Yeah, weirdly it shows up as a cross-post to the same community but not every client shows them both at once. I’ve seen it before and I think it was to do with cross-instance syncing then as well.
The same company that was modifying the content of the pages as an opt-out feature deeply hidden in the setting? (e.g. bitcoin stuff on every Reddit link)
Surely you trust them with all of your traffic, though? They sound like good stewards and of course you’d want their VPN installed without your consent and you can definitely trust it’s not doing anything bad, right?
Well, there's a way to frame this as malicious. I'm not a fan of Brave, but it also installs, say, a spell checker without consent, or a Tor client. Sure, the code is there even if you don't use it, but... What's the actual harm?
The harm is that it’s installed. There is no reason for doing this. It can be done on demand in one second if the user subscribes to their VPN.
It also shows once once again that they keep on doing their shady shit and still cannot be trusted (or at least that they are a bunch of incompetent developers).
Firefox also installs telemetry and data reporting functions like most browsers, also libraries like libwebp, which are prone to critical vulnerabilities (as seen), encryption systems like Encrypted Client Hello, and software like Pocket, which some users never use, but it's still there.
Any browser will install many features that probably won't be used. Saying that a browser that installs a feature like Tor or VPN (which aren't even hidden, Brave publicly present those features) is automatically bad doesn't sound reasonable to me.
The point I'm making is that it's not like Brave installed the VPN in secret, hidden away to it's own devices. The code is there and a service is installed, sure, but it's dormant until the user activates it.
I mean, yes, it could've been differently, and as I understand it they're going to. But as a user, how is your life worse with this than without this? What's the impact of something being installed but not running?
I’ve discovered a new browser to use as a secondary one to Firefox in case I needed a chromium based one. Thorium. This thing is insanely fast. Brave what?
I agree it is people looking for reasons to criticize. However, I do think VPN or anything that modifies your route tables should be subjected to more scrutiny than other app features due to potential for abuse. I wish browsers wouldn't bundle them at all, or install them as part of their base.
Especially considering they were injecting affiliate links/replacing affiliate links with their own, everything they do should be seen through that lens. They literally thought it was either OK to do which means that behavior like this is going to happen and keep happening with them, OR they thought they could get away with it which ends up with the same result.
I originally started using brave because at the time it was the most feature complete alternative to chrome. Now I would like to switch but I would still use chrome cast for music streaming (I have quite a few of them).
Last time I checked casting audio was missing as a feature in most deGooogled versions of chrome. Does anyone have any suggestions for browsers that allow me to stream audio from my browser to Google Chromecast?
Have you read the article? They install their VPN before the user decides to use that service, when they could simply install it when the user decides to subscribe to their VPN.
I’m going to be downvoted for this but it’s recommended on privacy guides because they generally lack strict criteria with browsers. Both Firefox and Brave make automatic connections that shouldn’t be allowed.
@governorkeagan@throws_lemy Privacy Guides has a set of objective criteria to judge a browser's security and privacy. People tend to hate Brave for reasons unrelated to security and privacy. Like the CEO's politics, crypto (and recently AI) integration in the browser, some shady history about injecting referral codes, etc.
Personally, I wish I could find an alternative that is as good as Brave. Until then, I'll keep using it as it is perfect for my needs.
Open article -> get prompted for notifications and full-screen cookie consent pop up -> deny notifications -> click through cookie menu, accept -> finally see article for .5 nano seconds -> trending articles popup -> click the x on trending -> tab crashes.
I think I know why people only read the headline nowadays.
www.ghacks.net Brave appears to install VPN Services without user consent - gHacks Tech News Martin Brinkmann 3 - 4 minutes
If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.
Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.
Brave Software is not the only browser maker that has integrated a VPN solution in its browser. Mozilla, maker of Firefox, entered into a cooperation with Mullvad and launched Mozilla VPN in 2020. Brave Browser’s installation of VPN services on Windows
Brave Browser Windows VPN Service
A post on Privacy Guides suggests that Brave Browser installs its VPN Service without user consent and regardless of whether the VPN is used or has been used in the past.
You can verify this easily by following these steps:
<span style="color:#323232;">Use Windows-R to open the Run box.
</span><span style="color:#323232;">Type services.msc to open the Services manager on Windows.
</span><span style="color:#323232;">Scroll down until you come to the Brave section there.
</span><span style="color:#323232;">Check for Brave VPN Service and Brave VPN Wireguard Service.
</span>
If they exist, Brave has installed the services on your device. If you were never subscribed to Brave Firewall + VPN, the company may have done so without your consent.
The two services have no description, the startup type Manual and Manual Trigger Start.
There is no explanation why these services got installed on the system. Cautious users may set the two Services to disabled:
<span style="color:#323232;">Right-click on one of the services and select Properties.
</span><span style="color:#323232;">Switch the Startup type from Manual to Disabled.
</span><span style="color:#323232;">Repeat the process for the second VPN service.
