brave-browser: Windows should not install VPN services until VPN is purchased/enabled

It is terribly disappointing that a security-branded browser is doing something blatantly insecure. At least you are rolling back the change… but how did this get approved in the first place? I sing Brave’s praises to family and friends, please don’t give me a reason to change that.

but I’m a bit puzzled at how adding a service equates to Brave being insecure?

Silently installing bloatware without an end user’s consent is a definition of insecurity.

@Marko-98 no, there is no service on Android.

@joshwenke I can understand the concerns by folks about bloat (ex: services or files put in place which will never be used) - but I’m a bit puzzled at how adding a service equates to Brave being insecure? We wrote the code ourselves and applied our same review process to it. The services are off by default… but even if turned on, there’s no action taken by the service unless you 1) have purchased VPN and 2) are connecting. Our security team has worked to review the code thoroughly to make sure having these doesn’t increase the attack surface for Brave.

Code is included in Brave for features even if people don’t use them. For example, if you choose not to use vertical tabs, the code for vertical tabs is still there.

We’re actively making changes so that no services will be registered / no dependencies downloaded until you purchase Brave VPN and turn it on.

Thanks for your patience. When I have more information (link to pull request, link to code branch) I’ll share here

having a browser that auto-updates itself in the background, and in that process it installs an application as a Windows service that autoruns at startup… yea… I don’t see any problem at all

Code is included in Brave for features even if people don’t use them. For example, if you choose not to use vertical tabs, the code for vertical tabs is still there.

You’re joking right? Vertical tabs doesn’t install a windows service without telling people… For a privacy based browser you guys certainly have a blatant disregard for people’s privacy and consent. How many more fiasco’s will you guys continue to have before you knock it off or people completely lose trust? Don’t think some of us haven’t forgotten about the whole referral code issue a couple years ago. Personally my patience is growing thin.

We’re actively making changes so that no services will be registered / no dependencies downloaded until you purchase Brave VPN and turn it on.

This should have been done at the start. There’s zero excuses.

Thanks for your patience. When I have more information (link to pull request, link to code branch) I’ll share here

I’m expecting you guys to do better and put clear policies in place to avoid these types of things. Privacy and consent need to be at the front and center of Brave itself. Controversial features like this should always have an opt-in or at the very least a way to disable/uninstall it from the start.

Happy to share that this is FINALLY merged. Thanks for all of you that have been patient! This change touched a lot of places in the code. We had to find a good solution, refine it, and then go through testing with it.

The fix will be in the next Nightly we have publicly. From there, I’ll be working with the QA team to uplift this into Beta first and then Release next. If you’re on Nightly and you don’t have Brave VPN purchased, you’ll see the services disappear tomorrow morning after updating 🎉

Some of our next upcoming release dates - the fix should be in one of these. It may also be in a hotfix in between them.

• 1.62 - January 23rd, 2024
• 1.63 - February 20th, 2024

@Dskobra fair point on setting a boundary on installing a service. We have a privacy policy here: https://brave.com/privacy/browser/

I reviewed and we do have VPN captured in the privacy policy - but these recent changes on Windows (installation of service) are not covered there. I’ve already pinged the appropriate folks to get that updated. And we can revisit once the planned changes are completed and released.

We have already made changes to processes within the company to help prevent future issues from happening. This is a learning experience and I’m trying to be as transparent as possible. Thanks

I appreciate you working towards a solution and trying to be as transparent as possible. However, this situation was definitely not transparent. Personally I was more unnerved to find a system tray icon and auto start entry for something I never used. I don’t know if this was rushed or what happened, but I think a way to disable the feature and remove it should have been included when being pushed to the user.

Anyway hopefully this is a lesson learned and I don’t see any future surprises.

OK folks - have an update. I’m doing some experimenting and we should be able to have a nice and clean solution soon.

We’ll have to iron out some details about the experience (talking with the team on that), but you can see my prototype branch here: https://github.com/brave/brave-core/compare/bsc-brave-vpn-client-component-updater

I’ll continue to work through this and will share updates as they happen.

@Dskobra fair point on setting a boundary on installing a service. We have a privacy policy here: https://brave.com/privacy/browser/

I reviewed and we do have VPN captured in the privacy policy - but these recent changes on Windows (installation of service) are not covered there. I’ve already pinged the appropriate folks to get that updated. And we can revisit once the planned changes are completed and released.

We have already made changes to processes within the company to help prevent future issues from happening. This is a learning experience and I’m trying to be as transparent as possible. Thanks

Hi folks - wanted to give an update as it’s been a while.

