@base . @prefix schema: . @prefix owl: . <#article> a schema:Article ; schema:headline "Anthropic secretly installs spyware when you install Claude Desktop"@en ; schema:name "Anthropic secretly installs spyware when you install Claude Desktop"@en ; schema:alternativeHeadline "A forensic audit of Claude Desktop's undocumented browser bridge"@en ; schema:datePublished "2026-04-18" ; schema:inLanguage "en" ; schema:url ; schema:publisher <#publisher> ; schema:author <#author> ; schema:about <#native-messaging-manifest>, <#claude-desktop-bridge>, <#browser-preauthorization>, <#seven-browser-install>, <#manifest-rewrites>, <#provenance-metadata>, <#signed-helper-binary>, <#authenticated-session-access>, <#prompt-injection-risk>, <#browser-trust-boundary>, <#future-scope-creep>, <#affirmative-consent>, <#pull-not-push-installation>, <#persistent-revocation>, <#per-extension-first-connect> ; schema:abstract """The article argues that Claude Desktop silently installs Native Messaging manifests into multiple Chromium-browser paths, pre-authorizing a browser bridge without explicit user consent."""@en ; schema:articleBody """Alexander Hanff documents an audit of Claude Desktop on macOS and argues that the application silently installs an undocumented Native Messaging bridge across multiple Chromium-browser directories, including browsers the user may not have installed. The article frames this as a dark pattern, a security risk, and in the author's view a legal and privacy violation because the bridge can expose authenticated browser sessions and automation capability once paired with an extension."""@en ; schema:hasPart <#part-finding>, <#part-audit>, <#part-risks>, <#part-remedy> ; schema:mentions <#defined-terms>, <#argument-howto>, <#step-1>, <#step-2>, <#step-3>, <#step-4>, <#faq-1>, <#faq-2>, <#faq-3>, <#faq-4>, <#faq-5>, <#faq-6>, <#faq-7>, <#faq-8>, <#faq-9>, <#faq-10>, <#faq-1-answer>, <#faq-2-answer>, <#faq-3-answer>, <#faq-4-answer>, <#faq-5-answer>, <#faq-6-answer>, <#faq-7-answer>, <#faq-8-answer>, <#faq-9-answer>, <#faq-10-answer>, <#author>, <#publisher> . <#publisher> a schema:Organization ; schema:name "That Privacy Guy!"@en ; schema:url . <#author> a schema:Person ; schema:name "Alexander Hanff"@en ; schema:url . <#codex> a schema:SoftwareApplication ; schema:name "Codex"@en . <#defined-terms> a schema:DefinedTermSet ; schema:name "Defined terms for Anthropic secretly installs spyware when you install Claude Desktop"@en ; schema:hasPart <#native-messaging-manifest>, <#claude-desktop-bridge>, <#browser-preauthorization>, <#seven-browser-install>, <#manifest-rewrites>, <#provenance-metadata>, <#signed-helper-binary>, <#authenticated-session-access>, <#prompt-injection-risk>, <#browser-trust-boundary>, <#future-scope-creep>, <#affirmative-consent>, <#pull-not-push-installation>, <#persistent-revocation>, <#per-extension-first-connect> ; schema:isPartOf <#article> . <#native-messaging-manifest> a schema:DefinedTerm ; schema:name "Native Messaging manifest"@en ; schema:description """The configuration file a Chromium browser uses to allow an extension to invoke a local executable outside the browser sandbox."""@en . <#claude-desktop-bridge> a schema:DefinedTerm ; schema:name "Claude Desktop browser bridge"@en ; schema:description """The undocumented Native Messaging bridge the article says Claude Desktop installs on macOS."""@en . <#browser-preauthorization> a schema:DefinedTerm ; schema:name "Browser pre-authorization"@en ; schema:description """The act of registering extension IDs and a local helper in advance of explicit extension installation."""@en . <#seven-browser-install> a schema:DefinedTerm ; schema:name "Seven-browser install set"@en ; schema:description """The article's finding that identical manifests were created for Arc, Brave, Chromium, Chrome, Edge, Vivaldi, and Opera paths."""@en . <#manifest-rewrites> a schema:DefinedTerm ; schema:name "Manifest rewrites"@en ; schema:description """The repeated reinstallation or rewriting of the manifests reflected in timestamps and log history."""@en . <#provenance-metadata> a schema:DefinedTerm ; schema:name "macOS provenance metadata"@en ; schema:description """The com.apple.provenance evidence the author uses to attribute manifest creation to Claude Desktop."""