Brave appears to install VPN Services without user consent - gHacks Tech News
www.ghacks.netIf you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.
Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.43K Posts
- 57.3K Comments
- Modlog
I use Vivaldi, Andisearch and Mojeek. I’m going fine with these. As VPN Proton
Why is every fucking post in the privacy communities just a circle jerk about Brave?
I know “not everyone who cares about security has anything to hide” but the fact they’re so eager to use the pedophile browser is… concerning.
Marketing
What is the consensus here on using Brave search in Firefox?
I use Brave Search on Firefox, but I mostly use the shortcuts it provides like !yt and !g. A few months back I mostly used it over google, but the search results more times than not have been worse in comparison for me.
deleted by creator
Oh, thanks I forgot it was called bangs. I used DDG a few years ago but missed some features from Google, so I ended up giving up on it, maybe I’ll try again soon.
It’s giga cringe
I’ve posted a similar question to asklemmy but more over the focus on preference than privacy. In short the search engine Kagi is really good, Brave search was what I had used for a while. I think search engine choice is a case by case kinda thing, each person uses what they like. There are some other engines I forgot from my post which are more privacy centered.
Kagi is a literal scam
Yes it is 10 dollars a month, but you can create an account and try it for free to see if it is for you. It also does not use your data nor push advertisements which explains the cost.
deleted by creator
ddg does that for free
$10/mo is also crazy overpriced for a search engine, they’re really not resource intensive at all
ddg relies on Bing so it isn’t really comparable, idk about kagi’s costs but they claim 1.2 cent per search and an average of 700 searches per month (as what they are serving and hence pricing for)
If you mean has a crawler, ddg does crawl and augments with bing. Kagi doesn’t have any crawler.
And yet, Kagi’s search results far surpass both DDG and Bing.
removed by mod
That doesn’t really seem that bad. There are issues with brave but that’s not one of them
A VPN provider has the same level of insight into your traffic as an ISP does when not using a VPN. If having one installed without your consent isn’t a privacy issue I don’t know what is…
Is it activated by default though?
Unclear to me, according to the OP the service is set to manual start. But there is an event trigger attached to the service and the article doesn’t mention what that event is.
I just looked on a VM I spun up for risky shit. It seems to be opt-in only.
Is it a good VPN? No. Is it worth the overreacting that Lemmy seems to do every time someone mentions Brave? No.
But hey, social media.
Apparently we need a anti brave circle jerk
Well I feel better about making the switch to Firefox now, and doing a custom user.js
If you care about privacy at all why are you installing brave
And spyware for free, and I would not be surprised if they included an insecure backdoor at no extra cost.
As compared to a secure backdoor?
Both shitty, yes, but an unsecure backdoor is opening the door to every hacker on the planet, not just one group.
I was disagreeing that a backdoor can ever be secure, because by definition it’s a way to bypass security protocols and if one person can bypass them, there’s no guarantee others can’t too.
Of course, no backdoor is secure, but among them, there are the just plain bad and the even worse.
Well, yeah, wouldn’t want the users knowing about it.
I don’t use Windows but if you install a program that requires a service on Linux, the service will be written to your system’s services daemon awaiting your activation. I don’t see what the issue with that is.
What’s to stop the installer on Linux from configuring the service such that the service always runs on boot? e.g.
systemctl enable malware.service.Linux doesn’t have “installers” as Linux uses package managers. The only way you can get malware is if you manually add a bad repo.
So it doesn’t really matter in the long run
Are you really serious making this claim? lol.
Yes, prove me wrong. As long as your running a up to date system there shouldn’t be anything that could be easily compromised.
I’ve been using Linux (and UNIX) professionally since the kernel version started with a “1.” I have no need to try to prove anything to you. Linux has installers other than just those invoked by a package manager, and it is laughable that you claim otherwise.
deleted by creator
You still need to manually enable the service. The configuration of the service has zero effect on its activation or lifecycle.
Huh? Any script can create a service, enable it and then start it. What would make you think the brave package (or just the application itself) can’t do this?
Not possible to start or enable a created service without user intervention. You don’t know what you are talking about.
OK… challenge accepted. Maybe you don’t know about systemd user services.
Content of
mytrojan.sh:Content of
myscript.sh:Now run the script (
mytrojan.sh) and check service status after that:You failed. This requires the user to run a script aka manual intervention.
I thought that you only were ignorant, but no, you’re more than that!
Now imagine that the script is set to run as part of the brave installation - you type “yes” please download brave, brave installs brave and runs this script. Linux isn’t immune to malware as you seem to think.
removed by mod
Bruh you just ran the command to enable the ‘written’ service. Comprehension is a problem in this community.
removed by mod
Systemd “enabled” services are literal symlinks… whenever a target runs, it tries to start also all the service files on its “wants” directory.
You can literally enable any service for next boot by making a symlink in
/etc/systemd/system/multi-user.target.wants/(or whichever other target you want it to run on) as root (and installation scripts are run as root).This is actually very close (just tested and confirmed it). I somehow stand corrected about requiring manual enablement but this is just using the package manager to do the dirty work for you.
However the program itself cannot write into those directories without root permissions. You still have to allow your package manager to do this with root permissions as mentioned.
Installing as user does not require root, to be clear. You can use systemd without root by specifying user.
I’ve seen this software behaviour back in the day, oh wait its called trojan.
Yet another reason to not use Brave.
u/@Max_P said this at the !technology thread:
This is just like any other optional feature of Chromium you don’t use
Check out thorium.rocks It is a fork of Chromium with performance and security improvement. Chris Titus recommends it.
removed by mod
Thorium isn’t good at all imo. They don’t really do much to enhance privacy/security, and have constantly delayed updates. It seems to be ran entirely by 1 college kid in his free time.
I like Chris Titus, but I wouldn’t really use him as a source for privacy/security advice.
removed by mod
Even better, ditch chromium altogether. There are many performance and privacy focused Firefox forks.
The developer of Thorium has a fork of Firefox called Mercury. Hmmm… Some obviously didn’t check out the website.
Brave, owned by Brendan Eich who has donated to homophobic charities and whose browser promotes a load of crypto bro shit on the new tab page.
Unironically, using straight up Google Chrome is better IMO
deleted by creator
deleted by creator
Bro missed his crypto scam chance by 6-12mo and just won’t give up.
I tell people to use open source Chromium, Firefox or … Hell, use Vivaldi or something. Brave is a bad time waiting to happen at this point.