480
Brave appears to install VPN Services without user consent
(www.ghacks.net)
This is a most excellent place for technology news and articles.
Software installs services to make its features operate, including optional default off ones. More news at 10.
Either it does it at install time, or when you try to turn on the VPN after subscribing to it, it pops an UAC prompt to finish installing optional components. That's standard practice, and it's good for security because it means they can flag the browser itself as not capable of elevating privileges. They're not going to put a gaping security hole in their software so that idiots don't write articles about "installing things without your concent". You already consented to installing Brave, you can't be surprised Brave is installed.
As long as it deletes them when you uninstall, this is a complete non-issue.
I guess it depends on how much you trust a company (both now and in the future) to do something they shouldn't with this kind of setup, whether on purpose or though incompetence.
Personally, I don't software silently installing unrelated services to my machine just in case the company decides they want to have it running on my machine in the future.
It is an advertised feature though. It can and will use those services if you enable them.
Should it also not come with the binaries for the VPN feature at all? That has downsides: maybe you're on a laptop trying to bypass a network block that also blocks the download of the VPN software but the VPN would work.
So if it's to come with the binaries, why can't it install the service too, that defaults to off and manual launch? On Linux that'd be a systemd unit, on Windows it's probably an API call of some sort but they basically contain the same information: some metadata, an executable and the privileges to launch it as.
I'd never seen a Linux user complain about <1kb systemd unit file being installed that's disabled by default and only started on demand when the feature is requested as part of a package they install. It just is and doesn't hurt anyone. Don't want it, don't use it.
When I download software, I expect all its built-in features to be installed and usable even if I don't use them, nor want them. It's part of the package.
It's kind of borderline because the VPN really could and should be a separate product entirely, I don't want to launch a browser just to then on a VPN. But they made it a built-in feature that's advertised as such, so it shouldn't surprise anyone.
Especially given its proprietary software. If you're that privacy and security conscious, why are you using proprietary software and not Firefox or Chromium or whatever the latest flavor of degoogled Chromium fork du jour is. The service is nothing compared to all the other crap they could be running in the browser completely hidden from you. That service is super transparent and upfront, if they wanted to hide it they could easily hide it. If you really don't want it to run, you can even set it to disabled entirely, and Brave won't even be able to start it.
If you're that paranoid, you really should be running Linux or at least avoid as much closed source software as possible.
Yeah I mean there’s a lot wrong with brave but this is like getting mad at software for installing an autoupdate service