Anthropic quickly removed a tracker secretly monitoring Claude Code users in China after a security researcher
exposed the hidden code and condemned the spyware-like tracking as a “serious breach of user trust.”
Last week, a web developer known as “Thereallo” was researching privacy issues in Claude Code and was shocked to find that the AI firm was using “prompt steganography” to hide code that tracks Chinese users “in plain sight.” This code wasn’t malicious, but it was sending information to Anthropic that most users wouldn’t detect, relying on shorthand markers to quietly flag users’ timezone, proxy, and potential connection to Chinese AI labs that
Anthropic has accused of distillation attacks.
On X, Anthropic engineer Thariq Shihipar confirmed that the tracker was added to Claude Code as an “experiment” in March. According to Shihipar, the code “was meant to prevent account abuse from unauthorized resellers and protect against distillation.” Regarding the former,
The Washington Post found unauthorized retailers have sold access to free models for $1 a month, and pro subscriptions that can cost $100 monthly sell for “as little as $12.”
Supposedly, Anthropic has “actually been meaning to take this down for a while,” Shihipar said of the hidden code, because engineers have “landed stronger mitigations since then.”
Privacy advocates were not happy with the explanation, though, warning that the code is evidence that Anthropic is willing to cross lines to surveil users. That’s perhaps especially surprising, considering that Anthropic riled the Trump administration by
refusing to allow the US government to use Claude to surveil US users. The AI firm has since sued the White House over the clash.
<small>Source: Ars Technica</small>