Work is nearing completion. I addressed a LOT of feedback from reviewers. There are a few new comments on https://github.com/brave/brave-core/pull/20754 and then I’ve also been asked to simplify the code a bit. The original code being reworked had some extra complexities and the size of this change is challenging to review.

Hoping I can get these items addressed and we can get this merged this week

and it even re-enabled the Services on its own… congratulations

Code is getting a lot closer to done - special thanks to @simonhong for helping me with the clean up! 😄

Privacy and security review is complete. Will work with peers to get the technical review completed. Adding unit tests now and will update this issue with a test plan soon.

@bridiver Honestly, I have nothing against you adding feature to the browser you think are useful. But it would really be nice if we are asked about features upfront. You can either offer users before installation which features user wants to use and install it accordingly. Or, you can install everything and on first browser launch ask user if he wants to use VPN, for example, or not. If users chooses to not use the product, browser should automatically remove the VPN components in the background.

Please see my previous post. This is wildly impractical and would result in users quitting Brave because they are annoyed about prompts and/or don’t understand what we’re the features are. It’s also not practical from a development standpoint to maintain something like this.

I actually made a feature request here (#33733) which would basically allow us to completely disable features we don’t need or want to use. It doesn’t make sense to me that some features can be completely disabled and hidden from the UI, but others can be disabled while leaving its traces in the browser itself. There are also things I can completely disable and remove from the UI on desktop version, but can’t do the same on Android. That inconsistency is killing me.

This is also impractical. There is a cost associated with maintaining flags inside the code, both an ongoing development cost of maintaining the flags and also an ongoing time cost to run tests that check that all aspects of the feature are properly disabled along with the flag. We use flags primarily when we are testing features and generally remove them we have rolled them out to all users. We do not have the budget to maintain an infinitely customizable browser.

Like I said in my other comment, in the ‘old issue’ that was closed as being a Duplicated of this, If any of you don’t want to see ‘VPN installed’, in any new update, which is obvious it is going to do that, then uninstall Brave and Install it WITHOUT admin rights.

There is NO reason why 99% of people have to install a browser, unless you share your computer with someone, and you want all users to have the most up-to-date version and don’t re-use disk space, then Per-User installation should be what users do.

The problem is doing a Per-User install is not obvious, but it is easy. All you need to do is to say no when it asks for admin rights, then you will get asked if you want to install it without them.

So first, since you already installed Brave with admin rights is to Uninstall Brave and wait, go to Task Scheduler or taskschd.msc and make sure the two tasks are gone and the updater is uninstalled in program files (x86), if not, it will create a mess because you will have two different updaters if you rush and install Brave without admin rights.

Then download the installer from https://github.com/brave/brave-browser/releases/tag/v1.60.104 or whatever version you previously have, search for BraveBrowserStandaloneSetup.exe or BraveBrowserStandaloneSilentSetup.exe.

Silent will install automatically without admin rights, so it might be better, although you won’t get any confirmation or anything or nothing when it is finished installing, you might see Brave gets added to desktop and taskbar but that’s it. normal Standalone version asks for admin rights, so just say no to get the “do you want to still install without admin rights?”

You can also use Winget, which uses the silent installer.

winget install -e --id Brave.Brave in Terminal that will install Stable version. (you can get the others here

benefits of user Per-User install? no services installed, including updater.

The updater will run as a startup process which can be easily disabled if you desire. Task Scheduler tasks are still added, which you can also disable if you desire for the people who ‘don’t want automatic updates’.

It is simple as that, if people want to avoid services to be installed, then don’t give admin rights. if you installed Brave with admin rights, you already allowed Brave to install VPN.

Brave will fix this someday eventually, but people can help but stop complaining when they can easily ‘fix it’ by doing what they had to do from the beginning, Per-User installs, because I am sure you are not sharing your device with other users, that have their own Windows accounts, so giving admin rights to a browser is just nonsense even if it is the Default behavior.

@bsdinis1 I deleted your first comment above because it’s not adding anything and was abusive. Let’s keep things constructive and respectful here please.

Your second comment above captured the problem. Services were re-registered after Brave updated.

Until we solve this issue (which we are actively working on), the services will fix themselves on upgrade if you installed as Administrator. That is due to how Omaha and the mini-installer work. All of the logic for the mini-installer will run on each update.

We’re working through a few different proposals for how to solve this entire issue. As shared, there have been some prototypes happening. Will update once we have more to share.

