A highly publicized AI tool has been accused of installing hidden browser extensions without the user’s consent. Claude Desktop, developed by Anthropic, is designed for macOS and uses a cross-platform framework called Electron to interact with various browsers.

According to Alexander Hanff, a privacy consultant and occasional contributor to The Register, Claude Desktop installs files that affect other vendors’ applications without disclosure, even before those applications have been installed. These files authorize browser extensions without consent, which can grant access to sensitive user data.

Hanff claims this behavior is in direct breach of European privacy law, specifically Article 5(3) of Directive 2002/58/EC (the ePrivacy Directive), which requires service providers seeking access to a person’s data to provide clear details about the data access request and obtain consent unless access is strictly necessary to provide the service.

The issue was discovered by Hanff while trying to debug another application that used Native Messaging, an API for communicating between Chrome and other applications. The file in question was “com.anthropic.claude_browser_extension.json,” a Native Messaging manifest file that gets called when Chromium-based browsers want to run a local executable.

This file pre-authorizes three different Chrome extension identifiers, allowing associated browsers to grant Claude access if they are installed at some point in the future. However, Hanff notes that he never installed any Anthropic browser extensions due to privacy and security concerns, yet Claude Desktop did so for him without disclosure or permission.

The implications of this behavior are significant, as browser extensions often request overly broad permissions, which can compromise user security and privacy. Hanff argues that Anthropic’s approach has numerous problems, including forced bundling across trust boundaries, invisibility by default with no opt-in, difficulty in removal, pre-authorization of non-present browsers, and unclear naming conventions for the authorized file.

Furthermore, Hanff points out that Claude Desktop is vulnerable to prompt injection attacks, which can compromise user data. In fact, Anthropic’s own safety data states that Claude for Chrome has a 23.6% success rate without mitigations and an 11.2% success rate with current mitigations.

Anthropic did not respond to a request for comment on this issue. The findings of Hanff and others raise concerns about the potential risks associated with AI tools that install hidden browser extensions without user consent, highlighting the need for stricter regulations and greater transparency in the development and deployment of such technologies.

Noah M. Kenney, founder and principal consultant for advisory firm Digital 520, takes issue with Hanff’s use of the term “spyware” but acknowledges the validity of his technical claims. Independent reviewers can verify that identical Native Messaging manifests are written across multiple Chromium-based browser paths, that the activity is attributed at the OS level to the desktop application, and that installation events are recorded in the app’s own logs.

The incident serves as a reminder of the importance of ensuring that AI tools prioritize user consent and transparency in their interactions with browsers and other applications. As AI continues to shape our digital landscape, it is crucial to address concerns around security, privacy, and trustworthiness.

The findings have sparked debate among industry experts, highlighting the need for closer examination of AI tool behavior and its implications for user data protection. The incident serves as a wake-up call for developers and policymakers alike to reassess their approach to ensuring that AI tools operate in the best interests of users, rather than compromising their security and privacy.

As the development and deployment of AI continue to advance at an unprecedented pace, it is essential to prioritize user consent, transparency, and accountability. The incident serves as a reminder of the importance of maintaining trust in AI technologies and ensuring that they operate within established boundaries of ethics and responsibility.

The long-term implications of this behavior are far-reaching, with potential consequences for users who rely on AI tools for their daily operations. As experts continue to analyze and discuss the issue, it is crucial to recognize the importance of prioritizing user consent and transparency in AI tool development and deployment.

Ultimately, the incident highlights the need for a more nuanced approach to AI tool development, one that balances innovation with user security and privacy concerns. By acknowledging the risks associated with hidden browser extensions and taking steps to address them, developers can ensure that their tools operate within established boundaries of ethics and responsibility.

}

Inspired by

• https://go.theregister.com/feed/www.theregister.com/2026/04/20/anthropic_claude_desktop_spyware_allegation/

Sources

• thatprivacyguy.com
• chrome.com
• claude.com
• github.com
• digital520.com