Claude Desktop Version Faces Allegations of "Spyware"! Changes Access Settings Without Consent, Suspected to Violate EU Laws

Researchers accuse Claude desktop version of embedding configuration files in multiple browsers without consent, sparking “spyware” controversy and concerns over violations of EU privacy laws. Public opinion is divided, with experts calling for increased transparency from authorities to ensure cybersecurity.

Cybersecurity researcher claims Claude desktop version is “spyware”

Have you installed the Claude desktop version? Cybersecurity researcher Alexander Hanff recently posted that the desktop application of Claude secretly installs browser native message handling configuration files on the computer without user consent.

Hanff found that, while inspecting a Mac computer, the program wrote specific configuration files into folders of up to seven Chromium-based browsers, including Brave, Google Chrome, Edge, Arc, Vivaldi, and Opera. These write operations even targeted browsers not yet installed by the user.

He pointed out that this operation is set to be hidden by default, lacks user consent mechanisms, and is difficult to remove. The program not only pre-authorized three unidentified browser extension IDs, with file naming that does not clearly specify the scope of authorization, but also pre-authorized native message handling executables for browsers that do not yet exist.

If extensions are triggered, helper executables can read the user’s browser login status, web content, auto-fill forms, and capture screenshots.

Image source: Alexander Hanff’s article Cybersecurity researcher claims Claude Code desktop version is “spyware”

Hanff noted that, according to Anthropic’s own security data, Claude’s Chrome extension faces a 23.6% success rate for prompt injection attacks without defenses, and an 11.2% success rate with existing defenses.

In cases where users’ laptops have pre-installed bridge components, successful prompt injection attacks targeting the extension could provide an intrusion pathway, allowing the extension and bridge to trigger helper executables running outside the browser sandbox with user privileges.

He accuses that the behavior of the Claude desktop version is akin to “dark patterns” (deceptive design) and “spyware,” crossing trust boundaries and severely infringing on user privacy.

Potential EU Law Violations?

Hanff and Noah M. Kenney, founder of digital consulting firm Digital 520, also pointed out that the Claude desktop version may violate Article 5, Paragraph 3 of the EU Electronic Privacy Directive, which requires service providers to provide clear information and obtain user consent.

Hanff believes that, aside from legal implications, a company publicly recognized for security and privacy should not release tools that seem to undermine its own stance. Doing so could cause significant reputational damage and erode user trust.

However, Kenney is cautious about Hanff’s characterization of the software as “spyware,” noting that the program does not actively steal data. He agrees that European regulators interpret the necessary exemptions very strictly, and installing integrated features across applications without explicit consent could face high regulatory risks.

Is Claude Desktop Version Spyware? Public Opinions Divided

The Hacker News engineer forum has mixed views. Some engineers confirmed, after testing, that unauthorized installation behaviors exist and are dissatisfied with Claude’s unauthorized modifications to other independent software settings, seeing it as a breach of basic trust among software.

Others believe that this is simply standard operation of native message handling mechanisms, and without concrete evidence of active data leakage, calling it spyware may be an overstatement.

Former Apple executive Bogdan Grigorescu also urged on LinkedIn that users should run such generative AI tools in virtual machines or dedicated separate devices, and avoid installing them on main computers used for personal finance or sensitive tasks.

Cybersecurity expert Jason Packer pointed out that Anthropic pre-authorizing extension IDs not yet officially listed in app stores is a very poor example in cybersecurity practice.

Anthropic has not responded, and Claude’s ethical issues face scrutiny

Malwarebytes, a Mac malware and antivirus specialist, believes that native message handling is indeed a standard, legitimate mechanism in Chromium browsers, but Claude’s approach of pre-writing configuration files into multiple browser paths without clearly informing users unquestionably increases the attack surface of the device.

Malwarebytes assessed that, since Claude requires specific extensions to function fully, labeling it as spyware is unfair. However, Anthropic could adopt more transparent implementation methods, clearly informing users of system changes and allowing them to assess risks before agreeing to installation.

As of the time of reporting, Anthropic has not issued any official statement. Media outlets like The Register and Malwarebytes have requested comments from Anthropic but have yet to receive a response.