this post was submitted on 18 Oct 2023
293 points (100.0% liked)

Privacy Guides

16746 readers
2 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
all 41 comments
sorted by: hot top controversial new old
[–] Norgur@kbin.social 105 points 1 year ago (3 children)

Okay, this article makes it sound like they found some hidden thing deep in obscure windows settings about brave doing something bad.

On truth, they just installed Windows Services for their VPN to enable users to use the service. That's what many apps do for dozens of reasons.

I dislike Brave as much as the next guy, but let's stick to things they really fuck up and not make Up issues that aren't there.

[–] jet@hackertalks.com 66 points 1 year ago* (last edited 1 year ago)

As somebody who routinely checks their window services looking for rogue applications adding yet another background service. It's not cool. I don't expect my browser to have a background service. Chrome has a background service updater in Windows. That's terrible too.

[–] krellor@kbin.social 33 points 1 year ago (1 children)

I agree it is people looking for reasons to criticize. However, I do think VPN or anything that modifies your route tables should be subjected to more scrutiny than other app features due to potential for abuse. I wish browsers wouldn't bundle them at all, or install them as part of their base.

[–] MonkCanatella@sh.itjust.works 16 points 1 year ago

Especially considering they were injecting affiliate links/replacing affiliate links with their own, everything they do should be seen through that lens. They literally thought it was either OK to do which means that behavior like this is going to happen and keep happening with them, OR they thought they could get away with it which ends up with the same result.

[–] glad_cat@lemmy.sdf.org 75 points 1 year ago (1 children)

The same company that was modifying the content of the pages as an opt-out feature deeply hidden in the setting? (e.g. bitcoin stuff on every Reddit link)

[–] whofearsthenight@lemm.ee 8 points 1 year ago

Surely you trust them with all of your traffic, though? They sound like good stewards and of course you'd want their VPN installed without your consent and you can definitely trust it's not doing anything bad, right?

[–] jet@hackertalks.com 48 points 1 year ago

This is my shocked face, the company with a history of ignoring user agency and doing shady shit... Does some shady shit and ignores user agency.

[–] IronKrill@lemmy.ca 42 points 1 year ago* (last edited 1 year ago) (1 children)

Open article -> get prompted for notifications and full-screen cookie consent pop up -> deny notifications -> click through cookie menu, accept -> finally see article for .5 nano seconds -> trending articles popup -> click the x on trending -> tab crashes.

I think I know why people only read the headline nowadays.

[–] AdventuringAardvark@lemmy.one 5 points 1 year ago* (last edited 1 year ago)

If you use uBO on medium mode, you don't see any notifications, consent banners or pop-ups.

[–] Teon@kbin.social 28 points 1 year ago

You get what you deserve if you use Brave. It will only get worse.

[–] Vincent@kbin.social 16 points 1 year ago (1 children)

Well, there's a way to frame this as malicious. I'm not a fan of Brave, but it also installs, say, a spell checker without consent, or a Tor client. Sure, the code is there even if you don't use it, but... What's the actual harm?

[–] glad_cat@lemmy.sdf.org 26 points 1 year ago (2 children)

The harm is that it’s installed. There is no reason for doing this. It can be done on demand in one second if the user subscribes to their VPN.

It also shows once once again that they keep on doing their shady shit and still cannot be trusted (or at least that they are a bunch of incompetent developers).

[–] DarkenLM@kbin.social 6 points 1 year ago (2 children)

You know Firefox installs a bunch of stuff by default as well, right?

[–] Scary_le_Poo@beehaw.org 5 points 1 year ago (1 children)
[–] DarkenLM@kbin.social 4 points 1 year ago (1 children)

Firefox also installs telemetry and data reporting functions like most browsers, also libraries like libwebp, which are prone to critical vulnerabilities (as seen), encryption systems like Encrypted Client Hello, and software like Pocket, which some users never use, but it's still there.

Any browser will install many features that probably won't be used. Saying that a browser that installs a feature like Tor or VPN (which aren't even hidden, Brave publicly present those features) is automatically bad doesn't sound reasonable to me.

[–] dukethorion@lemmy.world 3 points 1 year ago

They don't want to hear that.

[–] Vincent@kbin.social 3 points 1 year ago

I mean, yes, it could've been differently, and as I understand it they're going to. But as a user, how is your life worse with this than without this? What's the impact of something being installed but not running?