Still working through review feedback here! Thanks for your patience everybody. I have done a lot of testing at this point and it’s working great. Just need to address the comments for code cleanup

Proof of concept is complete enough to demonstrate the proposal https://github.com/brave/brave-core/pull/20754

I’ve opened the review internally for privacy/security/others to review. This link won’t be visible to non-employees https://github.com/brave/reviews/issues/1447

I’ll share updates as the review takes place - most of the comments should be public on https://github.com/brave/brave-core/pull/20754 as they happen. If things look good w/ that review, there are some technical tasks up next (get rid of layer violations in the code, reduce the patches, etc) and then the code will be formally reviewed for acceptance.

I’ve re-opened conversation here so that folks can comment/ask questions/etc. Feel free to comment on the pull request too. Let’s please keep it respectful 😄 Thanks in advance

Code is included in Brave for features even if people don’t use them. For example, if you choose not to use vertical tabs, the code for vertical tabs is still there.

This is really a disingenuous argument and you should be ashamed for making it.

It is not disingenuous in the slightest bit and I am not even remotely ashamed to be making it. We consider the VPN to be a feature of Brave. Period. You make not like this, but it is our decision to make. There are also important reasons for this that I explain below. I acknowledge that it’s not ideal that the services are registered (but do not run) by default and I explained the reasons for it. We are looking into alternatives that will still allow us to provide the important privacy protections for people using the VPN (like blocking the windows DNS leak) without registering them by default using the installer/updater. Windows is the only platform where we do this because it’s not an issue on other operating systems.

You are comparing code in the browser which for most users is running without Administrator privileges with the code in a Windows service which is running under NT AUTHORITY\SYSTEM account which has SE_TCB_NAME privilege allowing it to act as a part of the operating system itself (i.e. has more rights than the Administrator account).

The updater also runs with admin and so does the elevation service that is also part of Chrome and other chromium based browsers. No one ever gave individual explicit permissions for these services to be installed either and they actually run by default. Those have been there for a very long time and no one has complained about them as far as I know. I already explained that this is not a trivial problem to solve, particularly for users who have a system install, but are not admin users themselves.

As I said above, further comments that do not directly relate to this issue will be deleted as this is not the appropriate forum to discuss this in. I’m going to leave this one only because below it does propose some changes that are actually relevant here, but pease do not push this again. You are free to comment on solutions to this issue, but the github issue is the place to discuss code changes, not your opinions on decisions or statements made by Brave.

People seem to frequently comment on this with only their particular situation in mind and appear to give little to no thought to the idea that we have a wide range of users with different levels of technical expertise and there are always tradeoffs to make. If we made Brave just for you, we could do things exactly the way you think they should be done and the choices would be simple and straightforward, but we are trying to make Brave for a lot of different types of people and that means we have to make tradeoffs. Every new prompt we show will scare/annoy some users off and they will stop using Brave. Trying to make this decision sound obviously wrong fails to consider that we are trying to balance a lot of different concerns here. If you don’t trust that we are trying to do the right thing and find the right balance, why are you using Brave in the first place?

With that out of the way, I would like to propose a significant change:

• Everyone running latest Linux already has WireGuard VPN support in the kernel.
• There’s an offical WireGuard VPN app for Windows.
• There is an official Wireguard VPN app on iOS and Android.
• Some people like me even have WireGuard VPN support in their router / firewall.

If you are going to offer WireGuard VPN subscription, then at least do so by using official applications for the respective platforms, instead of rolling your own support for it into the browser. That would be beneficial for several reasons:

1. Users will be able to opt-out of installing it
2. Users will trust official WireGuard implementation more than yours
3. If users already have official WireGuard app installed, you just have to offer new connection profile

We already include the official wireguard implementation in the form of the wireguard dll and that is what one of the two services manages (when it does run), but the critical issue here is that we add an extra layer of privacy on top of wireguard because you don’t login to Guardian directly. The authentication works by logging into Brave to get an authentication token. That authentication token is then used to login to Guardian. So Brave knows who you are because we need that information for authentication and billing, but we don’t know anything about the VPN because that is managed by Guardian. Guardian in turn does not know who you are because you logged in using a generic authentication token that was issued by Brave. The browser is a critical part of this because it retrieves and manages the authentication tokens issued through https://account.brave.com/.

Current implementation totally disregards the possibility that users might already have a VPN and doesn’t play nice with official solution.