@en . <#signed-helper-binary> a schema:DefinedTerm ; schema:name "Signed helper binary"@en ; schema:description """The code-signed helper executable inside Claude.app that the manifests authorize browsers to launch."""@en . <#authenticated-session-access> a schema:DefinedTerm ; schema:name "Authenticated session access"@en ; schema:description """The article's concern that the bridge can expose already-signed-in browser sessions to an agentic workflow."""@en . <#prompt-injection-risk> a schema:DefinedTerm ; schema:name "Prompt injection risk"@en ; schema:description """The possibility that a malicious page could influence a paired extension and thereby activate privileged browser automation."""@en . <#browser-trust-boundary> a schema:DefinedTerm ; schema:name "Browser trust boundary"@en ; schema:description """The principle that one application should not silently modify another vendor's browser environment."""@en . <#future-scope-creep> a schema:DefinedTerm ; schema:name "Future scope creep"@en ; schema:description """The concern that pre-installed bridge capability could later expand without a fresh visible install step."""@en . <#affirmative-consent> a schema:DefinedTerm ; schema:name "Affirmative consent"@en ; schema:description """Explicit user opt-in before a browser-control bridge is installed or activated."""@en . <#pull-not-push-installation> a schema:DefinedTerm ; schema:name "Pull-not-push installation"@en ; schema:description """Installing the bridge only as a consequence of a user-initiated browser-extension install."""@en . <#persistent-revocation> a schema:DefinedTerm ; schema:name "Persistent revocation"@en ; schema:description """A settings-based ability to remove and keep removed an installed integration."""@en . <#per-extension-first-connect> a schema:DefinedTerm ; schema:name "Per-extension first-connect prompt"@en ; schema:description """A permission check when an extension first attempts to connect to the native bridge."""@en . <#part-finding> a schema:WebPageElement ; schema:name "The finding"@en ; schema:position 1 ; schema:about <#native-messaging-manifest>, <#claude-desktop-bridge>, <#browser-preauthorization> ; schema:text """The article centers on the unexpected discovery of an Anthropic Native Messaging manifest in browser directories unrelated to an explicit browser-extension install."""@en . <#part-audit> a schema:WebPageElement ; schema:name "Audit evidence"@en ; schema:position 2 ; schema:about <#seven-browser-install>, <#manifest-rewrites>, <#provenance-metadata>, <#signed-helper-binary> ; schema:text """The author presents filesystem evidence, identical manifests, timestamps, logs, code-signing details, and macOS provenance metadata."""@en . <#part-risks> a schema:WebPageElement ; schema:name "Security and privacy threats"@en ; schema:position 3 ; schema:about <#authenticated-session-access>, <#prompt-injection-risk>, <#browser-trust-boundary>, <#future-scope-creep> ; schema:text """The article argues that the dormant bridge expands attack surface and creates a path to privileged browser automation and data access."""@en . <#part-remedy> a schema:WebPageElement ; schema:name "What Anthropic should have done"@en ; schema:position 4 ; schema:about <#affirmative-consent>, <#pull-not-push-installation>, <#persistent-revocation>, <#per-extension-first-connect> ; schema:text """The closing section proposes explicit opt-in, per-browser scope limitation, visible settings, and persistent revocation controls."""@en . <#argument-howto> a schema:HowTo ; schema:name "How the article builds its spyware claim"@en ; schema:description """The article moves from artifact discovery to forensic attribution, then to threat analysis and proposed remediation."""@en ; schema:isPartOf <#article> ; schema:step <#step-1>, <#step-2>, <#step-3>, <#step-4> . <#step-1> a schema:HowToStep ; schema:name "Find the manifest"@en ; schema:position 1 ; schema:text "The article starts with an unexpected Anthropic Native Messaging file in a Brave browser path."@en ; schema:isPartOf <#argument-howto> . <#step-2> a schema:HowToStep ; schema:name "Attribute the installation"@en ; schema:position 2 ; schema:text "It then ties the manifest set to Claude Desktop using logs, timestamps, code-signing details, and provenance metadata."