Claude Desktop Version Faces Allegations of "Spyware"! Changed access settings without consent, suspected of violating EU law

Researchers accuse the Claude desktop version of installing configuration files in multiple browsers without consent, sparking a “spyware” controversy and raising concerns about possible violations of EU privacy laws. Public opinion is divided, and experts urge authorities to increase transparency to protect cybersecurity.

Cybersecurity researcher claims Claude desktop version is “spyware”

Have you installed the Claude desktop version? Cybersecurity researcher Alexander Hanff recently said in a post that Claude’s desktop application secretly installs configuration files for native browser message handling on users’ computers without obtaining their consent.

When inspecting a Mac computer, Hanff found that the program wrote specific configuration files into folders of up to seven Chromium-based browsers, including Brave, Google Chrome, Edge, Arc, Vivaldi, and Opera. This writing operation even covered browser software that the user had not yet installed at the time.

He said the operation is hidden by default, lacks any user-consent mechanism, and is difficult to remove. The program not only pre-authorized three browser extension IDs that had not yet been installed, and the file naming also failed to clearly specify the scope of authorization, but it also pre-authorized native message handling executables for browsers that did not yet exist.

If an extension is triggered, the helper executable can read the user’s browser login status, webpage content, automatically fill forms, and capture screenshots.

Image source: Alexander Hanff’s article — cybersecurity researcher claims Claude Code desktop version is “spyware”

Hanff also pointed out that, according to Anthropic’s own security data, Claude’s Chrome extension faces a 23.6% success rate for prompt injection attacks without defenses, and an 11.2% success rate with existing defenses.

In cases where a user’s laptop has a bridge component pre-installed, successful prompt injection attacks targeting the extension would provide an intrusion pathway—allowing the extension and bridge to trigger a helper executable running outside the browser sandbox with the user’s privileges.

He accused that the behavior of the Claude desktop version is akin to “dark patterns” (deceptive design) and “spyware.” Such actions that cross trust boundaries seriously violate users’ privacy.

Possible violations of EU law?

Hanff and Noah M. Kenney, founder of the digital advisory firm Digital 520, also noted that the Claude desktop version may violate Article 5, Paragraph 3 of the EU Electronic Privacy Directive. This law requires service providers to provide clear information and obtain users’ consent.

Hanff believes that, aside from legal implications, a company widely seen as dedicated to security and privacy releasing tools that appear to undermine its own stance will lead to major reputational damage and lose users’ trust.

However, Kenney was cautious about Hanff’s use of the term “spyware” to describe the software. He noted that the program does not actively steal data, but he agreed that European regulators interpret the requirements for absolute necessary exemption conditions extremely strictly. Without explicit consent, integrating installation across applications is likely to face a high risk of regulatory penalties.

Is the Claude desktop version spyware? Public opinion is divided

The engineer forum Hacker News has mixed views on the article. After some engineers tested it, they confirmed there was unauthorized installation behavior, and they expressed dissatisfaction that the Claude desktop version modified the settings of other independent software without permission, viewing it as a breach of the basic trust between software.

Others believe that this is simply the standard operation of native message handling mechanisms. Without specific evidence showing the program actively leaks data, calling it spyware seems like an exaggeration.

Former Apple engineering executive Bogdan Grigorescu also urged on LinkedIn that users should run such generative AI tools on virtual machines or dedicated separate devices, and should avoid installing them on the main computers used to handle personal finances and confidential information as much as possible.

Cybersecurity expert Jason Packer said that Anthropic pre-authorizing extension IDs that have not yet been officially listed in app stores is an extremely bad example in cybersecurity practice.

Anthropic has not responded, and Claude’s ethical issues are coming under scrutiny

Malwarebytes, which specializes in Mac malware defense tools, believes that native message handling is indeed a standard and legitimate mechanism of Chromium browsers, but Claude’s desktop version pre-writes configuration files into multiple browser paths without clearly informing users, unquestionably increasing the attack surface of the computer devices.

After evaluation, Malwarebytes said that because Claude needs specific extensions to function fully, it would be unfair to label it outright as spyware. However, Anthropic absolutely could implement this in a more transparent way: it should clearly inform users about system changes and let users assess the risks before deciding whether to consent to installation.

As of the time of reporting, Anthropic has not issued any official statement regarding this. The Register and Malwarebytes have both submitted requests to Anthropic for comments, but they have not received any response.

LAYOUT REFERENCE (source): total_lines=57, non_empty_lines=31, blank_lines=26