If you have the Brave Browser installed on your Windows devices, then you may also have Brave VPN services installed on the machine. Brave installs these services without user consent on Windows devices.

Brave Firewall + VPN is an extra service that Brave users may subscribe to for a monthly fee. Launched in mid-2022, it is a cooperation between Brave Software, maker of Brave Browser, and Guardian, the company that operates the VPN and the firewall solution. The firewall and VPN solution is available for $9.99 per month.

  • calm.like.a.bomb@lemmy.dbzer0.comEnglish
    7·
    1 year ago

    Huh? Any script can create a service, enable it and then start it. What would make you think the brave package (or just the application itself) can’t do this?

    • hottari@lemmy.ml
      19·
      1 year ago

      Not possible to start or enable a created service without user intervention. You don’t know what you are talking about.

      • calm.like.a.bomb@lemmy.dbzer0.comEnglish
        5·
        1 year ago

        OK… challenge accepted. Maybe you don’t know about systemd user services.

        Content of mytrojan.sh:

        #!/usr/bin/env bash

echo "Writing the service unit file"

cat > ~/.config/systemd/user/my_test_service.service << EOF
[Unit]
Description=Script Daemon For Test User Services

[Service]
Type=simple
User=
#Group=
ExecStart=/home/user/bin/myscript.sh
Restart=on-failure
StandardOutput=file:%h/log_file

[Install]
WantedBy=default.target
EOF

echo "Reloading systemd for the user"
systemctl --user daemon-reload || exit 1

echo "Enabling and starting the service"
systemctl --user enable --now my_test_service.service

        Content of myscript.sh:

        $ cat ~/bin/myscript.sh
#!/usr/bin/env bash

while true
do
    now=$(date)
    me=$(whoami)
    echo "User $me at $now"
    sleep 10
done

        Now run the script (mytrojan.sh) and check service status after that:

        $ ./mytrojan.sh
Writing the service unit file
Reloading systemd for the user
Enabling and starting the service
$ systemctl --user status my_test_service.service
● my_test_service.service - Script Daemon For Test User Services
     Loaded: loaded (/home/user/.config/systemd/user/my_test_service.service; enabled; vendor preset: ena>
     Active: active (running) since Thu 2023-10-19 12:15:21 EEST; 6s ago
   Main PID: 1666383 (myscript.sh)
      Tasks: 2 (limit: 18757)
     Memory: 556.0K
        CPU: 4ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/my_test_service.service
             ├─1666383 /bin/bash /home/user/bin/myscript.sh
             └─1666387 sleep 10

Oct 19 12:15:21 tesla systemd[1866318]: Started Script Daemon For Test User Services
        • hottari@lemmy.ml
          15·
          1 year ago

          You failed. This requires the user to run a script aka manual intervention.

          • helpImTrappedOnline@lemmy.world
            5·
            1 year ago

            Now imagine that the script is set to run as part of the brave installation - you type “yes” please download brave, brave installs brave and runs this script. Linux isn’t immune to malware as you seem to think.

            • hottari@lemmy.ml
              12·
              1 year ago

              You would need the power of root to do all these aforementioned things (run a VPN service).

              And am not saying that Linux is immune to malware, just that it’s not out of the norm to have package managers install services crucial for operation during installation. Since Windows doesn’t have package managers, I’m gonna replace package managers with packages in this reasoning.

            • hottari@lemmy.ml
              12·
              1 year ago

              Maybe am ignorant but at least I understand the questions before I answer them.