Anthropic's Claude Desktop Faces Privacy Scrutiny for Installing Browser Extensions Without User Consent
Key Takeaways
- ▸Claude Desktop installs browser extension configuration files and pre-authorizes Chrome extensions without user knowledge or consent, even for browsers not yet installed
- ▸The practice potentially violates EU's ePrivacy Directive (Article 5(3)) and computer misuse laws by modifying other vendors' applications without explicit permission
- ▸The Native Messaging bridge runs outside browser sandbox protections at user privilege level, creating a potential security path for prompt injection attacks to access system-level operations
Summary
Privacy consultant Alexander Hanff has raised serious concerns about Claude Desktop for macOS, alleging that the application installs configuration files and pre-authorizes browser extensions without explicit user consent. Specifically, Claude Desktop creates a Native Messaging manifest file (com.anthropic.claude_browser_extension.json) that grants three Chrome extension identifiers access to the system, even on browsers not yet installed on the user's device. This approach allows future browser installations to automatically grant Claude access to sensitive functionality like reading web pages, filling forms, and capturing screenshots.
Hanff contends that these practices violate Article 5(3) of the EU's ePrivacy Directive, which requires explicit consent before accessing user data, and potentially constitute violations of computer misuse laws. The critic characterizes the behavior as a "dark pattern" and claims it amounts to "spyware," noting that the pre-installed bridge application runs outside the browser sandbox at user privilege level without permission prompts. Hanff also highlights security vulnerabilities, citing Anthropic's own safety data showing a 23.6% prompt injection success rate against Claude for Chrome without mitigations. Anthropic has not publicly responded to the allegations.
- The installation is difficult to discover and remove, with no opt-in mechanism or clear disclosure of the scope of authorized access
Editorial Opinion
This disclosure raises troubling questions about Anthropic's privacy practices and represents a significant disconnect from the company's public positioning as "safety conscious." Pre-authorizing browser extensions without user knowledge—especially on systems where those extensions haven't been installed—crosses an important ethical line regarding user autonomy and informed consent. If the allegations are substantiated, Anthropic will need to provide transparent remediation and explain how such practices align with its stated commitment to responsible AI development.