This is intentional because as I explained above, we are adding an extra layer of privacy here between the user and the VPN provider. While you may prefer to just install/use the wireguard app or wireguard built into your router, this is not a user friendly experience for most people and the extra layer of privacy would make it even more complicated. You are certainly welcome to get a subscription directly from Guardian or some other VPN provider and use your existing implementations so we are not disregarding anything.

In the meantime, for the users who would like to remove the services, here’s the workaround using admin command prompt:

sc delete BraveVpnService sc delete BraveVpnWireguardService This will remove the services immediately if they are not started, otherwise they will disappear after a reboot.

This is actually not a great solution because until we change this code, the updater will reinstall them if they are missing. As suggested above by @Emi-HoloGhostRevisionist88 the best solution if you want to make sure Brave cannot install admin services (now or in the future) is to switch to a user install. Alternatively, I think (I haven’t verified this) that if you switch the service from “manual” to “disabled” then the installer/updater will not change that because I think it only checks to see if the service exists or not. This is also what people normally do to prevent windows built-in services from running because those are impossible to uninstall.

@bsclifton

These services will only be used when the person buys Brave VPN (via account.brave.com) and engages with the UI in the product.

Even if we ignore for the moment that the VPN was added to upsell the subscription and not just to provide additional privacy, these particular services should have never been installed without the users’ informed consent during setup.

Privacy without the consent is just an illusion of privacy, because it is based on trust (“trust us to do no wrong”) instead on transparency (“here’s what we are doing, why we are doing it, and how we are doing it”).

Our security team has worked to review the code thoroughly to make sure having these doesn’t increase the attack surface for Brave.

This isn’t about increasing the attack surface of your browser because your browser is not running all the time — this is about increasing an attack surface of the operating system by adding services running under NT AUTHORITY\SYSTEM account that malware can potentially utilize for escalation of privileges if there are exploitable bugs in the service code.

Code is included in Brave for features even if people don’t use them. For example, if you choose not to use vertical tabs, the code for vertical tabs is still there.

This is really a disingenuous argument and you should be ashamed for making it.

You are comparing code in the browser which for most users is running without Administrator privileges with the code in a Windows service which is running under NT AUTHORITY\SYSTEM account which has SE_TCB_NAME privilege allowing it to act as a part of the operating system itself (i.e. has more rights than the Administrator account).

@bridiver

With that out of the way, I would like to propose a significant change:

• Everyone running latest Linux already has WireGuard VPN support in the kernel.
• There’s an offical WireGuard VPN app for Windows.
• There is an official Wireguard VPN app on iOS and Android.
• Some people like me even have WireGuard VPN support in their router / firewall.

If you are going to offer WireGuard VPN subscription, then at least do so by using official applications for the respective platforms, instead of rolling your own support for it into the browser. That would be beneficial for several reasons:

1. Users will be able to opt-out of installing it
2. Users will trust official WireGuard implementation more than yours
3. If users already have official WireGuard app installed, you just have to offer new connection profile

Current implementation totally disregards the possibility that users might already have a VPN and doesn’t play nice with official solution.

In the meantime, for the users who would like to remove the services, here’s the workaround using admin command prompt:

sc delete BraveVpnService
sc delete BraveVpnWireguardService

This will remove the services immediately if they are not started, otherwise they will disappear after a reboot.

do you guys know when the beta will get this fix so my computer does not have the brave vpn anymore

OK one last follow up - after the code fixing this issue has been merged to 1.64 (Nightly), there have been two more follow ups:

• Updated Wireguard enabled state timing
• Removed install_static deps from vpn component

Those are merged into 1.64 (Nightly) also. There is one outstanding change which is under review now.

• Switch vpn protocols during the runtime

This last change is necessary to prevent a regression. We have the 1.63 release coming up soon (next week) and I don’t think we’ll be able to uplift the changes there due to time limitation. But tomorrow, we’re planning on moving 1.64 (where the change is) to Beta. If you’re a Beta user, you should see the services get removed tomorrow when 1.64 ships and you receive the update.

This means we can expect the change on RELEASE channel (stable) on March 19th with the 1.64 release 🙂

If you’re talking about some kind of prompt, that topic has already been covered in previous posts.

Why can’t other software developers do the same, sensible, thing which Apple already does on each update that brings new features?

It is really stupidly simple.

Upon the first launch after an update which introduces new features, those features are presented in a form similar to a setup wizard with number of pages equal to number of new features which is usually titled something like “See what’s new in X” (which can even be dismissed without looking if you’re so inclined).

For every new feature they show you a brief description — not what it does, but how can it be useful for you and they offer you to enable it right away or do it later in the Settings.

