But I still don't understand why people would make a big deal about a piece of software that installs multiple software packages...
I mean have you ever installed Microsoft office? Did you ask it to install Microsoft access? What does Microsoft access even do?
Or have you ever installed nvidia drivers? Did you ask for the whole "GeForce experience"? Wtf does that even mean?
Installing extra software packages is definitely par for the course, bit in the brave example, at least the extra shit isn't required for the main app to work, in fact it's disabled by default, that's great!
To answer your original question: yes I do think people are genuinely upset with this.
If you take your office installation example, you're installing a suite of applications. You're not just installing excel, you're installing the office suite so you're bound to get all the applications in the suite.
Meanwhile, this would be like installing the office suite and getting a service installed along with it, that can monitor outgoing network traffic without them saying anything about it.
The main two reasons I'd be upset with this if I used brave was: They installed it without saying anything and It's something that's inherently a privacy and security risk. Even if brave themselves don't do anything malicious with it, doesn't mean that someone who's found a potential exploit in the VPN service won't.
Also just as an aside, I also absolutely despise "GeForce Experience" and there are ways to fetch the drivers as standalone packages without getting the telemetry spyware installed alongside them.
It's something that's inherently a privacy and security risk. Even if brave themselves don't do anything malicious with it, doesn't mean that someone who's found a potential exploit in the VPN service won't.
Ok, well a vpn is a potential security improvement if anything... But regardless, it's off, it's disabled, unusable unless you're paying for it. I mean just for perspective, any browser is much more of an inherent security risk than a VPN app sitting dormant and inactive.
But you're right that users never asked for it, so I get that part.
A VPN is only as much of a security improvement as the service behind it. If it gets installed in a shady way, how much trust can you put into the service?
This was my point exactly. A VPN may just as well be used to spy on your traffic rather than secure it. And that's why I'd be upset, personally: because I don't trust brave or the company behind it.
But I think the main thing people are up in arms about is the fact that they didn't ask for it. :)