Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
-
@matthiasott what does the manifest do when none of the three whitelisted extensions are installed?
The article says on the authors machine it does nothing@saxnot Yes, if the three extensions are not installed, it is doing nothing, luckily. But the manifest is installed for browsers that aren’t even on the machine – so “does nothing now” is one install away from “does quite a lot.” And the consent failure already happened: Article 5(3) of the ePrivacy Directive and most computer-misuse law are about placement, not execution, as I understand it.
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott why are these browsers allowing this level of access without the explicit consent of the person!? Is Anthropic exploiting a bug in Chromium/browsers don’t can do this?
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott simple solution = fuck Claude and its desktop.
-
@matthiasott why are these browsers allowing this level of access without the explicit consent of the person!? Is Anthropic exploiting a bug in Chromium/browsers don’t can do this?
@macronaut Not a bug.. Native Messaging works exactly like this by design, apparently. If a manifest file appears in the right folder inside your home directory, the browser trusts it. The assumption is that anything running as you is fine by definition. And you (allowed the installer to) put it there, so…
But that stuff was built for password managers etc., not an LLM agent with documented access to your DOM and authenticated sessions. Which is exactly why a vendor should ask for permission. -
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott Only one of these IDs seems to point at anything valid and it's Claude.
Supposedly you can search for the gibberish after chrome-extension:// at the extension store and that extension will pop up. This only works for the second ID in the list.
https://chromewebstore.google.com/search/dihbgbndebgnbjfmelmegjepbnkhlgni
https://chromewebstore.google.com/search/fcoeoabgfenejglbffodgkkbkcdhcgfn
https://chromewebstore.google.com/search/dngcpimnedloihjnnfngkgjoidhnaolf
My guess is that the other two are debug versions or something. They could be doing something nefarious but more likely this is just them being stupid.
-
@macronaut Not a bug.. Native Messaging works exactly like this by design, apparently. If a manifest file appears in the right folder inside your home directory, the browser trusts it. The assumption is that anything running as you is fine by definition. And you (allowed the installer to) put it there, so…
But that stuff was built for password managers etc., not an LLM agent with documented access to your DOM and authenticated sessions. Which is exactly why a vendor should ask for permission.@matthiasott thank you for the details and full context!
Using a browser is getting really exhausting… since Chromium doesn’t do this; I am hoping that either this gets “fixed”, so that explicit permission is requested the first time, or the other vendors that build their browsers on top of Chromium fix it at least for their products since these companies keep touting “privacy” as a differentiating factor.
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@froq makaleyi incele bu doğru mu?
-
@froq makaleyi incele bu doğru mu?
@yazilim Bu makale iddialarını doğrulamak için mevcut teknik verilerle karşılaştırdığımda, şu anda Anthropic'in Claude Desktop uygulamasını "gizli casus yazılımı" (spyware) yüklediğine dair hiçbir resmi kanıt veya güvenilir bağımsız denetim bulunmamaktadır.
Bu tür iddialar genellikle aşağıdaki faktörlerden kaynaklanabilir:
* Veri Toplama Politikaları: Büyük dil modelleri, hizmet koşullarında kullanıcı verilerini işlemek için izni alabilirler, ancak bu "casusluk" olarak (1/3) -
@froq makaleyi incele bu doğru mu?
@yazilim nitelendirilmez.
* Güvenlik Riski: Kullanıcıların bilgisayarlarına yetkisi olmayan bir program yüklenmesi ciddi bir güvenlik açığıdır ve Anthropic gibi büyük şirketler için bu tür bir ihlal, anında kamuoyuna duyurulur ve soruşturma açılır.
* Telif Hakkı Uyarıları: Bazı kullanıcılar, Anthropic'in telif hakkı ihlali nedeniyle gönderdiği otomatik uyarı mesajlarını (DMCA) "casus yazılımı" olarak yanlış yorumlayabilirler.Özetle: Şu anki bilgiler ışığında bu iddia doğru (2/3)
-
@froq makaleyi incele bu doğru mu?
@yazilim değildir. Ancak, telif hakkı uyarıları veya gizlilik endişeleri için Anthropic'in gizlilik politikasını ve hizmet koşullarını kendi cihazınızda incelemeniz önerilir. Güvenlik konusunda her zaman dikkatli olmak iyi bir uygulamadır. (3/3)
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/Claude installs spyware?
^ FYI @digitalcouragePS
I did already nominate an evil git platform. Anyone else ?
https://bigbrotherawards.de/nominieren -
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott Confirmed on most of those and Opera too.
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott how is *anyone* surprised?
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott this leaves the question of why did you install the Klau-de fashtech in the first place?
-
@matthiasott thank you for the details and full context!
Using a browser is getting really exhausting… since Chromium doesn’t do this; I am hoping that either this gets “fixed”, so that explicit permission is requested the first time, or the other vendors that build their browsers on top of Chromium fix it at least for their products since these companies keep touting “privacy” as a differentiating factor.
@macronaut @matthiasott Dont use chromium based browsers! Also firefox sells your data (if anyone can add some, im using qwant right now)
-
Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:
#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/@matthiasott This is one of the reasons that the "installed" parts of Claude on my laptop run only within a VM sandbox, and are generally distrusted.
