You guys use AI? That’s bad for you.
This blog is on the malwarebytes website. Mslwarebytes says in thr post thst its not fair to call this spyware. This was brought up kn the windows side as well.
What is really going on: claude desktop is installing the hooks for the claude browser extension. If you install the browser extension, claude desktop can control the browser. This is the intended behavior so you can have an agent do something like “in the morning, access these three sites, pull down the data and create a newsletter for me” or “please check flight costs throughout the day on these sites” or whatever you want to access the browser for.
This is the whole reason you install claude desktop, to automate your computer.
This is a little disengenuous…the browser extension ≠ the desktop app. Some people install the app and only use the chat feature. Some use cowork but would never want to use the browser extension. Assuming that installing a desktop app means you should also want the browser extension is just bad logic.
You cant access the browser unless you insta the extension. The desktop app just places jooks for the extension if it is ever installed. It wont work with out the extension
It also uses your credentials to do so and doesn’t ask any permissions for any of it including whatever else it wants to do outside the browser sandbox where it lives. Anthropic can easily remedy the situation but they didn’t set it up that way. And the question is why.
Not calling it spyware is like not calling McDonald’s “food”. While technically true, it’s just how it works.
I don’t think it’s actually doing anything nefarious yet. fwiw.
I would not assume a chatbot app would auto create hooks into a browser like this. That’s not a reasonable assumption to make.
The article says that is the intended use, I agree this is just bad implementation, but it’s bad because it not only allows control one way, from the app to the browser, it also allows it the other way: browser extensions with an ID that matches one of the allowed ones can access userspace, without asking. That is a huge attack surface that is installed without any consent.
I agree that this doesn’t rise to the level of “spyware,” but it is extra sneaky/slimy, and it absolutely, IMO, makes your system less secure for no good reason. They could just have a prompt in the UI the first time you attempt to use a feature that requires the native messaging host, which says something like “we need to install extra software to communicate with Chrome, OK?” This is the ethical thing to do.
It’s especially sketchy that they’re preemptively installing it in the right directories for multiple Chromium-based browsers, even ones that aren’t installed on your system.
Its not sketchy just lazy. One observation i have made eith anthropic is that they are great at amking a model but louzy at app development. There apps tend to have that “scientist learned python to help them at work” vibe. Which is always a security nightmare.
I disagree, it’s definitely sketchy. Going out of your way to install the messaging host for a half dozen different Chromium forks is going out of your way do something behind the user’s back; it’s the opposite of lazy.
i think a lot of their stuff is ai coded.
I imagine it’s more of a vibe-coded “make sure the end users have all the files they’ll need to be ready to go” prompt, and it’s Claude that “decided” to just have all the files from the get-go
I think that’s too generous. As if they didn’t think about this.
Side question, are the typos intentional?
Mobile keyboard without spellcheck, I make thr exact same typos as thst poster with my thick fingers.
Or it’s an iPhone, they sometimes don’t input pressed letters or input the wrong one.
American softwar company spying on its users…more news at 8
Ah gee you’re right. Let’s shut down all the privacy blogs and communities. No reason to talk about privacy violations at all anymore.
For its part, Apple has denied the claims, saying in a statement to The Wall Street Journal, “We have never heard of PRISM. We do not provide any government agency with direct access to our servers.”
ok
MacOS already is one big spyware, why would anyone care of another one 😁
Honest question; in what way is it spyware and do you have references?
From everything I’ve ever seen, macOS is more transparent and controllable than Windows or Android.
I’d still recommend Linux but if I were forced to use a mainstream commercial OS (e.g. for work), I’d pick macOS over anything else except FOSS.
Every US company is spyware after the US Cloud Act got into law in 2018.
I’m a macos user, and the only thing I’m really aware of is mediaanalysisd. It runs constantly and can’t be turned off, and occasionally it uses 50-100MB of ram but usually it passively uses 500MB-1GB of memory constantly, for seemingly no benefit. There’s no official documentation about what it does, but speculation that I’ve seen is that it’s for analysing your photos so that you can search by faces or by computer vision results, e.g. “car” or “mountain” etc, which would be reasonable. The problem with that theory is that I don’t take photos and I have almost none in my Photos app. So the other explanation is that apple announced a few years ago that they were going to scan people’s devices for known CSAM hashes and report any matches to authorities. So I really REALLY hate the idea that they’re using a 16th of my system memory to constantly scan my files in case they find any csam. That can fuck right off. But there’s no way at all to disable it. I occasionally Force Quit the process in Activity Monitor, but it just comes back within a few minutes.
But I completely acknowledge that that’s just speculation (although the csam detection thing was certainly announced by apple, they kinda shut up about it after the backlash and seem to have retracted it, certainly on iOS but maybe on macos too). So what is mediaanalysisd actually doing if not that? Nobody seems to really know. Certianly it isn’t using 1GB of ram to do anything that benefits me. e.g. right now it’s using 500MB for a mystery process: https://ibb.co/qfZD1TL
I’m not at all agreeing with the other user that “macos is spyware”, which is a bit ridiculous. But that particular daemon is a bugbear of mine, so I just took the opportunity to have my little rant lol 😂
Another example is that macOS periodically sends records of which apps you’re opening to Apple, due to OCSP cert revocation checks: https://www.howtogeek.com/701176/does-apple-track-every-mac-app-you-run-ocsp-explained/
I realize this is ostensibly to enable a security feature, but if your threat model includes American software companies & oligarchs tracking what you do on your computer, it’s still something to be aware of.
but if your threat model includes American software companies & oligarchs
Mine surely does. Especially US-american.