I can’t imagine any good excuse why you wouldn’t want to do that too — it is an approach that takes minimal development effort (you develop wizard once then control when and what it shows with some JSON or XML config deployed together with an update), it has great discoverabilty while at the same time allows users to make an informed choice without feeling that anything is being forced on them. It also shows you are being transparent about what you do and that you actually respect user choice.

Sadly, the only way some companies like Microsoft, Google, and now it seems Brave know how to make a new feature discoverable is to shove it in without users’ consent and make it enabled by default.

Thanks for the good input and discussion @Emi-HoloGhostRevisionist88 😄 I like the idea of offering a way to escalate a user install to admin explicitly to install services like this. If you can create an issue, we can prioritize that work 😄👍

Not a lot of progress made over the weekend - but I am working on a solution for this issue right now. Starting with code to remove the services and removing the tray icon. Then, we can add the services after someone makes the purchases.

@Marko-98 thanks for creating https://github.com/brave/brave-browser/issues/33733 😄 This is something that you should be able to do now with group policy. If you check here under Brave Specific Policy Settings: https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy

You can use regedit.exe and make sure there is key at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave . Then create these subkeys (DWORD) with the follow values (all or choose the ones you want disabled): TorDisabled = 1 IPFSEnabled = 0 BraveRewardsDisabled = 1 BraveWalletDisabled = 1 BraveVPNDisabled = 1

Those features should be completely hidden from the UI and will be non-functional. Disabling VPN via group policy was recently added with https://github.com/brave/brave-browser/issues/29397 and that should also prevent the services from being installed. However, I need to verify it doesn’t install the services AND I need to work with support to update the page to include it! Will follow up on that later tonight

@Marko-98 I’m not sure if that’s closes out the root concern you had in https://github.com/brave/brave-browser/issues/33733 - but please let me know

It is not disingenuous in the slightest bit and I am not even remotely ashamed to be making it. We consider the VPN to be a feature of Brave. Period. You make not like this, but it is our decision to make.

@bridiver Honestly, I have nothing against you adding feature to the browser you think are useful. But it would really be nice if we are asked about features upfront. You can either offer users before installation which features user wants to use and install it accordingly. Or, you can install everything and on first browser launch ask user if he wants to use VPN, for example, or not. If users chooses to not use the product, browser should automatically remove the VPN components in the background.

I actually made a feature request here (#33733) which would basically allow us to completely disable features we don’t need or want to use. It doesn’t make sense to me that some features can be completely disabled and hidden from the UI, but others can be disabled while leaving its traces in the browser itself. There are also things I can completely disable and remove from the UI on desktop version, but can’t do the same on Android. That inconsistency is killing me.

@bsclifton I just disabled the VPN through the brave:flags on Windows and it’s not present anywhere in the UI. That solved it for me. I prefer flags anyway because when I manage it through Group Policy, I get that annoying message everywhere that the browser was managed by my organization (as expected). It also doesn’t let me open the small menu on internal Downloads page (#35793) then, so that’s why I prefer flags instead.

In my comment, I was asking specifically about the Android version of Brave. Because there isn’t a flag that would allow me to do the same.

Thanks for your work guys! I really appreciate it. 😉

Going to do some clean up here as discussion here got a bit off topic. If there are some specific grievances, let’s please create a new issue 😄 Thanks!

This issue is for changing the services to not register by default. If there is some other specific aspect of Brave vpn that you would like to see changed, feel free to open an issue for that.

The only thing I’d like to see in addition to the services not being installed by default is if there was a group policy to control their use under Windows.

Also, more transparency in the future before adding new services wouldn’t hurt.

@levicki I’m going to address one point from your post

apps like Brave should not circumvent the existing operating system VPN infrastructure by bundling custom VPN services but should instead hook into the OS and allow proper management using OS or 3rd party VPN client implementors’ policies.

We are not circumventing anything. The VPN is a regular VPN connection in the OS just like any other VPN would be (although at some point you will have to re-authenticate through Brave to update your anonymous credentials when they expire). What we are doing is improving privacy by decoupling the authentication to the VPN itself from any user identifiable information. We are absolutely not rolling our own VPN tunnel, we are building on top of it to enhance user privacy.

This issue is for changing the services to not register by default. If there is some other specific aspect of Brave vpn that you would like to see changed, feel free to open an issue for that.

While it would technically be possible to prompt for admin on a user install, there’s also a concern that while some people view the prompt as a feature because they want to provide explicit permission, other people will view it as confusing or annoying.

