the VPN was a feature of the software at the time and not enabled unless you signed up but as you point out if software changes its service without explicitly telling users these days it feels bad
Welll yeah - point was that they installed a service without consent. And not just a browser feature, but something crossing a whole another boundary. AFAIK also, while the tunnel itself was not enabled, the service itself was turned on automatically.
according to the minutes of research i did ;-) i got the impression the service was disabled by default. i don’t know the tech details otherwise so i don’t know if it made the system vulnerable or unstable in any way. i didn’t find anything like that.
more to the point is that they should have said that VPN resources were being installed