If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

  • 9point6@lemmy.world
    link
    fedilink
    arrow-up
    103
    arrow-down
    16
    ·
    1 year ago

    Brave, owned by Brendan Eich who has donated to homophobic charities and whose browser promotes a load of crypto bro shit on the new tab page.

    Unironically, using straight up Google Chrome is better IMO

    • seaQueue@lemmy.world
      link
      fedilink
      arrow-up
      47
      arrow-down
      5
      ·
      1 year ago

      Bro missed his crypto scam chance by 6-12mo and just won’t give up.

      I tell people to use open source Chromium, Firefox or … Hell, use Vivaldi or something. Brave is a bad time waiting to happen at this point.

    • TWeaK@lemm.ee
      link
      fedilink
      English
      arrow-up
      36
      arrow-down
      3
      ·
      1 year ago

      Now we just gotta wait for the CEO to go on a marketing campaign for new users, in an attempt to drown out the story.

    • HurlingDurling@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Why is a server in Washington DC not safe and secure? I’ll give you private against government snooping it’s not, but it can still be safe and secure.

        • HurlingDurling@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          But it isn’t the entire point tho, I use it when connected to public wifi networks to keep my connection secure. Sure, not letting your local ISP spy on you and report it to the gov is one but not the entire point.

  • Sygheil@lemmy.worldB
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    4
    ·
    1 year ago

    I’ve seen this software behaviour back in the day, oh wait its called trojan.

  • Treczoks@lemm.ee
    link
    fedilink
    arrow-up
    14
    arrow-down
    4
    ·
    1 year ago

    And spyware for free, and I would not be surprised if they included an insecure backdoor at no extra cost.

      • Treczoks@lemm.ee
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Both shitty, yes, but an unsecure backdoor is opening the door to every hacker on the planet, not just one group.

        • SnipingNinja@slrpnk.net
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I was disagreeing that a backdoor can ever be secure, because by definition it’s a way to bypass security protocols and if one person can bypass them, there’s no guarantee others can’t too.

          • Treczoks@lemm.ee
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Of course, no backdoor is secure, but among them, there are the just plain bad and the even worse.

  • donkeystomple@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    2
    ·
    1 year ago

    Well I feel better about making the switch to Firefox now, and doing a custom user.js

    • chris@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      I’ve posted a similar question to asklemmy but more over the focus on preference than privacy. In short the search engine Kagi is really good, Brave search was what I had used for a while. I think search engine choice is a case by case kinda thing, each person uses what they like. There are some other engines I forgot from my post which are more privacy centered.

        • chris@lemmy.ml
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          2
          ·
          1 year ago

          Yes it is 10 dollars a month, but you can create an account and try it for free to see if it is for you. It also does not use your data nor push advertisements which explains the cost.

          • 👁️👄👁️@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            6
            ·
            edit-2
            1 year ago

            ddg does that for free

            $10/mo is also crazy overpriced for a search engine, they’re really not resource intensive at all

            • SnipingNinja@slrpnk.net
              link
              fedilink
              arrow-up
              6
              arrow-down
              2
              ·
              1 year ago

              ddg relies on Bing so it isn’t really comparable, idk about kagi’s costs but they claim 1.2 cent per search and an average of 700 searches per month (as what they are serving and hence pricing for)

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    1 year ago

    I use Vivaldi, Andisearch and Mojeek. I’m going fine with these. As VPN Proton

  • Aatube@kbin.social
    link
    fedilink
    arrow-up
    8
    arrow-down
    16
    ·
    1 year ago

    u/@Max_P said this at the !technology thread:

    Software installs services to make its features operate, including optional default off ones. More news at 10.

    This is just like any other optional feature of Chromium you don’t use

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    13
    ·
    1 year ago

    That doesn’t really seem that bad. There are issues with brave but that’s not one of them

    • Muehe@lemmy.ml
      link
      fedilink
      arrow-up
      8
      arrow-down
      2
      ·
      1 year ago

      A VPN provider has the same level of insight into your traffic as an ISP does when not using a VPN. If having one installed without your consent isn’t a privacy issue I don’t know what is…

        • Ace T'Ken@lemmy.ca
          link
          fedilink
          English
          arrow-up
          10
          ·
          1 year ago

          I just looked on a VM I spun up for risky shit. It seems to be opt-in only.

          Is it a good VPN? No. Is it worth the overreacting that Lemmy seems to do every time someone mentions Brave? No.

          But hey, social media.

        • Muehe@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Unclear to me, according to the OP the service is set to manual start. But there is an event trigger attached to the service and the article doesn’t mention what that event is.

  • hottari@lemmy.ml
    link
    fedilink
    arrow-up
    5
    arrow-down
    19
    ·
    1 year ago

    I don’t use Windows but if you install a program that requires a service on Linux, the service will be written to your system’s services daemon awaiting your activation. I don’t see what the issue with that is.

