This blog is on the malwarebytes website. Mslwarebytes says in thr post thst its not fair to call this spyware. This was brought up kn the windows side as well.
What is really going on: claude desktop is installing the hooks for the claude browser extension. If you install the browser extension, claude desktop can control the browser. This is the intended behavior so you can have an agent do something like “in the morning, access these three sites, pull down the data and create a newsletter for me” or “please check flight costs throughout the day on these sites” or whatever you want to access the browser for.
This is the whole reason you install claude desktop, to automate your computer.
This is a little disengenuous…the browser extension ≠ the desktop app. Some people install the app and only use the chat feature. Some use cowork but would never want to use the browser extension. Assuming that installing a desktop app means you should also want the browser extension is just bad logic.
You cant access the browser unless you insta the extension. The desktop app just places jooks for the extension if it is ever installed. It wont work with out the extension
It also uses your credentials to do so and doesn’t ask any permissions for any of it including whatever else it wants to do outside the browser sandbox where it lives. Anthropic can easily remedy the situation but they didn’t set it up that way. And the question is why.
Not calling it spyware is like not calling McDonald’s “food”. While technically true, it’s just how it works.
I don’t think it’s actually doing anything nefarious yet. fwiw.
The article says that is the intended use, I agree this is just bad implementation, but it’s bad because it not only allows control one way, from the app to the browser, it also allows it the other way: browser extensions with an ID that matches one of the allowed ones can access userspace, without asking. That is a huge attack surface that is installed without any consent.
I agree that this doesn’t rise to the level of “spyware,” but it is extra sneaky/slimy, and it absolutely, IMO, makes your system less secure for no good reason. They could just have a prompt in the UI the first time you attempt to use a feature that requires the native messaging host, which says something like “we need to install extra software to communicate with Chrome, OK?” This is the ethical thing to do.
It’s especially sketchy that they’re preemptively installing it in the right directories for multiple Chromium-based browsers, even ones that aren’t installed on your system.
Its not sketchy just lazy. One observation i have made eith anthropic is that they are great at amking a model but louzy at app development. There apps tend to have that “scientist learned python to help them at work” vibe. Which is always a security nightmare.
I disagree, it’s definitely sketchy. Going out of your way to install the messaging host for a half dozen different Chromium forks is going out of your way do something behind the user’s back; it’s the opposite of lazy.
I imagine it’s more of a vibe-coded “make sure the end users have all the files they’ll need to be ready to go” prompt, and it’s Claude that “decided” to just have all the files from the get-go
This blog is on the malwarebytes website. Mslwarebytes says in thr post thst its not fair to call this spyware. This was brought up kn the windows side as well.
What is really going on: claude desktop is installing the hooks for the claude browser extension. If you install the browser extension, claude desktop can control the browser. This is the intended behavior so you can have an agent do something like “in the morning, access these three sites, pull down the data and create a newsletter for me” or “please check flight costs throughout the day on these sites” or whatever you want to access the browser for.
This is the whole reason you install claude desktop, to automate your computer.
This is a little disengenuous…the browser extension ≠ the desktop app. Some people install the app and only use the chat feature. Some use cowork but would never want to use the browser extension. Assuming that installing a desktop app means you should also want the browser extension is just bad logic.
You cant access the browser unless you insta the extension. The desktop app just places jooks for the extension if it is ever installed. It wont work with out the extension
It also uses your credentials to do so and doesn’t ask any permissions for any of it including whatever else it wants to do outside the browser sandbox where it lives. Anthropic can easily remedy the situation but they didn’t set it up that way. And the question is why.
Not calling it spyware is like not calling McDonald’s “food”. While technically true, it’s just how it works.
I don’t think it’s actually doing anything nefarious yet. fwiw.
I would not assume a chatbot app would auto create hooks into a browser like this. That’s not a reasonable assumption to make.
The article says that is the intended use, I agree this is just bad implementation, but it’s bad because it not only allows control one way, from the app to the browser, it also allows it the other way: browser extensions with an ID that matches one of the allowed ones can access userspace, without asking. That is a huge attack surface that is installed without any consent.
I agree that this doesn’t rise to the level of “spyware,” but it is extra sneaky/slimy, and it absolutely, IMO, makes your system less secure for no good reason. They could just have a prompt in the UI the first time you attempt to use a feature that requires the native messaging host, which says something like “we need to install extra software to communicate with Chrome, OK?” This is the ethical thing to do.
It’s especially sketchy that they’re preemptively installing it in the right directories for multiple Chromium-based browsers, even ones that aren’t installed on your system.
Its not sketchy just lazy. One observation i have made eith anthropic is that they are great at amking a model but louzy at app development. There apps tend to have that “scientist learned python to help them at work” vibe. Which is always a security nightmare.
I disagree, it’s definitely sketchy. Going out of your way to install the messaging host for a half dozen different Chromium forks is going out of your way do something behind the user’s back; it’s the opposite of lazy.
I imagine it’s more of a vibe-coded “make sure the end users have all the files they’ll need to be ready to go” prompt, and it’s Claude that “decided” to just have all the files from the get-go
Ah yes let’s wildly speculate about how they may or may not be writing software.
I think that’s too generous. As if they didn’t think about this.
i think a lot of their stuff is ai coded.
That’s not really relevant to the point I’m making.
Side question, are the typos intentional?
Mobile keyboard without spellcheck, I make thr exact same typos as thst poster with my thick fingers.
Or it’s an iPhone, they sometimes don’t input pressed letters or input the wrong one.