privacyguides

This magazine is from a federated server and may be incomplete. Browse more on the original instance.

Wistful, in Google-hosted malvertising leads to fake Keepass site that looks genuine
@Wistful@discuss.tchncs.de avatar

That’s kinda crazy, as it would look like a speck on the screen. I wish I could see the actual site, and see if there is something else sus about it. When I download important things like password managers, I usually try to be extra careful, double check the URL and do the hash check.

JoeKrogan, in Google-hosted malvertising leads to fake Keepass site that looks genuine
@JoeKrogan@lemmy.world avatar

Another reason to stick to your distro repositories. This should totally be disabled by default for modern browsers.

smeg, in Google forced to reveal users' search histories in Colorado court ruling

the police acted in good faith, meaning the evidence will be allowed in court despite the warrant being legally flawed

I have no knowledge (or particular interest) in USA laws, but I guess that judges making this decision is a statement of future intent. I guess if you don’t want to be tracked then don’t use services which track you!

_number8_,

this just means the cops can do anything??

i mean shit i guess they can here anyway, but it’s stunning to see that written down. oh they thought they were doing the right thing? oh that’s fine then

snooggums,
@snooggums@kbin.social avatar

Even worse, the court said what they did was wrong but they get to use the result anyway.

Touching_Grass,

Over a decade ago they had devices called “sting ray” that act like antenna. It captures all text messages in the area.

aclu.org/…/stingray-tracking-devices-whos-got-the…

Kepabar,

It’s called qualified immunity.

The idea is that if a police officer accidentally violates someone’s rights while trying to do their job and wasn’t aware they are not at fault.

It’s not a law but the result of a court case. Many of us want a law passed to remove it.

yeather,

In Colorado, until a new law overides the ruling, google must reveal your search history when subpoenaed. This doesn’t affect surrounding states or federal law until their own judges make a ruling or politicians make a law.

TWeaK,

The issue here is not that they are required to reveal search history of suspects, the issue is that the police is browsing the search history of everyone in order to find a suspect. That’s not what warrants are for and violates the constitutional rights of nearly everyone they searched.

roguetrick,

Opposite actually. The court decision says that all future reverse keyword search warrants in Colorado will have their evidence thrown out. This one, however, didn't have precedent so the police acted in good faith.

crypticthree, in Google-hosted malvertising leads to fake Keepass site that looks genuine

Can’t imagine why ublock is so popular

Melatonin, in Google-hosted malvertising leads to fake Keepass site that looks genuine

The program doesn’t even need to change much. Just be keepass with a backdoor. Yikes.

schwim, in Google forced to reveal users' search histories in Colorado court ruling
@schwim@reddthat.com avatar

I always use Google anonymously as I always find alternative search engines to be lacking. Even without personalized search results, Google always works better for me.

sadreality,

Not even true anymore...

But if SEO trash is good enough for you, that is a nice cope

schwim,
@schwim@reddthat.com avatar

On the plus side, I meet less people like you when using their service, so it’s worth it to me.

sadreality,

Why is u hurt tho?

theneverfox,
@theneverfox@pawb.social avatar

I’ve been using duck duck go for a while, and I’ve got a fresh Linux install on another machine I’m using as a server and I went to look something up. I was 2 pages in, thinking “ddg isn’t great, but this is ridiculous”, and I remembered i was on Google

Google has seriously fallen off lately

glad_cat, in Brave appears to install VPN Services without user consent

The same company that was modifying the content of the pages as an opt-out feature deeply hidden in the setting? (e.g. bitcoin stuff on every Reddit link)

whofearsthenight,

Surely you trust them with all of your traffic, though? They sound like good stewards and of course you’d want their VPN installed without your consent and you can definitely trust it’s not doing anything bad, right?

IronKrill, in Brave appears to install VPN Services without user consent

Open article -> get prompted for notifications and full-screen cookie consent pop up -> deny notifications -> click through cookie menu, accept -> finally see article for .5 nano seconds -> trending articles popup -> click the x on trending -> tab crashes.

I think I know why people only read the headline nowadays.