</span>
Deleting the Windows services is another option. The main issue here is that there is no guarantee that a browser update won’t install the Services again. You’d need to monitor the services whenever Brave Browser updates to make sure of that.
Some users who replied to the discussion on Privacy Guides said that they did not have these services installed.
Closing Words
Why are the VPN services installed in first place? Brave made no announcement in this regard. Maybe so that users can start using the VPN immediately on Windows and not after a restart.
In any event, you now have the tools at hand to check for the services and either disable or delete them.
Now You: do you use Brave Browser?
Summary
Brave is installing VPN Services without user consent
Article Name
Brave is installing VPN Services without user consent
Description
Brave Software appears to be installing VPN services on Windows devices without user consent during Brave Browser updates.
Others have summarized it well but I’ll add my perspective also.
I2P is a decentralized network of peers. All traffic gets routed through multiple peers before reaching its destination. Traffic is also encrypted by multiple layers of encryption and each connected peer can only decrypt one layer, that layer will only contain further routing info so that peer knows the next place to hand off your data. The encryption gets stripped layer by layer until it finally reaches its destination.
What this ultimately means is that by interacting with a website or service through I2P it is virtually impossible to identify any information the user is sending or receiving and it is also impossible to tell where the connections are going or coming from.
To make things even more interesting all I2P routers by default also contribute resources back into the network so while your I2P Router is handling your communication connections, it’s also volunteering to be a connection node in someone else’s connection. This adds further security because now you’ve got many Peer to Peer connections going in and out of your network, all encrypted so any prying eyes will have an exceedingly difficult time trying to make sense of any of your internet traffic.
Tor relies on the good faith of its community to contribute resources to the network and it’s not very well incentivised causing its resources to be far more limited and bogged down. For this reason, Tor cannot sustain heavy torrent traffic without easily being overwhelmed. In I2P, every user is a contributor so the more people who use I2P, the faster and better it becomes.
The big advantage Tor has over I2P are outproxies and the beautifully prepacked Tor Browser. Tor has a lot more influence and money backing it so there are some large and well protected entities that can afford all the legal trouble that outproxies can bring. Unfortunately there just isn’t enough money or legal support in the I2P community to reliably support outproxies even though I2P already has full support for it.
I2P is a fantastic tool for private communication across the Internet and the true ELI5 here is I2P natively supports “anonymous” torrenting (even encouraged it as it strengthens the network further) and will do so privately and securely without any need for a VPN. Adding support to QBittorrent makes it even easier to access I2P torrenting with very minimal set up required.
The only catch here is you can’t go around downloading any old torrent from the Internet on I2P, someone needs to actually be seeding that torrent on the I2P network for you to get any data. There are fully functioning tracker sites exclusively within I2P that have a huge catalog of content but all is not lost for “clearnet” torrents either. Software like BiglyBT and now QBittorrent, allows users to “bridge” or “cross seed” torrents across the two networks, that way content is shared no matter what network you’re a part of.
BiglyBT has been doing this for a while now but I’m so happy to see QBittorrent finally embracing this as well.
Took a quick look at the first few messages and the links: seems like BiglyBT is banned by a lot of private trackers because it’s possible to mod it to spoof the numbers required to stay a member in the private tracker, while also being able to create a torrent file that allows others using the mod to utilize the private tracker without permission. Not sure if any of that functionality has to do with I2P.
From my experience, some popular I2P torrents have gotten up to 1 MB/s download, but I usually average around 200 KB/s. While it is not blazing fast, it does provide a good deal of anonymity for everyone involved with the torrent.
Also, you can lower the anonymity and increase speeds by reducing the number of hops from 3 to 2 or 1. You can choose how “anonymous” you’d like to be while torrenting, at the cost of speed.
It varies wildly between torrents based on activity of the torrent and your I2P tunnel settings. Participation on I2P torrents is definitely significantly lower than normal clearnet torrents (at the moment) so a lot of times there are only 1-2 peers available which often results in roughly 35-60 KB/s but I’ve also seen some more popular torrents download at nearly 1 MB/s. I2P can self update from a torrent, that file generally has high participation, and on average, downloads at speeds above 150 KB/s. There definitely is some bandwidth lost just due to overhead of running the network, fewer hops and more tunnels helps with that though. I usually run about 10 tunnels with Snark, all with 3 hops. If I reduce that to two hops I can still have good privacy but with significantly less bandwidth overhead, I just personally feel the extra privacy of three hops is worth the sacrifice.
Speed and bandwidth rely heavily on the level of participation, more high-bandwidth peers torrenting over I2P will significantly speed things up. With my current setup, my router pushes around 450 KB/s on average just for participating traffic (traffic that is only contributing to other I2P peers) so it’s definitely capable of comparable speeds to that of a VPN.
Oh and I should have mentioned this before, torrenting over I2P also helps strengthen your connection to the I2P network because it introduces you to more high-speed peers to communicate with. Really speeds things up if you’re trying to bootstrap a new I2P router
I2P has quite a few internal torrents with large swarm sizes that you can stress test pretty reasonably with. Another fun thing you can try if you are using I2P Snark (java I2P built-in torrent handler), you can paste magnet links from the clearnet into your client and if you’re lucky some beautiful people out there are cross seeding that torrent and it’ll allow you to take part in downloading clearnet torrents over I2P.
So, if I set up an I2P router on my network and use Qbittorrent, would it theoretically be possible to contribute to I2P using the torrents that I already seed? Or is it not that easy?
You can cross-seed torrents by adding I2P trackers to the tracker list. What helps is when you upload the .torrent file to tracker2.postman.i2p (the only? i2p public torrent tracker) so that others can find the magnet/torrent link and start downloading. That way people can find the InfoHash and also have trackers embedded in the i2p .torrent file to allow you to find seeders.
What I mean is if I create a new torrent of Big Buck Bunny with a InfoHash of b1946ac92492d2347c6235b4d2611184 for example, no one will find my torrent by searching for “Big Buck Bunny”. Unless I post this hash somewhere, advertising “Hey, this torrent is Big Buck Bunny” like what 1337x and other torrent sites do, you won’t “find” it. Basically, we have to use a torrent indexer like tracker2.postman.i2p to search the metadata and find torrents we want. If that makes sense.
I2P has its own DHT so all you need is an InfoHash to start downloading assuming there’s at least one reachable seeder. MuWire is an application that lets you search the DHT. The developer recently abandoned the project though… I haven’t tried it in some time but it probably still works.
I’ll check out MuWire, was unaware that it used DHT.
Also, I am just saying that tracker2.postman.i2p is the only torrent directory we have currently, and its best way to find and advertise torrents for others. Trackers (where your client announces to) are helpful to finding peers of the same torrent.
To summarise, I2P is similar to Tor, except that every client also serves as a node, and there are no exit nodes, so you can only access data shared by other I2P clients
What stops governments/LEO/copyright dragons from spinning up thousands of the fastest/most accessable i2p nodes so that clients connect to them first, then these hosts log the traffic paths to identify origin/destination?
All traffic gets routed through multiple peers before reaching its destination
I wonder why the whole internet is not designed like this.
if we designed basic protocols like TCP and UDP with user privacy (in practice hiding his IP-Adress) as the most important point we would have a more secure internet I currently think… or am I wrong here?
It’s a dark network. Instead of going to a website, you go to an “eepsite”, and to get there you securely route through a bunch of random computers (as if you went through 10+ VPNs). It’s similar to Tor, but the main difference Tor’s primary goal is to visit websites (on Tor, “onion sites” exist, but unlike I2P, “onion sites” are not the primary focus of Tor).
The main new feature is support for I2P, the Invisble Internet Project. It uses a fully encrypted privacy network layer to hide user activity and locations. The network does not use servers. Peers contributed “a portion of their resources” to other network particpants.
The maintainers promise that “non one can see where traffic is coming from, where it is going, or what the contents are” when the Invisible Internet Project is active.
Private trackers see your ratio because your client tells it to them. If you cheat, you get banned. They can tell you cheat because the seeder reports upload but you don’t report download. You must not use private tracker torrents except on their tracker because it looks like cheating because the other client isn’t connected to their tracker, and you will get banned.
Maybe I’m a smooth brain - but I always thought private trackers were kept private/exclusive as a way of promoting seeding - the exclusivity of private trackers lowers risk/fear of seeding, so people seed, files are kept alive. - the ratios are a stick to enforce the rules and boot leechers. Centralizing seed logs with private trackers always gave me the creeps though.
Honestly, it sounds like there’s essentially no risk of seeding on I2P. Wouldn’t more people be willing to seed in general? And wouldn’t that in turn obviate the need for private trackers?
Alas, perhaps my smooth brain brings naivety along with it.
Private trackers promote seeding, but people don’t seed for more reasons than getting caught. Public trackers are leechfests. Some of my public torrents, I have ratio 30 and I’m still the only seeder. Why should I bother with this, if nobody else will? I should put the torrent on a private tracker where other people will help spread it, and stop public seeding.
This is a good point. I also feel like private trackers are meant for people who actually seed content they download, and just have good intentions to help share content. This also comes with hardware requirements (disk space) sometimes that not everyone has.
It requires running additional software, a so called “I2P router”.
This can be ran on Linux and Windows systems too, on localhost or for your local network.
I’ve been trying to connect qbittorrent to my local i2pd node for the last 30 minutes and for the life of me I cannot get it to work, even though other services work via SAM in the same port. Everything just times out.
It is experimental indeed. While it “works”, it is no where near the reliability and efficiency of other I2P torrent clients like I2Psnark or BiglyBT, both of which are Java based.
ghacks.net
Oldest