this post was submitted on 18 Oct 2023

308 points (93.0% liked)

Privacy

32029 readers

1613 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

308

Brave appears to install VPN Services without user consent (www.ghacks.net)

submitted 1 year ago by GlitzyArmrest@lemmy.world to c/privacy@lemmy.ml

77 comments fedilink hide all child comments

If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

you are viewing a single comment's thread
view the rest of the comments

[+] hottari@lemmy.ml -7 points 1 year ago (3 children)

Not possible to start or enable a created service without user intervention. You don't know what you are talking about.

[–] Ferk@kbin.social 10 points 1 year ago* (last edited 1 year ago) (1 children)

Systemd "enabled" services are literal symlinks... whenever a target runs, it tries to start also all the service files on its "wants" directory.

You can literally enable any service for next boot by making a symlink in /etc/systemd/system/multi-user.target.wants/ (or whichever other target you want it to run on) as root (and installation scripts are run as root).

ln -s /usr/lib/systemd/system/whatever.service  /etc/systemd/system/multi-user.target.wants/whatever.service

[–] hottari@lemmy.ml 0 points 1 year ago (1 children)

This is actually very close (just tested and confirmed it). I somehow stand corrected about requiring manual enablement but this is just using the package manager to do the dirty work for you.

However the program itself cannot write into those directories without root permissions. You still have to allow your package manager to do this with root permissions as mentioned.

[–] GlitzyArmrest@lemmy.world 2 points 1 year ago (1 children)

Installing as user does not require root, to be clear. You can use systemd without root by specifying user.

[–] hottari@lemmy.ml -1 points 1 year ago* (last edited 1 year ago) (1 children)

Installing a package requires root which will automatically give the package manager permission to write anywhere on the system. To create a systemd service in user that will automatically start at boot requires root, someguy here commented with the how.

However you can run any installed binary via Desktop files as a user (no root) on login by writing to ~/.config/autostart.

[–] GlitzyArmrest@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

My comment wasn't about installing the package. You seemed to think that systemd required root, which it does not. Further, you can have systemd user processes start at boot. I do this exact thing with Duplicacy, no root required.

[–] hottari@lemmy.ml 0 points 1 year ago

The entire premise is for a package/manager to create a running/permanent service that will be started after boot AND does not require user intervention (for the avoidance of doubt, enabling the systemd service counts as intervention).

One way to do this is to create the service file and do the symlink to a folder that systemd automatically runs on boot. For both user and system systemd files you require root to make these modifications.

Another way is to create a Desktop file in the path I shared.

If you have more ways I'd be happy to hear them.

[–] clmbmb@lemmy.dbzer0.com 5 points 1 year ago (1 children)

OK.. challenge accepted. Maybe you don't know about systemd user services.

Content of mytrojan.sh:

#!/usr/bin/env bash

echo "Writing the service unit file"

cat > ~/.config/systemd/user/my_test_service.service &lt;&lt; EOF
[Unit]
Description=Script Daemon For Test User Services

[Service]
Type=simple
User=
#Group=
ExecStart=/home/user/bin/myscript.sh
Restart=on-failure
StandardOutput=file:%h/log_file

[Install]
WantedBy=default.target
EOF

echo "Reloading systemd for the user"
systemctl --user daemon-reload || exit 1

echo "Enabling and starting the service"
systemctl --user enable --now my_test_service.service

Content of myscript.sh:

$ cat ~/bin/myscript.sh
#!/usr/bin/env bash

while true
do
    now=$(date)
    me=$(whoami)
    echo "User $me at $now"
    sleep 10
done

Now run the script (mytrojan.sh) and check service status after that:

$ ./mytrojan.sh
Writing the service unit file
Reloading systemd for the user
Enabling and starting the service
$ systemctl --user status my_test_service.service
● my_test_service.service - Script Daemon For Test User Services
     Loaded: loaded (/home/user/.config/systemd/user/my_test_service.service; enabled; vendor preset: ena>
     Active: active (running) since Thu 2023-10-19 12:15:21 EEST; 6s ago
   Main PID: 1666383 (myscript.sh)
      Tasks: 2 (limit: 18757)
     Memory: 556.0K
        CPU: 4ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/my_test_service.service
             ├─1666383 /bin/bash /home/user/bin/myscript.sh
             └─1666387 sleep 10

Oct 19 12:15:21 tesla systemd[1866318]: Started Script Daemon For Test User Services

[–] hottari@lemmy.ml -3 points 1 year ago (2 children)

You failed. This requires the user to run a script aka manual intervention.

[–] helpImTrappedOnline@lemmy.world 5 points 1 year ago (1 children)

Now imagine that the script is set to run as part of the brave installation - you type "yes" please download brave, brave installs brave and runs this script. Linux isn't immune to malware as you seem to think.

[–] hottari@lemmy.ml 0 points 1 year ago

You would need the power of root to do all these aforementioned things (run a VPN service).

And am not saying that Linux is immune to malware, just that it's not out of the norm to have package managers install services crucial for operation during installation. Since Windows doesn't have package managers, I'm gonna replace package managers with packages in this reasoning.

[–] clmbmb@lemmy.dbzer0.com 2 points 1 year ago (1 children)

I thought that you only were ignorant, but no, you're more than that!

[–] hottari@lemmy.ml 0 points 1 year ago

Maybe am ignorant but at least I understand the questions before I answer them.

[–] aniki@lemm.ee 5 points 1 year ago (1 children)

bruh a unit file can be written to the system or to the user profile

systemctl --user enable name.service

And i can most certainly write bash, and do write bash scripts, that write unit files to both user and system profiles.

Maybe you dont know what your talkign about. just because most install scripts don't include enabling the unit file for the system, doesn't mean they can't.

[–] hottari@lemmy.ml -1 points 1 year ago (1 children)

Bruh you just ran the command to enable the 'written' service. Comprehension is a problem in this community.

[–] aniki@lemm.ee 3 points 1 year ago* (last edited 1 year ago) (1 children)

The fuck are you talking about?

https://wiki.archlinux.org/title/Systemd/User#Basic_setup

Basic setup

All the user units will be placed in ~/.config/systemd/user/. If you want to start units on first login, execute systemctl --user enable unit for any unit you want to be autostarted.

Comprehension is a problem in this community.

Apparently so is RTFM and understanding how things actually work.

[–] hottari@lemmy.ml 0 points 1 year ago (1 children)

Read my argument again.

[–] aniki@lemm.ee 1 points 1 year ago

nah