https://www.thatprivacyguy.com/blog/anthropic-spyware

missconstrue@mefi.social

Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.

That Privacy Guy! (www.thatprivacyguy.com)

Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Anthropic has not denied the report, as of time of post.

TLDR: If a user installs Claude Desktop on a Mac (pc test results tba), it installs a backdoor into every browser, even those not installed. By testing on a clean machine, Hanff discovered that Installing Claude Desktop for macOS drops a Native Messaging host manifest into multiple Chromium profiles (Chrome, Edge, Brave, Arc, Vivaldi, Opera, Chromium), even including for browsers that are not actually installed yet.

How bad is it? Well...that depends. What it does is create a very wide attack vector, especially for prompt injection. That it is done invisibly, without telling the user, and making it difficult to remove, is certainly problematic.

I dunno man, maybe don’t use the planet destroying tulip craze?

#infosec #claude #ai #llm #security #browsers

mike805@noc.social

@MissConstrue If you do want to use it, use it through a browser. Paste the error message and see what it comes up with. That way it cannot delete your database.

AI needs to be quarantined until it is proven non-contagious.

joblakely@mastodon.social

@MissConstrue they are all so evi and I really hope it takes them all down first. Maybe we’ll have a fighting chance to survive their fuckery.