AdventuringAardvark,

If you use uBO on medium mode, you don’t see any notifications, consent banners or pop-ups.

librechad, in What do you think about MX Linux

Debian is super easy to use, plus we have AI now at our fingertips which makes it even easier.

Mohamad20ZX,

Will its really good but isn’t Linux mint de and especially MX is better than Debain for A few tools but i agree that they’re better than official Ubuntu and easier than vanilla arch

Scary_le_Poo, in Brave appears to install VPN Services without user consent
@Scary_le_Poo@beehaw.org avatar

Thank fuck for Firefox reading mode

full article because this site sucks fucking cock

www.ghacks.net Brave appears to install VPN Services without user consent - gHacks Tech News Martin Brinkmann 3 - 4 minutes

If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

Brave Software is not the only browser maker that has integrated a VPN solution in its browser. Mozilla, maker of Firefox, entered into a cooperation with Mullvad and launched Mozilla VPN in 2020. Brave Browser’s installation of VPN services on Windows

Brave Browser Windows VPN Service

A post on Privacy Guides suggests that Brave Browser installs its VPN Service without user consent and regardless of whether the VPN is used or has been used in the past.

You can verify this easily by following these steps:


<span style="color:#323232;">Use Windows-R to open the Run box.
</span><span style="color:#323232;">Type services.msc to open the Services manager on Windows.
</span><span style="color:#323232;">Scroll down until you come to the Brave section there.
</span><span style="color:#323232;">Check for Brave VPN Service and Brave VPN Wireguard Service.
</span>

If they exist, Brave has installed the services on your device. If you were never subscribed to Brave Firewall + VPN, the company may have done so without your consent.

The two services have no description, the startup type Manual and Manual Trigger Start.

There is no explanation why these services got installed on the system. Cautious users may set the two Services to disabled:


<span style="color:#323232;">Right-click on one of the services and select Properties.
</span><span style="color:#323232;">Switch the Startup type from Manual to Disabled.
</span><span style="color:#323232;">Repeat the process for the second VPN service.
</span>

Deleting the Windows services is another option. The main issue here is that there is no guarantee that a browser update won’t install the Services again. You’d need to monitor the services whenever Brave Browser updates to make sure of that.

Some users who replied to the discussion on Privacy Guides said that they did not have these services installed.

Closing Words

Why are the VPN services installed in first place? Brave made no announcement in this regard. Maybe so that users can start using the VPN immediately on Windows and not after a restart.

In any event, you now have the tools at hand to check for the services and either disable or delete them.

Now You: do you use Brave Browser?

Summary

Brave is installing VPN Services without user consent

Article Name

Brave is installing VPN Services without user consent

Description

Brave Software appears to be installing VPN services on Windows devices without user consent during Brave Browser updates.

Author

Martin Brinkmann

Publisher

Ghacks Technology News

Logo Ghacks Technology News

Advertisement

governorkeagan, (edited ) in Brave appears to install VPN Services without user consent

I’m clearly out of the loop with the hate towards Brave. Why all the hate? Also, if it’s hated so much why is it still recommended on Privacy Guides?

EDITThank you for all the informative responses!

witchdoctor,

Also, if it’s hated so much why is it still recommended on Privacy Guides?

Non-unironically, Brave paid shills.

sir_reginald,
@sir_reginald@lemmy.world avatar

Why all the hate?

Have you read the article? They install their VPN before the user decides to use that service, when they could simply install it when the user decides to subscribe to their VPN.

I’m going to be downvoted for this but it’s recommended on privacy guides because they generally lack strict criteria with browsers. Both Firefox and Brave make automatic connections that shouldn’t be allowed.

ghazi,
@ghazi@mastodon.tn avatar

@governorkeagan @throws_lemy Privacy Guides has a set of objective criteria to judge a browser's security and privacy. People tend to hate Brave for reasons unrelated to security and privacy. Like the CEO's politics, crypto (and recently AI) integration in the browser, some shady history about injecting referral codes, etc.
Personally, I wish I could find an alternative that is as good as Brave. Until then, I'll keep using it as it is perfect for my needs.

hottari, in Google forced to reveal users' search histories in Colorado court ruling

Another reason to use VPN/Tor.

