Once thought of as a reliable privacy-first web browser, new revelations shed a new light on Brave's approach to transparency.
The browser has been automatically installing its two VPN services on Windows devices without users' consent since 2022, Ghacks.net reported.
The firm responded to this by claiming these additional tools won't start operating unless a user manually activates it and pays for a VPN subscription. Nonetheless, this sort of underhanded installation may come as a blow to the privacy-concerned people who turned to Brave's supposedly more secure software in the first place.
Brave's unwanted VPNs
Brave Firewall + VPN are the two incriminating applications that many Windows users are very likely to have installed on their machine without even knowing it. They are paid services, meaning that they will remain inactive unless the user subscribes and pays the monthly fee of $9.99.
Brave's VP of Engineering, Brian Clifton, acknowledged the issue on GitHub following Ghacks' report and users lamenting about the unwanted tools on some online forums. As expected, people using the browser for extra security didn't take these new revelations too well.
"Out of all the privacy tools I use, I feel like Brave is the most likely one to go down a path I will not be comfortable with. This is one example of that," wrote one commentator replying to a discussion on Privacy Guides on the topic.
While on Reddit, a user deemed the unannounced installation as "borderline malware."
Brave VPN just auto-installed and enabled itself? from r/brave_browser
Clifton assures this is limited to Brave's Windows VPN only, though, while promising to be working towards resolving the issue.
He said: "The ideal situation would be to move these services to be installed when VPN is first USED (post purchase) and not at install time."
In the meantime, you can check on your PC if the incriminating tools have actually been installed without your consent by heading to the Services panel on your device via the Run box (Windows+R), type services.msc, and press Enter. Go through the list of installed software and click on Brave unwanted VPN services to delete them.
At the time of writing it's still unknown if these tools could be reinstated with the next update. To protect against this, we suggest uninstalling Brave and reinstalling it without admin rights so that the software won't be able to install additional services on its own.
