Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:

@macronaut Not a bug.. Native Messaging works exactly like this by design, apparently. If a manifest file appears in the right folder inside your home directory, the browser trusts it. The assumption is that anything running as you is fine by definition. And you (allowed the installer to) put it there, so…
But that stuff was built for password managers etc., not an LLM agent with documented access to your DOM and authenticated sessions. Which is exactly why a vendor should ask for permission.

@saxnot Yes, if the three extensions are not installed, it is doing nothing, luckily. But the manifest is installed for browsers that aren’t even on the machine – so “does nothing now” is one install away from “does quite a lot.” And the consent failure already happened: Article 5(3) of the ePrivacy Directive and most computer-misuse law are about placement, not execution, as I understand it.

Even Claude says this is bad. ¯\_(ツ)_/¯
Maybe you should have asked your country of geniuses in a vending machine before deploying this…

Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:

#Anthropic secretly installs spyware when you install Claude Desktop
https://www.thatprivacyguy.com/blog/anthropic-spyware/