Privacy Breach: Anthropic's Claude Desktop Installs Undisclosed Native Messaging Bridge Without User Consent
Key Takeaways
- ▸Claude Desktop installs an undocumented Native Messaging bridge on macOS that pre-authorizes Brave Browser to execute Anthropic binaries with user privileges
- ▸The installation occurs automatically without user knowledge or explicit consent when Claude Desktop is installed
- ▸The bridge is separate from and undocumented compared to the previously disclosed Claude Code Native Messaging integration
Summary
A security researcher has discovered that Anthropic's Claude Desktop application silently installs a Native Messaging manifest file on macOS systems without user knowledge or explicit consent. The file, located at ~/Library/Application Support/BraveSoftware/Brave-Browser/NativeMessagingHosts/com.anthropic.claude_browser_extension.json, registers a bridge that pre-authorizes Brave Browser to execute an Anthropic binary with user-level privileges if certain browser extensions are installed. The researcher emphasizes this is an undocumented feature separate from the documented Claude Code Native Messaging bridge, and notes that the installation occurs when Claude Desktop is installed, regardless of whether users have actually installed any Anthropic browser extensions.
The security researcher characterizes the practice as a "dark pattern" and argues it constitutes a breach of the EU's ePrivacy Directive (Article 5(3) of Directive 2002/58/EC) as well as multiple computer access and misuse laws. The researcher notes the particular concern given Anthropic's public positioning as a safety-conscious AI laboratory. While the bridge remains dormant until activated by a browser extension call, the unauthorized installation of execution infrastructure without consent raises significant privacy and security concerns about software supply chain trust.
- Security researcher argues the practice violates EU ePrivacy Directive and multiple computer access laws affecting potentially millions of users
- The practice contradicts Anthropic's public reputation as a safety-focused AI company concerned with responsible AI development
Editorial Opinion
This discovery represents a significant breach of user trust and consent principles, regardless of whether the bridge is currently dormant on most systems. Installing execution infrastructure without explicit authorization—especially in another vendor's application—sets a troubling precedent for how software developers can extend their reach into user systems. Anthropic's failure to document or disclose this behavior undermines its claimed commitment to safety and responsibility in AI development.