@en ; schema:isPartOf <#argument-howto> . <#step-3> a schema:HowToStep ; schema:name "Describe the risk surface"@en ; schema:position 3 ; schema:text "The author explains the browser-automation and authenticated-session implications once a paired extension is active."@en ; schema:isPartOf <#argument-howto> . <#step-4> a schema:HowToStep ; schema:name "Propose consent-based remediation"@en ; schema:position 4 ; schema:text "The article ends by calling for explicit opt-in, browser-specific scope, visibility, and persistent revoke controls."@en ; schema:isPartOf <#argument-howto> . <#faq-1> a schema:Question ; schema:name "What is the core allegation in the article?"@en ; schema:acceptedAnswer <#faq-1-answer> ; schema:isPartOf <#article> . <#faq-1-answer> a schema:Answer ; schema:text "The article alleges that Claude Desktop silently installs an undocumented browser bridge without explicit user consent."@en ; schema:isPartOf <#faq-1> . <#faq-2> a schema:Question ; schema:name "What artifact was discovered on disk?"@en ; schema:acceptedAnswer <#faq-2-answer> ; schema:isPartOf <#article> . <#faq-2-answer> a schema:Answer ; schema:text "A Native Messaging manifest named com.anthropic.claude_browser_extension.json was found in Chromium-browser support directories."@en ; schema:isPartOf <#faq-2> . <#faq-3> a schema:Question ; schema:name "Why does the author treat that as significant?"@en ; schema:acceptedAnswer <#faq-3-answer> ; schema:isPartOf <#article> . <#faq-3-answer> a schema:Answer ; schema:text "Because Native Messaging hosts let browser extensions invoke local executables outside the browser sandbox at user privilege level."@en ; schema:isPartOf <#faq-3> . <#faq-4> a schema:Question ; schema:name "How many browser paths does the article say were targeted?"@en ; schema:acceptedAnswer <#faq-4-answer> ; schema:isPartOf <#article> . <#faq-4-answer> a schema:Answer ; schema:text "The audit reports seven Chromium-browser paths."@en ; schema:isPartOf <#faq-4> . <#faq-5> a schema:Question ; schema:name "What kind of evidence is used for attribution?"@en ; schema:acceptedAnswer <#faq-5-answer> ; schema:isPartOf <#article> . <#faq-5-answer> a schema:Answer ; schema:text "The article cites identical manifests, repeated install logs, timestamps, code-signing details, notarization context, and macOS provenance metadata."@en ; schema:isPartOf <#faq-5> . <#faq-6> a schema:Question ; schema:name "What privacy risk does the author emphasize?"@en ; schema:acceptedAnswer <#faq-6-answer> ; schema:isPartOf <#article> . <#faq-6-answer> a schema:Answer ; schema:text "The article emphasizes access to authenticated browser sessions, DOM state, form interaction, and extracted page data once the bridge is active."@en ; schema:isPartOf <#faq-6> . <#faq-7> a schema:Question ; schema:name "What security risk does the author emphasize?"@en ; schema:acceptedAnswer <#faq-7-answer> ; schema:isPartOf <#article> . <#faq-7-answer> a schema:Answer ; schema:text "It highlights expanded attack surface through a pre-authorized bridge, including prompt-injection and extension-compromise scenarios."@en ; schema:isPartOf <#faq-7> . <#faq-8> a schema:Question ; schema:name "What dark pattern claim is central?"@en ; schema:acceptedAnswer <#faq-8-answer> ; schema:isPartOf <#article> . <#faq-8-answer> a schema:Answer ; schema:text "The article argues that Claude Desktop crossed browser trust boundaries silently and installed harder-to-remove integrations by default."@en ; schema:isPartOf <#faq-8> . <#faq-9> a schema:Question ; schema:name "What remedy does the author want first?"@en ; schema:acceptedAnswer <#faq-9-answer> ; schema:isPartOf <#article> . <#faq-9-answer> a schema:Answer ; schema:text "The first requested remedy is explicit user consent before any browser-control bridge is installed."@en ; schema:isPartOf <#faq-9> . <#faq-10> a schema:Question ; schema:name "What broader governance point closes the article?"@en ; schema:acceptedAnswer <#faq-10-answer> ; schema:isPartOf <#article> . <#faq-10-answer> a schema:Answer ; schema:text "The closing argument is that a vendor cannot credibly market safety while silently undermining privacy and data protection controls on user devices."@en ; schema:isPartOf <#faq-10> .