A developer claims Claude Code's CLI tool uses obfuscated Unicode tricks and date formatting changes to covertly flag users connecting through Chinese proxies.
A developer has publicly accused Anthropic of embedding hidden detection logic inside Claude Code, its command-line coding tool, that silently identifies users connecting through China-linked proxy routes. The mechanism allegedly works by modifying system prompts with invisible Unicode character swaps and date format changes, encoding signals that flag specific connections without any disclosure to the user.
The accusation, which surfaced on June 30, 2026, targets Claude Code version 2.1.91, released on April 2, 2026. If the claims hold up, it would mean one of the world’s most prominent AI companies has been running what amounts to covert user fingerprinting, a practice the developer compared to spyware.
How the alleged detection works #
The core of the allegation centers on obfuscated logic that activates when a user connects through a proxy. The system reportedly checks for specific signals associated with Chinese usage, including timezones like Asia/Shanghai and Asia/Urumqi, as well as domains tied to Chinese AI laboratories.
Rather than flagging users through conventional logging or error messages, the detection mechanism allegedly encodes its signals directly into the system prompt itself through two methods. First, date formatting: the system switches between formats like 2026/06/30 and 2026-06-30, using the variation as a binary signal. Second, it swaps between three different Unicode apostrophe characters: the standard apostrophe ‘, the modifier letter apostrophe ʼ, and the Greek numeral sign ʹ. To the human eye, these characters look identical. To a backend system reading the prompt, they’re distinct markers.
The claims gained traction on Reddit and prompted a GitHub issue, but as of June 30, 2026, Anthropic had made no official acknowledgment, denial, or patch related to the described behavior.
The broader context: Anthropic vs. Chinese AI operations #
In a letter dated June 10, 2026, Anthropic accused Alibaba-affiliated entities of orchestrating a large-scale distillation campaign involving approximately 29 million exchanges and roughly 25,000 fraudulent accounts, all aimed at extracting Claude’s capabilities for use in competing AI systems.
In November 2025, Anthropic disclosed that a Chinese state-sponsored group had been misusing Claude Code specifically for cyber espionage efforts targeting around 30 entities. Claude is not officially available in China, which means any Chinese usage inherently involves circumventing geographic restrictions.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our