I guess they place it in the installer to make it easier to update? Note, I never used Brave in my life, so I don’t really know how it works.

The point I’m making is that it’s not like Brave installed the VPN in secret, hidden away to it’s own devices. The code is there and a service is installed, sure, but it’s dormant until the user activates it.

Firefox also installs telemetry and data reporting functions like most browsers, also libraries like libwebp, which are prone to critical vulnerabilities (as seen), encryption systems like Encrypted Client Hello, and software like Pocket, which some users never use, but it’s still there.

Any browser will install many features that probably won’t be used. Saying that a browser that installs a feature like Tor or VPN (which aren’t even hidden, Brave publicly present those features) is automatically bad doesn’t sound reasonable to me.

You know Firefox installs a bunch of stuff by default as well, right?