• Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    74
    ·
    1 year ago

    Software installs services to make its features operate, including optional default off ones. More news at 10.

    Either it does it at install time, or when you try to turn on the VPN after subscribing to it, it pops an UAC prompt to finish installing optional components. That’s standard practice, and it’s good for security because it means they can flag the browser itself as not capable of elevating privileges. They’re not going to put a gaping security hole in their software so that idiots don’t write articles about “installing things without your concent”. You already consented to installing Brave, you can’t be surprised Brave is installed.

    As long as it deletes them when you uninstall, this is a complete non-issue.

    • Goronmon@kbin.social
      link
      fedilink
      arrow-up
      24
      arrow-down
      3
      ·
      1 year ago

      I guess it depends on how much you trust a company (both now and in the future) to do something they shouldn’t with this kind of setup, whether on purpose or though incompetence.

      Personally, I don’t software silently installing unrelated services to my machine just in case the company decides they want to have it running on my machine in the future.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        22
        ·
        1 year ago

        It is an advertised feature though. It can and will use those services if you enable them.

        Should it also not come with the binaries for the VPN feature at all? That has downsides: maybe you’re on a laptop trying to bypass a network block that also blocks the download of the VPN software but the VPN would work.

        So if it’s to come with the binaries, why can’t it install the service too, that defaults to off and manual launch? On Linux that’d be a systemd unit, on Windows it’s probably an API call of some sort but they basically contain the same information: some metadata, an executable and the privileges to launch it as.

        I’d never seen a Linux user complain about <1kb systemd unit file being installed that’s disabled by default and only started on demand when the feature is requested as part of a package they install. It just is and doesn’t hurt anyone. Don’t want it, don’t use it.

        When I download software, I expect all its built-in features to be installed and usable even if I don’t use them, nor want them. It’s part of the package.


        It’s kind of borderline because the VPN really could and should be a separate product entirely, I don’t want to launch a browser just to then on a VPN. But they made it a built-in feature that’s advertised as such, so it shouldn’t surprise anyone.

        Especially given its proprietary software. If you’re that privacy and security conscious, why are you using proprietary software and not Firefox or Chromium or whatever the latest flavor of degoogled Chromium fork du jour is. The service is nothing compared to all the other crap they could be running in the browser completely hidden from you. That service is super transparent and upfront, if they wanted to hide it they could easily hide it. If you really don’t want it to run, you can even set it to disabled entirely, and Brave won’t even be able to start it.

        If you’re that paranoid, you really should be running Linux or at least avoid as much closed source software as possible.

    • Chronographs@lemmy.zip
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      24
      ·
      1 year ago

      Yeah I mean there’s a lot wrong with brave but this is like getting mad at software for installing an autoupdate service