Eggroley, in Brave appears to install VPN Services without user consent
@Eggroley@lemmy.world avatar

I mainly use brave as an alternative browser for when things are acting a bit iffy on Librewolf.

Yesterday I saw their VPN service running on the task manager. Hadn’t used brave for a week. Immediately uninstalled.

roguetrick, (edited ) in Google forced to reveal users' search histories in Colorado court ruling

I am conflicted on how I feel about that. Obviously information dragonets are bad because they're specifically designed to produce false positives. In this case, however, they produced a definite positive that wouldn't have been achieved otherwise.

Edit:

The good-faith exception to the exclusionary rule provides that “evidence
obtained in violation of the Fourth Amendment should not be suppressed in
circumstances where the evidence was obtained by officers acting in objectively
reasonable reliance on a warrant issued by a detached and neutral magistrate, even
if that warrant was later determined to be invalid.” Gutierrez, 222 P.3d at 941; see
also Leftwich, 869 P.2d at 1272 (holding that Colorado’s good-faith exception,
35
codified in section 16-3-308, C.R.S. (2023), is “substantially similar” to the Supreme
Court’s rule). The exception exists because there is little chance suppression will
deter police misconduct in cases where the police didn’t know their conduct was
illegal in the first place. Leon, 468 U.S. at 918–19. In such cases, “the social costs of
suppression would outweigh any possible deterrent effect.

But the good-faith analysis in Gutierrez is distinguishable. True, we held
there that the good-faith exception did not apply, but we had already recognized
that individuals have a reasonable expectation of privacy in their financial records
when Gutierrez was decided. Id. at 933 (citing numerous cases and statutes
establishing that an individual’s financial records are protected under Colorado
law). So, the police were on notice that a nexus was required between a crime and
Gutierrez’s individual tax records. See id.

38
¶70 By contrast, until today, no court had established that individuals have a
constitutionally protected privacy interest in their Google search history. Cf.
Commonwealth v. Kurtz, 294 A.3d 509, 522 (Pa. Super. Ct. 2023) (holding that, under
the third-party doctrine, the defendant did not have a reasonable expectation of
privacy in his search history). In the absence of precedent explicitly establishing
that an individual’s Google search history is constitutionally protected, DPD had
no reason to know that it might have needed to demonstrate a connection between
the alleged crime and Seymour’s individual Google account.

In essence, the court is saying that this is the one and only time this will be allowed in Colorado.

https://www.courts.state.co.us/userfiles/file/Court_Probation/Supreme_Court/Opinions/2023/23SA12.pdf

snooggums,
@snooggums@kbin.social avatar

The obvious potential harm in general outweighs the positive outcome in a specific case. Justifying broad surveillance because it works occasionally is the road to a police state.

hedgehog,

Thus why it’s prohibited in the future.

uniqueid198x,

The entire exeption, and the broader exclusionary rule, is based around the self-evidently incorrect assumption that what happens in court will effect behaviour of investigators.

Norgur, in Brave appears to install VPN Services without user consent

Okay, this article makes it sound like they found some hidden thing deep in obscure windows settings about brave doing something bad.

On truth, they just installed Windows Services for their VPN to enable users to use the service. That's what many apps do for dozens of reasons.

I dislike Brave as much as the next guy, but let's stick to things they really fuck up and not make Up issues that aren't there.

krellor,

I agree it is people looking for reasons to criticize. However, I do think VPN or anything that modifies your route tables should be subjected to more scrutiny than other app features due to potential for abuse. I wish browsers wouldn't bundle them at all, or install them as part of their base.

MonkCanatella,

Especially considering they were injecting affiliate links/replacing affiliate links with their own, everything they do should be seen through that lens. They literally thought it was either OK to do which means that behavior like this is going to happen and keep happening with them, OR they thought they could get away with it which ends up with the same result.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacyguides@lemmy.one
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #