Claude Desktop Version Faces Allegations of "Spyware"! Changed access settings without consent, suspected of violating EU laws

Researchers accuse Claude desktop version of installing profiles across multiple browsers without consent, sparking “spyware” controversy and concerns over violations of EU privacy laws. Public opinion is divided, with experts urging authorities to increase transparency to protect cybersecurity.

Cybersecurity researcher claims Claude Code desktop version is “spyware”

Have you installed the Claude desktop version? Cybersecurity researcher Alexander Hanff recently posted that the desktop application for Claude quietly installs browser native message handling configuration files on the computer without user consent.

Hanff found that, upon inspecting a Mac computer, the program wrote specific configuration files into folders of up to seven Chromium-based browsers, including Brave, Google Chrome, Edge, Arc, Vivaldi, and Opera. These write operations even targeted browsers not yet installed by the user.

He pointed out that this operation is set to be hidden by default, lacks user consent mechanisms, and is difficult to remove. The program not only pre-authorized three unidentified browser extension IDs, with filenames that do not clearly specify the scope of authorization, but also pre-authorized native message handling executables for browsers that do not yet exist.

If extensions are triggered, helper executables can read user browser login status, webpage content, auto-fill forms, and capture screenshots.

Image source: Alexander Hanff’s article Researchers accuse Claude Code desktop version of being “spyware”

Hanff noted that, according to Anthropic’s own security data, Claude’s Chrome extension faces a 23.6% success rate for prompt injection attacks without defenses, and an 11.2% success rate with existing defenses.

In cases where users’ laptops have pre-installed bridge components, successful prompt injection attacks targeting the extension could provide an intrusion pathway, allowing the extension and bridge to trigger helper executables running outside the browser sandbox with user privileges.

He accuses that the behavior of the Claude desktop version is akin to “dark patterns” (fraudulent design) and “spyware,” crossing trust boundaries and severely infringing on user privacy.

Potential violation of EU law?

Hanff and Noah M. Kenney, founder of digital consulting firm Digital 520, also pointed out that the Claude desktop version may violate Article 5(3) of the EU Electronic Privacy Directive, which requires service providers to provide clear information and obtain user consent.

Hanff believes that, aside from legal implications, a company publicly recognized for security and privacy should not release tools that seem to undermine its own stance. Doing so could cause significant reputational damage and erode user trust.

However, Kenney is cautious about Hanff’s characterization of the software as “spyware,” noting that the program does not actively steal data. He agrees that European regulators interpret the necessary exemptions very strictly, and installing integrated features across applications without explicit consent could face high regulatory risks.

Is Claude Code desktop version spyware? Public opinions are divided

The Hacker News developer forum has mixed views. Some engineers confirmed, through testing, that unauthorized installation behaviors exist and are dissatisfied with Claude desktop version modifying other independent software settings without permission, seeing it as a breach of basic trust among software.

Others believe that this is simply standard operation of native message handling mechanisms, and without concrete evidence of active data leakage, calling it spyware may be an overstatement.

Former Apple executive Bogdan Grigorescu also urged on LinkedIn that users should run such generative AI tools in virtual machines or dedicated separate devices, and avoid installing them on main computers used for personal finance or sensitive tasks.

Cybersecurity expert Jason Packer pointed out that Anthropic pre-authorizing extension IDs not yet officially listed in app stores is an extremely poor example in cybersecurity practice.

Anthropic has not responded, and Claude’s ethical issues face scrutiny

Malwarebytes, a Mac malware and antivirus specialist, believes that native message handling is indeed a standard, legitimate mechanism in Chromium browsers, but Claude desktop version’s pre-writing configuration files into multiple browser paths without clear user notification unquestionably increases the attack surface of the device.

Malwarebytes assessed that, since Claude requires specific extensions to function fully, labeling it as spyware is unfair. However, Anthropic could adopt more transparent implementation methods, clearly informing users of system changes and allowing them to assess risks before agreeing to installation.

As of the time of reporting, Anthropic has not issued any official statement. Both The Register and Malwarebytes have requested comments from Anthropic but have not yet received a response.