[–] Scary_le_Poo@beehaw.org 15 points 1 year ago

Thank fuck for Firefox reading mode

full article because this site sucks fucking cock

www.ghacks.net Brave appears to install VPN Services without user consent - gHacks Tech News Martin Brinkmann 3 - 4 minutes

If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

Brave Software is not the only browser maker that has integrated a VPN solution in its browser. Mozilla, maker of Firefox, entered into a cooperation with Mullvad and launched Mozilla VPN in 2020. Brave Browser's installation of VPN services on Windows

Brave Browser Windows VPN Service

A post on Privacy Guides suggests that Brave Browser installs its VPN Service without user consent and regardless of whether the VPN is used or has been used in the past.

You can verify this easily by following these steps:

Use Windows-R to open the Run box.
Type services.msc to open the Services manager on Windows.
Scroll down until you come to the Brave section there.
Check for Brave VPN Service and Brave VPN Wireguard Service.

If they exist, Brave has installed the services on your device. If you were never subscribed to Brave Firewall + VPN, the company may have done so without your consent.

The two services have no description, the startup type Manual and Manual Trigger Start.

There is no explanation why these services got installed on the system. Cautious users may set the two Services to disabled:

Right-click on one of the services and select Properties.
Switch the Startup type from Manual to Disabled.
Repeat the process for the second VPN service.

Deleting the Windows services is another option. The main issue here is that there is no guarantee that a browser update won't install the Services again. You'd need to monitor the services whenever Brave Browser updates to make sure of that.

Some users who replied to the discussion on Privacy Guides said that they did not have these services installed.

Closing Words

Why are the VPN services installed in first place? Brave made no announcement in this regard. Maybe so that users can start using the VPN immediately on Windows and not after a restart.

In any event, you now have the tools at hand to check for the services and either disable or delete them.

Now You: do you use Brave Browser?

Summary

Brave is installing VPN Services without user consent

Article Name

Brave is installing VPN Services without user consent

Description

Brave Software appears to be installing VPN services on Windows devices without user consent during Brave Browser updates.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo Ghacks Technology News

Advertisement

[–] Eggroley@lemmy.world 13 points 1 year ago

I mainly use brave as an alternative browser for when things are acting a bit iffy on Librewolf.

Yesterday I saw their VPN service running on the task manager. Hadn't used brave for a week. Immediately uninstalled.

[–] smeg@feddit.uk 9 points 1 year ago (1 children)

I think you've double-posted

[–] throws_lemy@lemmy.nz 11 points 1 year ago (1 children)

I have deleted the previous post, but there seems to be a synchronization problem with other instances

[–] smeg@feddit.uk 4 points 1 year ago

Yeah, weirdly it shows up as a cross-post to the same community but not every client shows them both at once. I've seen it before and I think it was to do with cross-instance syncing then as well.

[–] governorkeagan@lemdro.id 7 points 1 year ago* (last edited 1 year ago) (5 children)

I’m clearly out of the loop with the hate towards Brave. Why all the hate? Also, if it’s hated so much why is it still recommended on Privacy Guides?

EDIT Thank you for all the informative responses!

[–] witchdoctor@lemmy.basedcount.com 21 points 1 year ago* (last edited 1 year ago)

Also, if it’s hated so much why is it still recommended on Privacy Guides?

Non-unironically, Brave paid shills.

[–] sir_reginald@lemmy.world 18 points 1 year ago* (last edited 1 year ago)

Why all the hate?

Have you read the article? They install their VPN before the user decides to use that service, when they could simply install it when the user decides to subscribe to their VPN.

I'm going to be downvoted for this but it's recommended on privacy guides because they generally lack strict criteria with browsers. Both Firefox and Brave make automatic connections that shouldn't be allowed.

[–] ghazi@mastodon.tn 7 points 1 year ago

@governorkeagan @throws_lemy Privacy Guides has a set of objective criteria to judge a browser's security and privacy. People tend to hate Brave for reasons unrelated to security and privacy. Like the CEO's politics, crypto (and recently AI) integration in the browser, some shady history about injecting referral codes, etc.
Personally, I wish I could find an alternative that is as good as Brave. Until then, I'll keep using it as it is perfect for my needs.

[–] penquin@lemm.ee 5 points 1 year ago (2 children)

I've discovered a new browser to use as a secondary one to Firefox in case I needed a chromium based one. Thorium. This thing is insanely fast. Brave what?

[–] HubertManne@kbin.social 1 points 1 year ago

Ive liked iron. it doesn't look to do anything but remove da google.

[–] randomaside@lemmy.dbzer0.com 5 points 1 year ago (1 children)

I originally started using brave because at the time it was the most feature complete alternative to chrome. Now I would like to switch but I would still use chrome cast for music streaming (I have quite a few of them).

Last time I checked casting audio was missing as a feature in most deGooogled versions of chrome. Does anyone have any suggestions for browsers that allow me to stream audio from my browser to Google Chromecast?

[–] iSeth@lemmy.ml 2 points 1 year ago

Can you stream audio from VLC?