    • citytree@lemmy.ml
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      edit-2
      1 year ago

      What’s to stop the installer on Linux from configuring the service such that the service always runs on boot? e.g. systemctl enable malware.service.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Linux doesn’t have “installers” as Linux uses package managers. The only way you can get malware is if you manually add a bad repo.

        So it doesn’t really matter in the long run

        • AtmaJnana@lemmy.world
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Linux doesn’t have “installers” as Linux uses package managers. The only way you can get malware is if you manually add a bad repo.

          Are you really serious making this claim? lol.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Yes, prove me wrong. As long as your running a up to date system there shouldn’t be anything that could be easily compromised.

            • AtmaJnana@lemmy.world
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              1 year ago

              I’ve been using Linux (and UNIX) professionally since the kernel version started with a “1.” I have no need to try to prove anything to you. Linux has installers other than just those invoked by a package manager, and it is laughable that you claim otherwise.

      • hottari@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        11
        ·
        edit-2
        1 year ago

        You still need to manually enable the service. The configuration of the service has zero effect on its activation or lifecycle.

        • calm.like.a.bomb@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          1 year ago

          Huh? Any script can create a service, enable it and then start it. What would make you think the brave package (or just the application itself) can’t do this?

          • hottari@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            9
            ·
            1 year ago

            Not possible to start or enable a created service without user intervention. You don’t know what you are talking about.

            • Ferk@kbin.social
              link
              fedilink
              arrow-up
              11
              arrow-down
              1
              ·
              edit-2
              1 year ago

              Systemd “enabled” services are literal symlinks… whenever a target runs, it tries to start also all the service files on its “wants” directory.

              You can literally enable any service for next boot by making a symlink in /etc/systemd/system/multi-user.target.wants/ (or whichever other target you want it to run on) as root (and installation scripts are run as root).

              ln -s /usr/lib/systemd/system/whatever.service  /etc/systemd/system/multi-user.target.wants/whatever.service
              
              
              • hottari@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                2
                ·
                1 year ago

                This is actually very close (just tested and confirmed it). I somehow stand corrected about requiring manual enablement but this is just using the package manager to do the dirty work for you.

                However the program itself cannot write into those directories without root permissions. You still have to allow your package manager to do this with root permissions as mentioned.

                • GlitzyArmrest@lemmy.worldOP
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Installing as user does not require root, to be clear. You can use systemd without root by specifying user.

            • calm.like.a.bomb@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              1
              ·
              1 year ago

              OK… challenge accepted. Maybe you don’t know about systemd user services.

              Content of mytrojan.sh:

              #!/usr/bin/env bash
              
              echo "Writing the service unit file"
              
              cat > ~/.config/systemd/user/my_test_service.service << EOF
              [Unit]
              Description=Script Daemon For Test User Services
              
              [Service]
              Type=simple
              User=
              #Group=
              ExecStart=/home/user/bin/myscript.sh
              Restart=on-failure
              StandardOutput=file:%h/log_file
              
              [Install]
              WantedBy=default.target
              EOF
              
              echo "Reloading systemd for the user"
              systemctl --user daemon-reload || exit 1
              
              echo "Enabling and starting the service"
              systemctl --user enable --now my_test_service.service
              

              Content of myscript.sh:

              $ cat ~/bin/myscript.sh
              #!/usr/bin/env bash
              
              while true
              do
                  now=$(date)
                  me=$(whoami)
                  echo "User $me at $now"
                  sleep 10
              done
              

              Now run the script (mytrojan.sh) and check service status after that:

              $ ./mytrojan.sh
              Writing the service unit file
              Reloading systemd for the user
              Enabling and starting the service
              $ systemctl --user status my_test_service.service
              ● my_test_service.service - Script Daemon For Test User Services
                   Loaded: loaded (/home/user/.config/systemd/user/my_test_service.service; enabled; vendor preset: ena>
                   Active: active (running) since Thu 2023-10-19 12:15:21 EEST; 6s ago
                 Main PID: 1666383 (myscript.sh)
                    Tasks: 2 (limit: 18757)
                   Memory: 556.0K
                      CPU: 4ms
                   CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/my_test_service.service
                           ├─1666383 /bin/bash /home/user/bin/myscript.sh
                           └─1666387 sleep 10
              
              Oct 19 12:15:21 tesla systemd[1866318]: Started Script Daemon For Test User Services
              
              • hottari@lemmy.ml
                link
                fedilink
                arrow-up
                2
                arrow-down
                5
                ·
                1 year ago

                You failed. This requires the user to run a script aka manual intervention.

                • helpImTrappedOnline@lemmy.world
                  link
                  fedilink
                  arrow-up
                  6
                  arrow-down
                  1
                  ·
                  1 year ago

                  Now imagine that the script is set to run as part of the brave installation - you type “yes” please download brave, brave installs brave and runs this script. Linux isn’t immune to malware as you seem to think.