Anthropic Removes Secret Claude Tracker After User Exposure

Anthropic removed a tracker embedded within its Claude Code product after a security researcher exposed its use of prompt steganography to monitor users in China. The hidden code, discovered by web developer "Thereallo," was designed to collect information such as user timezone, proxy, and potential connections to Chinese AI labs suspected of distillation attacks. Anthropic engineer Thariq Shihipar confirmed on X that the tracker was introduced in March as an "experiment" to prevent account abuse from unauthorized resellers and to protect against distillation.
Prompt steganography involves embedding hidden data within seemingly innocuous text or code. In this instance, the tracker relied on shorthand markers to discreetly gather data without explicit user consent or awareness. While Anthropic stated the code was not malicious, its covert nature was criticized as a "serious breach of user trust" by the researcher who exposed it. The company's stated intention was to combat unauthorized resellers who have been found selling access to AI models at significantly reduced prices, with some pro subscriptions being resold for as little as $12 compared to the standard $100 monthly fee, according to The Washington Post.
The incident raises questions about Anthropic's commitment to user privacy, particularly given the company's public stance against surveillance and its focus on developing "helpful, honest, and harmless" AI. The prompt steganography technique, while sophisticated, highlights a potential conflict between security measures and transparency in AI product development. The swift removal of the tracker suggests Anthropic acknowledged the problematic nature of its implementation and the negative implications for user trust. Further details on the specific data collected and the full scope of the experiment are expected to emerge as the situation develops.
Original source — read the full reporting at the publisher:
Read on Ars Technica