First reported by bsky
Alibaba bans employees from using Anthropic's Claude Code over security and spyware concerns
Secret Claude Tracker Shocks Users After Anthropic's Anti-Surveillance Stance
By
BeauHD
21h agoen
Source
SlashdotSecret Claude Tracker Shocks Users After Anthropic's Anti-Surveillance Stanceslashdot.orgAn anonymous reader quotes a report from Ars Technica: Anthropic quickly removed a tracker secretly monitoring Claude Code users in China after a security researcher exposed the hidden code and condemned the spyware-like tracking as a "serious breach of user trust." Last week, a web developer known as "Thereallo" was researching privacy issues in Claude Code and was shocked to find that the AI firm was using "prompt steganography" to hide code that tracks Chinese users "in plain sight." This code wasn't malicious, but it was sending information to Anthropic that most users wouldn't detect, relying on shorthand markers to quietly flag users' timezone, proxy, and potential connection to Chinese AI labs that Anthropic has accused of distillation attacks. On X, Anthropic engineer Thariq Shihipar confirmed that the tracker was added to Claude Code as an "experiment" in March. According to Shihipar, the code "was meant to prevent account abuse from unauthorized resellers and protect against distillation." Regarding the former, The Washington Post found unauthorized retailers have sold access to free models for $1 a month, and pro subscriptions that can cost $100 monthly sell for "as little as $12." Supposedly, Anthropic has "actually been meaning to take this down for a while," Shihipar said of the hidden code, because engineers have "landed stronger mitigations since then." Privacy advocates were not happy with the explanation, though, warning that the code is evidence that Anthropic is willing to cross lines to surveil users. That's perhaps especially surprising, considering that Anthropic riled the Trump administration by refusing to allow the US government to use Claude to surveil US users. The AI firm has since sued the White House over the clash. The Post suggested that the tracker incident is a sign that US firms like Anthropic are taking "increasingly aggressive measures" to block Chinese AI firms from copying their models. A more defensive stance has apparently become critical. In the past year, Chinese firms have "consistently matched" US firms' model capabilities "within months," the Post reported. Most recently, "a new, free AI model from Chinese company Zhipu AI was better at finding computer vulnerabilities than Anthropic's Claude Opus 4.8 model, which was released in May," the Post reported. Read more of this story at Slashdot.
You might also wanna read

Anthropic spied on Chinese users of its Claude Code chatbot to uncover AI rivals
Anthropic secretly deployed spyware on its Claude Code chatbot to monitor China-based customers, aiming to identify Chinese rivals suspected

Secret Claude tracker shocks users after Anthropic’s anti-surveillance stance
Ars Technica·23h ago
Social media post alleges Anthropic's Claude Code secretly collects user metadata from Chinese users
A viral social media post accuses Anthropic of embedding hidden code in Claude Code that covertly collects and routes metadata (timezone, pr
Alibaba bans Claude Code after hidden user-tracking code discovered
Alibaba has banned employees from using Anthropic's Claude Code coding agent after security researchers found hidden code in the tool design
Alibaba bans employee use of Anthropic's Claude Code over security concerns
Alibaba has banned employees from using Anthropic's Claude Code tool for work, citing security concerns over Anthropic's past use of hidden
Anthropic Releases Claude Code Security AI Tool to Help Defenders Detect Vulnerabilities
Anthropic is releasing Claude Code Security, an AI-powered cybersecurity tool designed to help defenders detect novel, high-severity vulnera

Comments
Sign in to join the conversation.
No comments yet. Be the first.