Definitely - if installer asks me for admin rights (UAC) - as for me it does require it. A lot of other software have option in installer to choose per system or per user install, thus…

I have already created an issue to make it more obvious that there is a way to do a per-user install https://github.com/brave/brave-browser/issues/33968

…, this is great idea 😃

Back on the topic. I have this installation of Brave for about 9 months, after that only auto-updated it. It’s installed in Program Files on Windows 10 Pro x64, current x64 version of Brave - 1.59.124. I also have ProtonVPN (not in autostart) - using it very rarely but still. An in this config I have:

• ‘Brave VPN Wireguard Service’ in startup tab of Task Manager - enabled
• ‘Brave VPN Service’ in services. stopped - Startup Type : ‘Manual (Trigger Start)’
• ‘Brave VPN Wireguard VPN Service’ in services, stopped - Startup type: ‘Manual’
• I haven’t seen any tray icon so far, got there from some article.

Good luck with fixing it @bridiver 👍

We’re actively making changes so that no services will be registered / no dependencies downloaded until you purchase Brave VPN and turn it on.

This should have been done at the start. There’s zero excuses.

@Dskobra Brave is run by people and people make mistakes and sometimes they only register as mistakes in hindsight. If people feel like Brave is trying to do something sneaky then they should just use a different browser. If I thought Brave was trying to do something sneaky, I would find a different job.

I see some people calling this bloatware, but I have a hard time seeing how a very good privacy feature that is integrated into a privacy focused browser qualifies as bloatware. Should the services have been installed by default even if they are not enabled by deafult? No. Should the tray icon be enabled by default? Definitely not (this is a bug). Should we have shipped the actual binaries separately from Brave? Personally I don’t see a problem with shipping code that only runs when enabled. As @bsclifton said, we ship all kinds of code that not all users enable.

Maybe some explanation would help. The primary reason for registering the services by default in the “manual” state (and by extension shipping the binaries for those services) is that some functions (like the fix for the windows mutlti-homed DNS leak mentioned in a post above) require admin to run and the browser does not run with admin privileges. The updater can run with admin privileges because that is necessary to update a system install of Brave so we used the updater to register the services, but did not set them to start automatically. If you are an admin user, you could say this is not necessary because we can prompt for admin when needed and you can accept or deny that. However, if you are a regular user with a system install of Brave you have no way to allow this and you would not get the benefits of things like system-wide protection from the windows multi-homed DNS leak. Was this the right trade-off? In retrospect no because we don’t want to upset our users or make them think we’re doing anything sneaky. We hear that you feel this was not the right decision and we’re going to change it. I can’t guarantee that we’re never going to make a decision you don’t agree with again (or make a mistake), but I can tell you that we will never intentionally do that or try to be sneaky about it, at least not as long as I’m working here because I would quit if we started doing that.

There is NO reason why 99% of people have to install a browser, unless you share your computer with someone, and you want all users to have the most up-to-date version and don’t re-use disk space, then Per-User installation should be what users do.

@Emi-HoloGhostRevisionist88 this is actually not necessarily true if you use vpn and want the best privacy protection on Windows. System-wide protection against the Windows multi-homed DNS leak https://support.brave.com/hc/en-us/articles/11973307463181-What-is-the-Brave-VPN-and-the-Windows-Smart-Multi-Homed-Name-Resolution-Feature- require admin to temporarily set firewall rules that prevent DNS resolution on the non-vpn interface (the source of the dns leak).

Without admin, only Brave itself is protected by using DoH instead of the system DNS resolver. Brave browser does not run with elevated priviledges, but a small helper service that is only enabled with Brave VPN does run with the necessary priviledges and it automatically enables the firewall rules whenever the VPN is running. It runs as a background service because the vpn itself can continue to run even if Brave is closed and we want to make sure the firewall rules are always removed when the vpn is not connected.

However, this is only a problem if the dns server for the local interface is on the same network. Many routers proxy dns requests and set themselves as the DNS server in DHCP.

Coming from #33592 which was closed as a duplicate of this. I also had a similarly named task appear in Task Manager as a startup application, enabled by default. I have since disabled it due to not needing it. The full filepath is C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.117\BraveVpnWireguardService which differs from the service listed in services.msc(Brave Vpn Wireguard service) which has a path of C:\Program Files\BraveSoftware\Brave-Browser\Application\118.1.59.117\BraveVpnWireguardService\brave_vpn_wireguard_service.exe