So the other explanation is that apple announced a few years ago that they were going to scan people’s devices for known CSAM hashes and report any matches to authorities.
This was only for icloud photos, and the reason they were considering that was to keep your photos encrypted in the cloud. this way the photos are analyzed locally on your device and kept private, unless they are found to be problematic obviously.
It surely just isn’t this one deamon. Despite “mediaanalysisd” sounds highly threatening to me. Especially if you aren’t allowed to disable it. How i would hate that on MY computer. Surely better than windows, where 5198231 services do that of which you can only disable 99%.
If you use ANY service in the apple cloud though, your data is, by definition, unsafe. If you don’t, you’re probably not the run-of-the-mill-apple-user that knows which service does what.
mediaanalysisd isn’t mysterious. It’s a ML process that evaluates your photos and videos and generates description metadata to make them text-searchable. It’s what allows you to search your photos for “flowers” and see all the photos with flowers in them.
Yeah, that’s what I said in my post. But my latest photo in the Photos app is from the 17th of January, so what has that process been doing taking 100’s of MBs of memory for the last three months? I have other random images/screenshots/etc on my disk but as far as I know those aren’t ML indexed.
Sorry! I entirely missed that!
But yes, it’s an inefficient and buggy process. I think it’s also what makes text selectable in images, which is why it is always running. Since we’re living through a RAM apocalypse you would think that Apple would find ways of making always-on processes more efficient.
All proprietary software is spyware/malware/etc. If you can’t know if it is safe or not, then you have to assume the worst. Especially if it is your operating system.
You shouldn’t defend it.
True that. But it was to be expected that my statement pissed of many mac-lovers :-)
I’m not a Mac lover, it’s just the term; Spyware is data gathering in secret without the user’s knowledge. Apple seems to have it all documented and controllable vs say Windows where you can’t turn off telemetry gathering, just set it to “Basic/required”.
More a semantics thing. I assumed you meant there was something you can’t turn off in Apple shit and it’s done secretly (another commenter has highlighted a daemon that’s doing exactly that!).
I wasn’t part of the downvote brigade either. I don’t get why people downvote stuff that’s more a point of discussion. You didn’t say anything shocking nor blatantly incorrect.
On purely semantics, yeah sure. it’s no spyware by definition. But neither is windows or android.
BUT everything closed-source, especially the OSs, send data back home. Basically they all do it openly, if you would bother to read the TOS. So unless you tinker, data gets send home. And be it only for updates, or “malware detection” or whatever else. And you have no idea WHAT exactly those data contain. Or where exactly it goes, or what is done with it henceforth.
So yes, someone could choke on the word “spyware”, as this is done secretly and in the shadow. Usually. And maybe I came across provocative, but…well. Why not, it’s a topic so often just ignored. I don’t care for the votes, I just would wish people would say WHY they seemingly disagree instead of just leaving a worthless vote. As you said, more a point of discussion.
Totally - it got us discussing! And if we didn’t, that daemon wouldn’t have been flagged.
Cheers for the thought provocation.
Got that fart sparkled? :-)
I wouldn’t say it’s more private or transparent than android or winblows. But even if there’d be zero evidence, which walled garden is private? And especially transparent? Which Apple-service could you use totally 100% anonymous?
Sure, you CAN restrict mac better and kinda minimize data-harvesting. As long as you also not use all their oh-so-comfortable-services…But who does? The same that use a highly modified winblows that firewall the rest of harvesting off. What about Siri, spotlight, safari, analytics, malware updates, crash reports, and especially: icloud. Or the newer AI-crap?
And honestly, I’ve never heard a mac-user be concerned for privacy. They prefer simplicity and “it just works!”.
Users often ask / let me turn those off for them. Except spotlight local-to-disc, plus system updates, but if the user is savvy at all I ask if they would like notifications instead of auto install.
The iCloud stuff that is hard to let go is usually the calendar/contacts/reminders, and substitutes are poor usability. I’m often surprised at how easily they give up photo syncing for ‘I’ll just use a cable.’
fb messenger, though, once people are locked into that, it’s hard to escape, especially for boomers.
I understand the thought process, It’s the same one that leads people to say things like why do you care if people spy you already carry around a wiretap everywhere.
I just disagree with it, I understand things are bad and that software spying on us is ubiquitous but that’s why we need to fight back wherever we can
I partially agree. Though there is less and less we could do with each coming year :(
To me personally though, you either do care for privacy or you don’t. Why even bother doing it a lil? Boycotting WhatsApp but installing some Alexas at home? Would feel like defeat to me. Giving up.
You’re confusing MacOS with Windows…
Certainly am not. I predate both actually.
You’re confusing corporate hegemonies in bed with an ultra-corrupt federal government for software that would respect someone’s privacy.
deleted by creator
If I would be in there for upvotes, I would’ve said how great MacOS is, and how much i love the apple :-) But thanks, have one back to outweigh the maclovers.
