Brave-browser: Add a "Disable autoupdate" feature.

FWIIW, I did stop using and promoting Brave since brave/browser-laptop#1877 was not taken seriously. I guess it's been two years and counting now! I go to lots of events, meetups and speak at conferences, and used to always promote Brave as an alternative browser — no more!

P.S. And, BTW, the download links are still broken!

@cnst The updater link seems to be working. Could have been a momentary glitch

user@bravelinux:~$ curl -v https://laptop-updates.brave.com
* Rebuilt URL to: https://laptop-updates.brave.com/
*   Trying 151.101.185.7...
* TCP_NODELAY set
* Connected to laptop-updates.brave.com (151.101.185.7) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc.; CN=p.ssl.fastly.net
*  start date: May 28 23:10:12 2019 GMT
*  expire date: Feb 22 17:14:27 2021 GMT
*  subjectAltName: host "laptop-updates.brave.com" matched cert's "*.brave.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign CloudSSL CA - SHA256 - G3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: laptop-updates.brave.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Cowboy
< Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
< Pragma: no-cache
< Expires: 0
< Content-Type: text/html; charset=utf-8
< Accept-Ranges: bytes
< Via: 1.1 vegur
< Accept-Ranges: bytes
< Age: 0
< Content-Length: 12
< Accept-Ranges: bytes
< Date: Thu, 08 Aug 2019 13:34:06 GMT
< Via: 1.1 varnish
< Age: 0
< Connection: keep-alive
< X-Served-By: cache-mdw17339-MDW
< X-Cache: MISS
< X-Cache-Hits: 0
< X-Timer: S1565271246.011623,VS0,VE28
< 
* Connection #0 to host laptop-updates.brave.com left intact

@brave/design we should probably consider implementing a Vivaldi style update prompt when a new version is made available.

cc: @tomlowenthal

Hello, automatic updates are a core part of our commitment to security. Delaying them is always a risk. We're not going to add a feature to disable automatic updates.

I'm interested in other concerns about the automatic update process. Your Brave process shouldn't be killed when there's an update: it should be silently updated in the background, and the next time you launch Brave, it should be the new version. Likewise, it seems totally reasonable to want to download updates only on certain connections or at certain times of day.

@srirambv: I cannot reproduce your findings, I'm still getting the same couldn't connect to host as in the linked bug report referenced above.

@tomlowenthal: you're misunderstanding this issue. The process being killed in a _symptom_. The _problem_ is autoupdates that cannot be disabled. Perhaps you're not aware, but disabling of autoupdates is a standard feature in other privacy-conscious browsers like Firefox and other systems. Autoupdate functionality will always be an attack factor for certain individuals, and your lack of support for disabling it is simply unacceptable. There were already instances of the autoupdate functionalities being used to compromise systems; to think that you're somehow immune to such attacks is naive at best.

Hi @cnst I understand what you're asking, I just disagree with you. I'm sure that if you really want to you can work out how to prevent your instance of Brave from updating on your machine. But it's simply not a feature that we're going to add to the product. If there's a switch somewhere in settings which turns of automatic updates, then plenty of people will flip it without being aware of the very real risk of having an out-of-date web browser. We think that the importance of ensuring that everyone using Brave has an up-to-date browser which protects them against everyday threats on the web outweighs the much rarer risk of a malicious update.

I'm also unable to reproduce your problem accessing the installer files. In your report in brave/browser-laptop#10863, curl outputs the error:

Failed to connect to ::2: Network is unreachable

This sounds to to me like curl may be attempting to use IPv6 and either your device isn't configured for IPv6, or your network doesn't use IPv6? In any event Network is unreachable definitely seems like a local sort of an error rather than a remote one. Have you tried using another machine or ignoring your local curl config/alias?

Still, one issue per issue. If you think you've eliminated all possible local causes, please do open another issue with details.

You disagree with existing empirical evidence (aka facts) that autoupdate has already been used in the wild as an attack factor for some software? Or you disagree with an assertion that a user should be in control of their own machine?

I don't understand your assertion that plenty of users will flip autoupdate without being aware of the risks; do you really think your users are that dumb?

