

      I agree it is people looking for reasons to criticize. However, I do think VPN or anything that modifies your route tables should be subjected to more scrutiny than other app features due to potential for abuse. I wish browsers wouldn’t bundle them at all, or install them as part of their base.

      • MonkCanatella@sh.itjust.worksEnglish
        1·
        11 months ago

        Especially considering they were injecting affiliate links/replacing affiliate links with their own, everything they do should be seen through that lens. They literally thought it was either OK to do which means that behavior like this is going to happen and keep happening with them, OR they thought they could get away with it which ends up with the same result.

  • glad_cat@lemmy.sdf.orgEnglish
    2·
    11 months ago

    The same company that was modifying the content of the pages as an opt-out feature deeply hidden in the setting? (e.g. bitcoin stuff on every Reddit link)

    • whofearsthenight@lemm.eeEnglish
      1·
      11 months ago

      Surely you trust them with all of your traffic, though? They sound like good stewards and of course you’d want their VPN installed without your consent and you can definitely trust it’s not doing anything bad, right?

  • jet@hackertalks.comEnglish
    1·
    11 months ago

    This is my shocked face, the company with a history of ignoring user agency and doing shady shit… Does some shady shit and ignores user agency.

  • Vincent@kbin.social
    0·
    11 months ago

    Well, there’s a way to frame this as malicious. I’m not a fan of Brave, but it also installs, say, a spell checker without consent, or a Tor client. Sure, the code is there even if you don’t use it, but… What’s the actual harm?

    • glad_cat@lemmy.sdf.orgEnglish
      0·
      11 months ago

      The harm is that it’s installed. There is no reason for doing this. It can be done on demand in one second if the user subscribes to their VPN.

      It also shows once once again that they keep on doing their shady shit and still cannot be trusted (or at least that they are a bunch of incompetent developers).

          • DarkenLM@kbin.social
            1·
            11 months ago

            Firefox also installs telemetry and data reporting functions like most browsers, also libraries like libwebp, which are prone to critical vulnerabilities (as seen), encryption systems like Encrypted Client Hello, and software like Pocket, which some users never use, but it’s still there.

            Any browser will install many features that probably won’t be used. Saying that a browser that installs a feature like Tor or VPN (which aren’t even hidden, Brave publicly present those features) is automatically bad doesn’t sound reasonable to me.

              • DarkenLM@kbin.social
                1·
                11 months ago

                The point I’m making is that it’s not like Brave installed the VPN in secret, hidden away to it’s own devices. The code is there and a service is installed, sure, but it’s dormant until the user activates it.

      • Vincent@kbin.social
        1·
        11 months ago

        I mean, yes, it could’ve been differently, and as I understand it they’re going to. But as a user, how is your life worse with this than without this? What’s the impact of something being installed but not running?

  • governorkeagan@lemdro.idEnglish
    0·
    11 months ago

    I’m clearly out of the loop with the hate towards Brave. Why all the hate? Also, if it’s hated so much why is it still recommended on Privacy Guides?

    EDIT Thank you for all the informative responses!

    • Ghazi@mastodon.tn
      1·
      11 months ago

      @governorkeagan @throws_lemy Privacy Guides has a set of objective criteria to judge a browser’s security and privacy. People tend to hate Brave for reasons unrelated to security and privacy. Like the CEO’s politics, crypto (and recently AI) integration in the browser, some shady history about injecting referral codes, etc.
      Personally, I wish I could find an alternative that is as good as Brave. Until then, I’ll keep using it as it is perfect for my needs.