bsclifton
commented
2 months ago Set as a P4 tentatively (cc: @mattmcalister). This is definitely not required as VPN should be usable with IKEv2 and there is a protection put in place for DNS leaks.
This would be a nice enhancement for folks that are user per-user installs and want to be as protected as possible (ex: not having to rely on DNS over HTTPS to protect from the Smart Multihome Domain Resolution feature). It would also allow a person to have the services installed for WireGuard which is an upgrade in terms of what the user experiences with system VPN (IKEv2).
Description
This is requested is taken from Windows should not install VPN services until VPN is purchased/enabled.
Currently VPN services are only available/installed for Brave installations where users gave admin rights during the installation, the problem is these services are not available for per-user installations.
As explained by @bsclifton
Brave Vpn ServiceThat means, all users who are using Per-User installations are in the risk of DNS leaks when using Brave VPN, which is problematic for obvious reasons, but it is not consistent with Brave Company when many times in the past, Brave Team removed or turned off features like CNAME uncloaking for the same reason: DNS leaks.
This is why I think this issue is a priority, unlike the original purpose of #33726, where it was made because people were complaining about the services being installed without consent, this is actually a security/privacy issue for per-user installations of Brave who are using Brave VPN but are less protected than people who gave admin rights to their Brave installation.
There are many reason why people installed Brave without admin rights, either because they don't have access to an admin account or because they installed through winget or used the silent installer, so this mean they shouldn't be expected to give admin rights 'randomly'.
So the best way I can think to implement this without being intrusive, confusing or disruptive is to include a warning message in the VPN panel or System/VPN settings page or the try icon, or somewhere where only people who purchased and are subscribed and using VPN have access to it, where users are informed about how their VPN is not installed as a service, and therefore, without all privileges, their VPN is not fully protected against DNS leaks and can't have benefits like running 24/7 and even survive restarts and all that. Then, there should be a button they can push to resolve that, where they would be asking for admin rights and then be able to install the VPN services to offer the best experience and fully protections for the device.
This way, users can choose to do it if they want to, but also not do it if they don't want or can't give admin rights, which is probably why they installed without admin rights in the first place. This will surely show transparency on Brave's part, but also commitment to protect all Brave users from privacy/security issues, especially when it comes to VPN, because users shouldn't be allowed to use a service like Brave VPN, where Brave team knows there can be security or privacy issues only because people installed Brave without admin rights for whatever reason, so it would be good if Brave allowed users to install VPN as service to give full protections and benefits, even if they got a per-user installation.
Thank you and have a good day.