Brave has become Malware

You know, when I install a browser I expect a nice UI, an up to date engine, some privacy and a few additional features that a vanilla browser doesn’t come with.

What I don’t expect is an eco system of binaries and services that is slowly creeping into my system while it updates itself in the background without my knowledge.

Not using Brave very much and being alerted by the taskbar icon of “Brave VPN” I checked what’s going on:

There are SIX SERVICES running with local system privileges.

• Brave Elevation Service (Local System) For What? I’m using a browser.
• Brave Update-Service “brave” (Local System) For what? I’m using a browser.
• Brave Update-Service “bravem” (Local System) For what? I’m using a browser.
• Brave VPN Service (Local System) For what? I’m using a browser.
• Brave VPN Wireguard Service (Local System) For what? I’m using a browser.

I don’t want to know how many bugs and potential backdoors exist in those services and don’t tell me there aren’t any. We all know software isn’t perfect.

There are two tasks in the task planer that run with highest privileges when exectued that have one and only one thing to do:

Check if the services are still activated and if not, reactivate them and then run them. With highest privliges (local system) of course.

The way all of this is implemented reminds me more of some sort of malware than of a browser. Why network services need to be run with highest privileges is a mistery to me and is known to cause all kinds of security implications. That’s why people don’t do it. But I guess implementing new features was “importanter” than looking out for security and privacy.

The way all kinds of sh1t gets implemented into the browser and tons of services are getting installed through background updates on my system without even asking me leaves one of the worst tastes in my mouth I have ever had. Especially when we’re talking about a product that advertises with security and privacy.

In my opinion you have become your own worst enemy and your software has turned into the biggest malware that is out there. I never really trusted your browser because I had to disable way too many features from the start, but this takes the cake.

For your own sake I can only hope you fix this and if you want to sell a VPN, make it an addon but don’t sneak it in through the backdoor of automatic updates.

Seriously: WTF?

EDIT:

I just uninstalled your malware of a browser:

Update services are still there:

image1047×39 4.14 KB

Tasks are still there:

image794×68 4.61 KB

Binaries are still there:

image1101×298 7.26 KB

No words…

Nothing really helpful here to add, other than a Here! Here!
Brave started as a good concept. Then BAT and VPN and crypto wallet, etc, etc.
Horrible example of mission creep.

Hello,
I thought you might be interested in this free application that does a good job of uninstalling software and any reminants that might be left behind. I previously used to utilize a different software application but I seemingly like this one better: https://www.bcuninstaller.com/

I love Brave as a concept of simple web browser that protects your privacy and blocks ads. But, unfortunately, it’s turning into bloatware. Why?

1. They started to heavily promote crypto, which I’m not fan of. Personally, I think it’s a scam.
2. They constantly add new “features” without giving us ability to disable it completely (you can’t completely disable Brave News, Brave VPN, Brave Wallet, Brave Rewards, Brave Search; they are always present somewhere in the UI)
3. Web3 part is completely unnecessary.

I don’t see why they couldn’t give us an option to disable everything we don’t want. I do get that they are a company and have to earn money after all. But not giving me option to disable things won’t suddenly change my mind and make me buy their stuff and use it.

There are other legit ways they could use to earn money. Abandon crypto and sell Brave VPN, they could make private e-mail service, or cloud servise, and sell that. They could make a merch and sell it. They can keep Brave Rewards (and give us option to completely disable it), but instead of using crypto-scam, they could pay users REAL money.

you can always disable services which you dont like from brave using Task Scheduler

Untitled92149×1259 110 KB

True, but I can’t disable Brave VPN inside the browser, otherwise it crashes when I try to open settings.

I can’t disable Brave Rewards and Brave Wallet completely, it’s always there in the browser’s internal pages (Downloads, Bookmarks, Settings, etc.):

1163×618 57.2 KB

And menu…

I can’t disable Brave Search from the incognito tab (it stays there after changing default search engine in the settings):

1346×524 90.7 KB

Brave Rewards and Brave Wallet seems to be the core and DNA of the company…i doubt if whether they will allow option to hide it in browser ui… personally i also dont use crypto, brave wallet…etc but brave search could be useful.

The advertising is the core of Google, yet, they didn’t include ads in the Chrome browser. They even allowed ad blocking extensions in their Chrome WebStore.

Brave Search is worse than Bing. They don’t offer their services in many languages. May only be useful to those in the US, UK, Canada, France and Germany. Anywhere else it’s useless.

This is plain wrong. With the next update that you install, all this stuff is being reset to the company’s defaults. So I would have to go over all of this over and over again when an update occured.

And I don’t even know when that happened…

All the features you mentioned, some are useful if you use them, like we 3, I use this so it’s not “unnecessary”.

Don’t judge a feature unnecessary because you don’t use it.

At least, Web3 can be disabled though.

[quote]I can’t disable Brave Search from the incognito tab (it stays there after changing default search engine in the settings):

1346×524 90.7 KB

image806×679 45.1 KB

That’s on mobile. There you don’t have search engine when you open private tab; on mobile version you only have address bar. I’d like to have the same on desktop.

Because, on desktop version, even if you choose any other search engine for private tab, you’re still greeted with big Brave logo and Brave Search bar (shown in the picture you quoted).

This is true. However disabling services is notreally for the faint of heart, and being consumer focused, tiy shouldn’t be pushing bloat at you, then saying well i you don’t want it…go learn about task manager and services starting and you can “easily” disable what you don’t want. How about giving us an option TO allow something BEFORE it’s installed. Brave doesn’t even give you a heads up when it does this business. You just have to sense the imbalance in the force and set out to discover what is wrong. In the mean itime, what are those services doing? Pinging home, perhaps? Gathering usage telemetry so the company can know what sort of data usage an average user might have over a VPN? HOw do you know when you weren’t even told it was there. I mean something installing itself and doing stuff without your permission…isn’t that really the lowest level definition of a virus?

Please don’t anyone say that the other guys do that, or it’s standard in the industry. You can either bill yourself as the Browser that is not like the others and has your back, or they can say your broswer is middlin in the pack and just doing what everyone else does.

Then there’s the debate over BAT - removing advertising from a website to be replaced with in house ads, that then, if they ask nicely, some websites might be able to get a small taste of that money.

Even on Desktop you CAN CHOOSE what Search service to use.
This is standard IN ANY browser by the way.

Screenshot 2023-11-03 at 9.21.41 AM839×508 65.7 KB

Sure, go ahead. Change the search engine in private window to any other than Brave Search. Then open private window and see the first thing that opens and what the search bar says.

Screenshot_11365×724 130 KB

There are quite a few different topics in this thread, but I’d like to focus on the main one (i.e., the introduction of the Brave VPN service). This was a recent development, impacting only a subset of Windows users. The Brave VPN service doesn’t auto-run. In fact, it won’t run unless and until the user signs up for the VPN service, and manually connects.

This update, like all others, went through an arduous security review process by our team before reaching users. Those details aside, we do think there’s a better approach. We’ve been communicating with the community at /brave/brave-browser/issues/33726, and have made progress towards componentizing the services.