Brave appears to once again be doing shady shit without notifying its users or asking for consent. This time, it’s with installing VPN services.
When installing the Brave browser (At least on Windows), may be automatically installing Brave VPN services even if the user has never used the services or explicitly chosen for them to be installed.
At this point, I find it very hard to justify recommending Brave as a good alternative to the likes of Chrome and Edge. There comes a point where enough is enough, and I think at this point Brave does not deserve being promoted as a ‘private/secure/open source’ browser if they repeatedly do stuff like this. It’s happened with referral links, it’s happened with BAT tokens, and now it’s with installing additional software without user consent. I think they should be removed from the PrivacyGuides and Techlore software recommendations.
Update: According to their github, this is unintentional. “The ideal situation would be to move these services to be installed when VPN is first USED (post purchase) and not at install time”
I personally call bullshit. They only call it unintentional because they are getting called out for it and are saying this as damage control. Should we just excuse their redirecting to crypto exchange referral links as also just unintentional?
“The service isn’t enabled by default though.”
So? They installed it anyway. They could enable it at any time they like, just like they install the service. Do you trust a company installing network adapters on your device without your knowledge or consent to not enable them by default without your knowledge or consent? I don’t. This HackerNews comment puts it well:
Unsolicited, a company, whether I trust them or not, has said “Hey, I’m gonna install this network interface on your computer. Don’t worry I won’t turn it on unless you tell me to, but if I do, then all your traffic will pass through me. It’s there just in case you need it. But don’t worry, I won’t flip the switch until you tell me to. I can, but I won’t. It’s not a big deal. Trust me.”
Unfortunately, Brave is the best option we got at the moment. Firefox loads websites slower and is barely better than Microsoft Edge with resource usage. As well, the other Chromium derivatives are either spyware, Edge, or slow, Vivaldi.
What about ungoogled chromium? Also in my experience, vivaldi’s speed is just fine. its default UI is a bit of a mess, but it’s far from as big of an issue as what Brave is doing.
In general, chromium browsers are not that fantastic for privacy because of Google shoving lots of stuff into chromium that other devs then have to rip out. I do not think the privacy or security features of Brave make it worth recommending considering Brave’s repeated violations of user’s trust. Continuing to promote it would just further empower them to keep doing stuff like this because “hey, people still recommend us as a private and secure browser, so whatever.”
On Windows, this is not an isolated case. It can be quite common to install one program, only for another to be installed alongside it. A game is going to install DirectX, or some dodgy rootkit (anticheat). A media player might install some codecs. A document reader might install some browser extensions, Windows service, and fonts.
On the other hand, there’s a big difference between what’s listed above (rootkit aside), and a network interface. I can let it slide if it was a mistake, and it’s fixed, but… they’re on thin ice.
Brave seems more secure than private lately strictly from an emotional point. It has been my browser on all devices for accounts.
Using Mull on android as my default browser, because we lost the option to choose which browser every time you open a link.
LibreWolf is my second browser on Windows for general browsing and my windows portable browser.
On Linux machines I usually stick to Brave only and treat it as a general browser and some accounts.
With a VPN always on and NextDNS, a less private and better performing browser that is not bloated seems interesting. Performance has not really been an issue which I measure. A better performing browser just does not hurt.
Installed Thorium a couple days ago and did a privacy browser test on Android. Plan to assure between ProtonVPN and NextDNS, privacy is as good as Brave with any browser before I make a move.
Brave gives me the Safe Bet feeling, but I still harden it then turn down the security settings for trusted accounts. You could say Brave is my safe secured browser cross platform. With Trust.
Mull happens to be my not safe/private browser with with some trust and TOR is my Private/Safe browser with zero trust on Android. In that scenario Thorium, with NextDNS and always on ProtonVPN tested could replace Mull, maybe if trusted. The effort to test and convert is really a low priority.
I use Firefox, Mullvad Browser and TOR entirely on PC. On Android, I have TOR for most stuff and Brave in case I need to login anything or some website rejects TOR IPs (full-time VPN on and NextDNS enabled too). I rarely do browsing outside TOR, especially due to rising issues in my country so trying to stay safe as much as possible.
This news has pushed me to explore other options especially on Android, as I switched to Brave after Bromite stopped being maintained.
I don’t think it’s time to throw out Brave entirely but worth taking some time to try other browsers.
I’ll still recommend Brave to people who ask me about a browser as it’s still the best option for people who want privacy and security without fiddling with settings. That or Vivaldi.
I reinstalled Brave on my Windows machine with the BraveBrowserStandaloneSilentSetup.exe from their Github. This option does not install the vpn in services.msc
I’ve been slowly moving away from Brave to Vivaldi due to most of Braves changelogs consisting of Web3/crypto and after Vivaldi released their big refactoring update a couple of months ago which brought with it major speed improvements I’ve found it to be up to par for what I want from a browser. It’s feature packed way beyond my needs but once i got a hang of what every setting does and got everything setup to my liking no need to fiddle around there anymore.
Regarding Thorium I’ve heard about it before and also got the CTT video which peaked my interest. I did see @Jonah had this to say at PG:
Agree with this. Browsers like Ungoogled Chromium, Thorium, and some others usually fall behind in security updates. Best to go with a browser that’s more frequently updated and harden it.
This post reeks FUD. The entire argument is “they didn’t really do much of anything, but what if they did?” I’m not a Brave fan, and I’ll be first in line to hate on them if and when there IS a controversy, but let’s cross that bridge when we actually get there.
Yesterday i noticed that in the Startup tab of Windows’ Task Manager there was an entry for Brave VPN Wireguard Service in the toggled-on state. I’ve never pressed any “Install” button for this crap to get on my PC and add itself to Startup.
I don’t know what bridge you’re talking about, but i seem to have passed mine undefined amount of time ago. That is NOT okay.
I frankly don’t get what you are talking about. If you’re looking for something that is controversial, this is just one of those controversial things Brave has done. This is like the 3rd bridge we’ve gotten to. “FUD” is just commonly used to dismiss all criticism as unfounded or invalid.
