Brave bundles VPN software with their privacy focused browser. Web privacy focused people tend to distrust everything by default. Web privacy focused people begin thinking of Brave someday turning on the VPN service and tunneling your traffic through VPN nodes they control with nefarious intent.
I think that's the gist. Tbh, just installing a service that's disabled is, by itself, not that scary to me. If they were to ever turn it on without my consent, that's a real problem.
> Web privacy focused people begin thinking of Brave someday turning on the VPN service and tunneling your traffic through VPN nodes they control with nefarious intent.
No, it is more that any one company that installs unwanted stuff on my computer is probably not some thing I trust as a privacy-focused software. Besides that VPN services have extremely broad permissions to look at or modify traffic, so it might be a attack target if not properly secured (which it might not be if it was "accidentally" installed). It also might signal that brave is looking to become a much broader company besides their current browser-crypto-ads thing, which is worrying for privacy.
There are many reasons for an accidentally or not-really-accidentally vpn service being installed behind the users back is alarming.
> It also might signal that brave is looking to become a much broader company besides their current browser-crypto-ads thing, which is worrying for privacy
Soft agree, while noting that from their perspective, browsers are not a profitable offering, so they likely _need_ to expand to a broader product offering, without grant funding. Google has their obvious reasons for being in the browser market, Firefox receives grants if I remember correctly, Safari I assume only exists so Apple can attempt to keep people in their walled garden of software offerings. How do the maintainers of Brave get to make a living? Either by selling you something or selling you. I'd rather them try to sell me something, personally.
That said, I'm a current Brave user that still has one foot in the door for Firefox. If they keep this up, I might be back.
Sure, but that is worrying from a privacy perspective. For any other venture their value is their current installed base so they will probably try to use that either via bundling (as might have been the case here) or via cross-marketing (which is usually not privacy-friendly).
Either way I think a privacy-focused company not making enough money to survive on their (hopefully privacy-focused) products is not a good thing. Brave has been going through this for quite some time with BAT and crypto ads, mozilla has been going through it even longer with bloating expenses and google income.
Safari and Firefox development are both pretty much funded by Google paying them to be the default search engine. (Which is obviously hilarious from a privacy perspective)
Or without nefarious intent. I find it sketchy regardless of the intent behind it.
> just installing a service that's disabled is, by itself, not that scary to me.
It's not that it's scary, it's that it's intrusive. If you want to install stuff on my machine, get my consent first -- even if it's disabled by default.
> If you want to install stuff on my machine, get my consent first
I assume from their perspective, they have your consent, as you downloaded their browser install wizard and installed their product, including its widgets. But I agree, they should itemize all their widgets, and not install them by default. Though I am a bit jaded in this area, as most desktop software seems to come with widgets that install by default.
They installed their homemade VPN as part of the general browser install, without disclosing it or giving users ability to opt-out.
It's now possible for them to start proxying traffic through their servers, also without disclosing it to you. While this is likely just a case of them aggressively bundling their paid service bloatware, the fact that it's built into the app should be concerning.
Why would they need the in-between step of installing-but-disabling it first? If they are planning to do that, and you already have Brave installed, can't they just install it at that point?
I believe the concern is that the installed VPN can act as a man in the middle, watching all your IP traffic, in the worst case, and doing god knows what with the data in it.
I think that's the gist. Tbh, just installing a service that's disabled is, by itself, not that scary to me. If they were to ever turn it on without my consent, that's a real problem.