Anthropic installed a spyware bridge on my machine?
a day ago
- #software-ethics
- #privacy
- #browser-security
- Author discovers an unauthorized, silent installation of an Anthropic Native Messaging manifest file on their Mac while debugging a project, finding it in Brave Browser’s directory without their knowledge or consent.
- The manifest (~/Library/Application Support/.../com.anthropic.claude_browser_extension.json) pre-authorizes a bridge between Chrome extensions and Claude Desktop, enabling out-of-sandbox access to user-privileged executable on the machine, without user opt-in, installation, or notification.
- Claude Desktop’s own logs confirm it installed this 'Chrome Extension MCP' manifest across multiple browsers (including Brave, Chrome, Edge, and even browsers not installed), rewriting files on every launch and tracking numerous install events without providing any UI or settings for management or removal.
- The bridge’s capabilities, as per Anthropic’s documentation, include accessing authenticated browser sessions, reading DOM state, extracting data, automating tasks, and session recording, posing significant security and privacy risks, especially given Claude for Chrome’s vulnerability to prompt injection attacks (11.2–23.6% success rate).
- The article outlines eleven 'dark patterns' in Anthropic’s approach, such as forced bundling across trust boundaries, invisible defaults, pre-authorization of uninstalled software, and scope inflation through generic naming, while noting the setup potentially breaches privacy laws like the EU ePrivacy Directive and computer misuse laws.
- Security and privacy threats are highlighted, including supply chain exposure, prompt injection risks, browser trust model inversion, lack of auditability, and risks to sensitive data like authenticated sessions and DOM content, with the capability described as 'pre-installed spyware capability' that becomes active upon extension installation.
- Recommendations for Anthropic include asking for user consent via dialogues, pulling rather than pushing installs, scoping installations strictly to opted-in browsers, surfacing integrations in settings, documenting all changes, and offering retroactive consent to existing users, emphasizing that current practices undermine trust and user rights.