Anthropic Receives Cease and Desist Over Claude Desktop Privacy Violations
Key Takeaways
- ▸Anthropic issued cease and desist for installing Native Messaging Bridges in Claude Desktop without explicit user consent
- ▸Alleged violation of EU ePrivacy Directive (2002/58/EC) Article 5(3) and Maltese criminal law Article 337C
- ▸Story went viral with 150,000+ reads and international media coverage across technical and mainstream outlets
Summary
Privacy researcher robin_reala has issued a formal cease and desist notice to Anthropic, alleging that Claude Desktop's installation of Native Messaging Bridges without explicit user consent violates EU privacy law. The complaint centers on the preemptive installation of browser extension manifests that enable Chrome plugin functionality, which the researcher argues breaches the ePrivacy Directive (2002/58/EC) Article 5(3) requirement for explicit user consent before accessing or storing information on end-user devices. The researcher also cites Article 337C of Maltese criminal law, which criminalizes unauthorized installation or modification of data or software.
The allegations gained viral attention, with the original post attracting over 150,000 reads in its first weeks and spreading across international media outlets including The Register, Malwarebytes Labs, Neowin, and publications in German, Portuguese, Russian, Danish, Polish, and Japanese. The story circulated widely on Hacker News, Reddit, and Fediverse instances. Despite the sustained public attention and media inquiries, Anthropic has maintained complete silence, neither publicly responding nor engaging with the researcher's direct correspondence.
The cease and desist demands that Anthropic immediately push updates to Claude Desktop and Claude Code to remove the Native Messaging Bridge manifests and cease their preemptive installation until users explicitly choose to install the Chrome extension. The researcher emphasizes using Anthropic's services daily but views the behavior as equivalent to spyware and a violation of fundamental privacy principles.
- Anthropic has not publicly responded despite significant media attention and direct researcher correspondence
- Demand: immediate removal of manifests with commitment not to reinstall until users explicitly opt-in to Chrome extension
Editorial Opinion
This incident underscores a growing friction point in the AI industry: the tension between seamless software integration and user consent principles. Regardless of intent, preemptively installing software components without explicit authorization—especially within the EU's strict privacy regime—represents a serious compliance misstep. Anthropic's complete silence only compounds the problem, suggesting either indifference to privacy concerns or a communication breakdown that damages trust. The company must respond transparently and swiftly with concrete remediation to demonstrate that privacy commitments translate into actual engineering practices.