The problem here is that you're trying to force your own politics onto your users, instead of providing technical means of accomplishing the job; for details of this issue, see https://queue.acm.org/detail.cfm?id=2716278.

As for Brave's download links, they don't work in the browser, either, so, it's not a curl issue; I do have IPv6, and there are no issues with my connectivity or routing. I'm actually very surprised that so many of you are being surprised that it doesn't work; I'll leave it at that; anyone who's paying any attention to these bug reports knows what's going on here!

The problem here is that you're trying to force your own politics onto your users, instead of providing technical means of accomplishing the job; [...]

Forced to agree with @cnst

And please, take no offence, but this what-I-believe-to-be idiocy policy can be easily demonstrated when I read:

If there's a switch somewhere in settings which turns of automatic updates, then plenty of people will flip it without being aware of the very real risk of having an out-of-date web browser. We think that the importance of ensuring that everyone using Brave has an up-to-date browser which protects them against everyday threats on the web outweighs the much rarer risk of a malicious update.

So then tell me why you're releasing Brave on Android and iOS where you have no ways to keep apps up-to-date?

Come on! You just never experienced an attack like @cnst is describing. Have a look on (Mac) Transmission's recent story. I'm finger crossed on that you'll never experience such attacks but if it happens, you may have to face a massive leak; and if this involves personal data, EU's GPDR wraith will not be far away.

Plus, if one would want to really get rid of these updates, a simple line in hostsfile can kill your entire process.

Half of my company's devs now have abandoned Brave for this behavior. sigh I guess it's time for me to move on and stop promoting something when I have no arguments to defend it. I'm just so so disappointed.

Hi, I'm just testing Brave and I find it a really cool and innovating project, 😄 but this "forced update" policy is what reminds me of Google and other companies vertical behaviours. I'm using 4G connection right now (so I've limited gigas) and it's absurd that there's no setting (not even a hidden one) to prevent updates to steal my Internet data. 😭

People here just ask for an option, you can add it in brave://flags/ so _normal users_ won't activate it by mistake and make everybody happy...otherwise you will probably just lose _pro users_. 🌳

There is an unofficial project that folks can try- there is a portable version of Brave which I don't believe will update itself. This project is not associated with Brave Software, but it might be a potential solution for folks wanting this functionality:

https://portapps.io/app/brave-portable/

You can also download the compiled version in a zip package ... it doesn't do autoupdate either.
Just follow this link
https://github.com/brave/brave-browser/blob/master/CHANGELOG.md
The top link is to the most recent (stable) version.
On that page, scroll down to find the various formats available, including compiled zip versions without an installer. These non-installer versions do not autoupdate.

I find the autoupdate very useful: normally I've it activated (WiFi), now I need to disable it (4G), that's it. The only real solution for me is to block the hosts file (done)...blocking also other functions, which is not a clean solution from my point of view. 😝
Please consider to add an hidden setting (maybe with a huge warning explaining why you need it activated), this would make all of us happy (I think), thanks. :)

We know that there are a bunch of ways to disable auto-updates, (including https://www.chromium.org/administrators/turning-off-auto-updates ), but they're varying degrees of convoluted. So to make things neater, we're going to implement a flag allowing auto-updates to be disabled manually. I still want to emphasize that this is a dangerous flag to set, but we appreciate needs like @360fun's to avoid auto-updates on limited connections.

Thank you, I'm very happy that we found a solution that works for both sides! 🙏

@rebron Hey. What does P4 implies regarding timeline? Thanks.

@willemavjc It's relative. It's on our list of items to do, the bulk of which are in the p3 bucket very few p1/p2s. Tagged p4, it's work that will happen just no specific timeframe just yet. Once it's assigned, picked up a by a dev or someone in the community, timeline will be clearer.

or basically p4 is the recycle bin

Please add a menu option for this. My experience from Firefox is that settings tend to disappear. This is the one issue that prevents Brave from becoming my main browser, or from me recommending it to others. It should be up to me only when and if software is updated on my computer. You may think you're making things more secure, and maybe that's true for the normal case, but for the 'things have gotten BAD' case, you're making your software into an attack vector.